A Constraint-Solving Approach for Achieving Minimal-Reset Transition Coverage of Smartcard Behaviour

Smartcards are security critical devices requiring a high assurance verification approach. Although formal techniques can be used at design or even at development stages, such systems have to undergo a traditional hardware-in-the-loop testing phase. This phase is subject to two key requirements: achieving exhaustive transition coverage of the behavior of the system under test, and minimizing the testing time. In this context, testing time is highly bound to a specific hardware reset operation. Model-based testing is the adequate approach given the availability of a precise model of the system behavior and its ability to produce high quality coverage while optimizing some cost criterion. %l'argument n'est pas convainquant.This paper presents an original algorithm addressing this problem by reformulating it as an integer programming problem to make a graph Eulerian. The associated cost criterion captures both the number of resets and the total length of the test suite, as an auxiliary objective. The algorithm ensures transition coverage. An implementation of the algorithm was developed, benchmarked, and integrated into an industrial smartcard testing framework. A validation case study from this domain is also presented. The approach can of course be applied to any other domains with similar reset-related testing constraints

Foundations of Security Analysis and Design III, FOSAD 2004/2005- Tutorial Lectures

he increasing relevance of security to real-life applications, such as electronic commerce and Internet banking, is attested by the fast-growing number of research groups, events, conferences, and summer schools that address the study of foundations for the analysis and the design of security aspects. This book presents thoroughly revised versions of eight tutorial lectures given by leading researchers during two International Schools on Foundations of Security Analysis and Design, FOSAD 2004/2005, held in Bertinoro, Italy, in September 2004 and September 2005. The lectures are devoted to: Justifying a Dolev-Yao Model under Active Attacks, Model-based Security Engineering with UML, Physical Security and Side-Channel Attacks, Static Analysis of Authentication, Formal Methods for Smartcard Security, Privacy-Preserving Database Systems, Intrusion Detection, Security and Trust Requirements Engineering

Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021

The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing

Revised reference model

This document contains an update of the HIDENETS Reference Model, whose preliminary version was introduced in D1.1. The Reference Model contains the overall approach to development and assessment of end-to-end resilience solutions. As such, it presents a framework, which due to its abstraction level is not only restricted to the HIDENETS car-to-car and car-to-infrastructure applications and use-cases. Starting from a condensed summary of the used dependability terminology, the network architecture containing the ad hoc and infrastructure domain and the definition of the main networking elements together with the software architecture of the mobile nodes is presented. The concept of architectural hybridization and its inclusion in HIDENETS-like dependability solutions is described subsequently. A set of communication and middleware level services following the architecture hybridization concept and motivated by the dependability and resilience challenges raised by HIDENETS-like scenarios is then described. Besides architecture solutions, the reference model addresses the assessment of dependability solutions in HIDENETS-like scenarios using quantitative evaluations, realized by a combination of top-down and bottom-up modelling, as well as verification via test scenarios. In order to allow for fault prevention in the software development phase of HIDENETS-like applications, generic UML-based modelling approaches with focus on dependability related aspects are described. The HIDENETS reference model provides the framework in which the detailed solution in the HIDENETS project are being developed, while at the same time facilitating the same task for non-vehicular scenarios and application

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

SpiNNaker - A Spiking Neural Network Architecture

20 years in conception and 15 in construction, the SpiNNaker project has delivered the world’s largest neuromorphic computing platform incorporating over a million ARM mobile phone processors and capable of modelling spiking neural networks of the scale of a mouse brain in biological real time. This machine, hosted at the University of Manchester in the UK, is freely available under the auspices of the EU Flagship Human Brain Project. This book tells the story of the origins of the machine, its development and its deployment, and the immense software development effort that has gone into making it openly available and accessible to researchers and students the world over. It also presents exemplar applications from ‘Talk’, a SpiNNaker-controlled robotic exhibit at the Manchester Art Gallery as part of ‘The Imitation Game’, a set of works commissioned in 2016 in honour of Alan Turing, through to a way to solve hard computing problems using stochastic neural networks. The book concludes with a look to the future, and the SpiNNaker-2 machine which is yet to come

