2,040 research outputs found
A model for the analysis of security policies in service function chains
Two emerging architectural paradigms, i.e., Software Defined Networking (SDN)
and Network Function Virtualization (NFV), enable the deployment and management
of Service Function Chains (SFCs). A SFC is an ordered sequence of abstract
Service Functions (SFs), e.g., firewalls, VPN-gateways,traffic monitors, that
packets have to traverse in the route from source to destination. While this
appealing solution offers significant advantages in terms of flexibility, it
also introduces new challenges such as the correct configuration and ordering
of SFs in the chain to satisfy overall security requirements. This paper
presents a formal model conceived to enable the verification of correct policy
enforcements in SFCs. Software tools based on the model can then be designed to
cope with unwanted network behaviors (e.g., security flaws) deriving from
incorrect interactions of SFs in the same SFC
Increasing resilience of ATM networks using traffic monitoring and automated anomaly analysis
Systematic network monitoring can be the cornerstone for
the dependable operation of safety-critical distributed
systems. In this paper, we present our vision for informed
anomaly detection through network monitoring and
resilience measurements to increase the operators'
visibility of ATM communication networks. We raise the
question of how to determine the optimal level of
automation in this safety-critical context, and we present a
novel passive network monitoring system that can reveal
network utilisation trends and traffic patterns in diverse
timescales. Using network measurements, we derive
resilience metrics and visualisations to enhance the
operators' knowledge of the network and traffic behaviour,
and allow for network planning and provisioning based on
informed what-if analysis
Towards Applying Cryptographic Security Models to Real-World Systems
The cryptographic methodology of formal security analysis usually works in three steps:
choosing a security model, describing a system and its intended security properties, and creating a formal proof of security.
For basic cryptographic primitives and simple protocols this is a well understood process and is performed regularly.
For more complex systems, as they are in use in real-world settings it is rarely applied, however.
In practice, this often leads to missing or incomplete descriptions of the security properties and requirements of such systems, which in turn can lead to insecure implementations and consequent security breaches.
One of the main reasons for the lack of application of formal models in practice is that they are particularly difficult to use and to adapt to new use cases.
With this work, we therefore aim to investigate how cryptographic security models can be used to argue about the security of real-world systems.
To this end, we perform case studies of three important types of real-world systems: data outsourcing, computer networks and electronic payment.
First, we give a unified framework to express and analyze the security of data outsourcing schemes.
Within this framework, we define three privacy objectives: \emph{data privacy}, \emph{query privacy}, and \emph{result privacy}.
We show that data privacy and query privacy are independent concepts, while result privacy is consequential to them.
We then extend our framework to allow the modeling of \emph{integrity} for the specific use case of file systems.
To validate our model, we show that existing security notions can be expressed within our framework and we prove the security of CryFS---a cryptographic cloud file system.
Second, we introduce a model, based on the Universal Composability (UC) framework, in which computer networks and their security properties can be described
We extend it to incorporate time, which cannot be expressed in the basic UC framework, and give formal tools to facilitate its application.
For validation, we use this model to argue about the security of architectures of multiple firewalls in the presence of an active adversary.
We show that a parallel composition of firewalls exhibits strictly better security properties than other variants.
Finally, we introduce a formal model for the security of electronic payment protocols within the UC framework.
Using this model, we prove a set of necessary requirements for secure electronic payment.
Based on these findings, we discuss the security of current payment protocols and find that most are insecure.
We then give a simple payment protocol inspired by chipTAN and photoTAN and prove its security within our model.
We conclude that cryptographic security models can indeed be used to describe the security of real-world systems.
They are, however, difficult to apply and always need to be adapted to the specific use case
Keynote address: the networked bank
Technology ; Banks and banking - Customer services ; Automated tellers
Electronic security - risk mitigation in financial transactions : public policy issues
This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators
- âŠ