An Evolutionary Approach for Learning Attack Specifications in Network Graphs

This paper presents an evolutionary algorithm that learns attack scenarios, called attack specifications, from a network graph. This learning process aims to find attack specifications that minimise cost and maximise the value that an attacker gets from a successful attack. The attack specifications that the algorithm learns are represented using an approach based on Hoare's CSP (Communicating Sequential Processes). This new approach is able to represent several elements found in attacks, for example synchronisation. These attack specifications can be used by network administrators to find vulnerable scenarios, composed from the basic constructs Sequence, Parallel and Choice, that lead to valuable assets in the network

Automating Security Protocol Analysis

When Roger Needham and Michael Schroeder first introduced a seemingly secure protocol 24, it took over 18 years to discover that even with the most secure encryption, the conversations using this protocol were still subject to penetration. To date, there is still no one protocol that is accepted for universal use. Because of this, analysis of the protocol outside the encryption is becoming more important. Recent work by Joshua Guttman and others 9 have identified several properties that good protocols often exhibit. Termed Authentication Tests, these properties have been very useful in examining protocols. The purpose of this research is to automate these tests and thus help expedite the analysis of both existing and future protocols. The success of this research is shown through rapid analysis of numerous protocols for the existence of authentication tests. The result of this is that an analyst is now able to ascertain in near real-time whether or not a proposed protocol is of a sound design or whether an existing protocol may contain previously unknown weaknesses. The other achievement of this research is the generality of the input process involved. Although there exist other protocol analyzers, their use is limited primarily due to their complexity of use. With the tool generated here, an analyst needs only to enter their protocol into a standard text file; and almost immediately, the analyzer determines the existence of the authentication tests

Secure Web Services für ambiente eingebettete Systeme

Das Internet der Dinge oder Smart Homes haben gemeinsam, dass in ihnen Kleinstgeräte ihren Dienst verrichten, die nicht über die Kapazitäten verfügen, klassische Sicherheitsmechanismen auszuführen. Außerdem müssen sie auch von technischen Laien sicher betrieben werden können. Diese Arbeit schlägt die Sicherheitsinfrastruktur DPWSec vor. DPWSec bildet eine Sicherheitsinfrastruktur, die einer ausführlichen Anforderungsliste genügt. Es wird gezeigt, dass sich die Kernkonzepte von DPWSec auf andere Basistechnologien übertragen lassen, wodurch eine sichere Protokollinteroperabilität möglich wird