SpiNNaker - A Spiking Neural Network Architecture

20 years in conception and 15 in construction, the SpiNNaker project has delivered the world’s largest neuromorphic computing platform incorporating over a million ARM mobile phone processors and capable of modelling spiking neural networks of the scale of a mouse brain in biological real time. This machine, hosted at the University of Manchester in the UK, is freely available under the auspices of the EU Flagship Human Brain Project. This book tells the story of the origins of the machine, its development and its deployment, and the immense software development effort that has gone into making it openly available and accessible to researchers and students the world over. It also presents exemplar applications from ‘Talk’, a SpiNNaker-controlled robotic exhibit at the Manchester Art Gallery as part of ‘The Imitation Game’, a set of works commissioned in 2016 in honour of Alan Turing, through to a way to solve hard computing problems using stochastic neural networks. The book concludes with a look to the future, and the SpiNNaker-2 machine which is yet to come

An exploration of the characteristics of excess travel within commuting

PhD ThesisTravel behaviour research aims to inform and provide evidence for sound transport policy. Excess travel, where individuals demonstrate excessive use of for example time or distance, challenges assumptions underpinning fundamental beliefs of travel behaviour research where travel should be minimised in order to get to the destination. This thesis explores the phenomenon of excess travel and the characteristics of people exhibiting excess travel within a commuting context, using Tyne and Wear as a case study. Building on existing definitions of excess commuting, which include time and distance, this study gradually adds additional parameters of cost, effort, and many other parameters (e.g. value of time, weights for walking and waiting) in the generalised cost formula, and the final sample is analysed to identify similarities and differences between excess commuters (EC) and not excess commuters (NEC). The methodology uses a GIS technique for sampling and a questionnaire approach for data collection. The final sample includes origin-based (home) commuters who completed a questionnaire delivered to their home addresses, and destination-based (work) commuters who completed an online version of the same questionnaire. Analytical methods are used to identify EC and NEC based on self-reported (‘pure’) values of the four key parameters of time, cost, distance and effort while commuting and using a generalised cost approach. For the parameters of time and cost as well as for the generalised cost results seven saving options are considered, where 5% savings is the lowest option and 50% or more savings is the highest option. An analysis of various attributes and their differences in medians together with a series of socio-economic characteristics are used to distinguish between EC and NEC within the four groups in total (time, cost, effort, generalised cost). The results show that within the collected sample EC make up between 32% (in the cost group) and 78% (in the effort group) of the total sample (depending on the parameter/group considered), and that there are some statistically significant differences at the 95% level between EC and NEC within the groups. The fact that the number of EC varies between the groups is to be expected, as the literature review suggested that taking different parameters into account produces different results. Generally, EC seem to behave in a similar manner to the rest of the sample, in terms of most of the factors tested, when making choices about commuting, but for example 41% of the respondents ii drive to work and within this driving group there are more EC than NEC (for example 44% of EC versus 37% of NEC within the time group or 52% of EC versus 36% of NEC within the cost group). More importantly, the median values for the four key parameters of travel to work (actual commute time, ideal one-way commute time, commute cost, commute distance) are higher in majority of the cases for EC than for NEC within the four groups. Attitudes and preferences also play a role, demonstrating that the most frequent trip purpose, the commute, can provide some benefit to travellers. The results also show that in terms of the activities such as listening to music/radio, reading book/newspapers, exercising or concentrating on the road a majority of statistically significant differences between EC and NEC occur within the cost and the effort groups only. The demand for more direct routes and cheaper fares on public transport is emphasised by the majority of the sample. The respondents tend to be well informed about their travel to work alternative transport modes and different transport planning tools available, and the Internet stands out as a primary source of information employed by majority of both EC and NEC. In exploring the characteristics of EC and NEC in more depth, recommendations are identified for public transport providers to improve their services and encourage more commuters to transfer travel time into activity time