A tool for the synthesis of cryptographic orchestrators

Security is one of the main challenges of service oriented computing. Services need to be loosely coupled, easily ac- cessible and yet provide tight security guarantees enforced by cryptographic protocols. In this paper, we address how to automatically synthesize an orchestrator process able to guarantee the secure composition of electronic services, sup- porting different communication and cryptographic proto- cols. We present a theoretical model based on process alge- bra, partial model checking and logical satisfiability, plus an automated tool implementing the proposed theory

Quantitative evaluation of enforcement strategies

In Security, monitors and enforcement mechanisms run in parallel with programs to check, and modify their run-time behaviour, respectively, in order to guarantee the satisfaction of a security policy. For the same pol- icy, several enforcement strategies are possible. We provide a framework for quantitative monitoring and enforcement. Enforcement strategies are analysed according to user-dened parameters. This is done by extending the notion controller processes, that mimics the well-known edit automata, with weights on transitions, valued in a C-semiring. C-semirings permit one to be exible and general in the quantitative criteria. Furthermore, we provide some examples of orders on controllers that are evaluated under incomparable criteria

Project Final Report Use and Dissemination of Foreground

This document is the final report on use and dissemination of foreground, part of the CONNECT final report. The document provides the lists of: publications, dissemination activities, and exploitable foregroun

Monitoring and Enforcement of Safety Hyperproperties

Certain important security policies such as information flow characterize system-wide behaviors and are not properties of individual executions. It is known that such security policies cannot be expressed in trace-based specification languages such as linear-time temporal logic (LTL). However, formalisms such as hyperproperties and the associated logic HyperLTL allow us to specify such policies. In this thesis, we concentrate on the static enforcement and runtime verification of safety hyperproperties expressed in HyperLTL. For static enforcement of safety hyperproperties, we incorporate program repair techniques, where an input program is modified to satisfy certain properties while preserving its existing specifications. Assuming finite state space for the input program, we show that the complexity of program repair for safety hyperproperties is in general NP-hard. However, there are certain cases in which the problem can be solved in polynomial time. We identify such cases and give polynomial-time algorithms for them. In the context of runtime verification, we make two contributions: we (1) analyze the complexity of decision procedures for verifying safety hyperproperties, (2) provide a syntactic fragment in HyperLTL to express certain k-safety hyperproperties, and (3) develop a general runtime verification technique for HyperLTL k-safety formulas, for cases where verification at run time can be done in polynomial time. Our technique is based on runtime formula progression as well as on-the-fly monitor synthesis across multiple executions

Reasoning about and Harmonizing the Interaction Behavior of Networked Systems at Application- and Middleware- Layer

The CONNECT Integrated Project aims at enabling continuous composition of networked systems to respond to the evolution of functionalities provided to and required from the networked environment. CONNECT aims at dropping the interoperability barrier by adopting a revolutionary approach to the seamless networking of digital systems, that is, synthesizing on-the-fly the connectors via which networked systems communicate. The resulting emergent connectors are effectively synthesized according to the behavioral semantics of application- down to middleware-layer protocols run by the interacting parties. The role of work package WP3 is to devise automated and compositional approaches to connector synthesis, which can be performed at run-time. Given the respective interaction behavior of networked systems, we want to synthesize the behavior of the connector(s) needed for them to interact. These connectors serve as mediators of the networked systems' interaction at both application and middleware layers. During the project's first year, the work of WP3 led us to achieve the following preliminary results: the formalization of matching and mapping relationships for application-layer interaction protocols; the definition of the corresponding mediator generation algorithm; the analysis of the interoperability problems, and related solutions, that can occur at middleware-layer; and a model-driven approach to the automated elicitation of application-layer protocols from software implementations. All these achievements have been reported in Deliverable D3.1: "Modeling of application- and middleware-layer interaction protocols". In this deliverable, we go a step forward with respect to some of the previous achievements by delivering a unified process, and related artefacts, for the automated synthesis of mediators at both application and middleware layers, code-generation techniques to generate the actual code that implements a synthesized mediator, and a preliminary integration of QoS management in the synthesis process. During year 2, all the work has been validated through its application to several scenarios, in particular as part of WP1 and WP6. By selecting one of them as common scenario, in this deliverable, we also show the different methods/techniques at work on the scenario. All the steps of the devised synthesis process are described in detail and applied to the selected common scenario