47 research outputs found

    Attack trees in Isabelle

    Get PDF
    In this paper, we present a proof theory for attack trees. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of attack tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification

    Attack trees in Isabelle

    Get PDF
    In this paper, we present a proof theory for attack trees. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of attack tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification

    Formal modeling and analysis of data protection for GDPR compliance of IoT healthcare systems

    Get PDF
    In this paper, we investigate the implications of the General Data Privacy Regulation (GDPR) on the design of an IoT healthcare system. From 26th May 2018, the GDPR will become mandatory within the European Union and hence also for any supplier of IT products. Breaches of the regulation will be fined with penalties of 20 Million EUR. This is a strong motivation for system designers to enable the proof of compliance to the GDPR. We propose the use of formal modeling and analysis using interactive theorem proving. Based on previous work on modeling infrastructures and security policies for insider attacks, we demonstrate the use of logical modeling and machine assisted verification to support data protection (privacy) by design. We illustrate this process on the case study of IoT based monitoring of Alzheimer’s patients that we work on in the CHIST-ERA project SUCCESS

    Formal modeling and analysis of data protection for GDPR compliance of IoT healthcare systems

    Get PDF
    In this paper, we investigate the implications of the General Data Privacy Regulation (GDPR) on the design of an IoT healthcare system. From 26th May 2018, the GDPR will become mandatory within the European Union and hence also for any supplier of IT products. Breaches of the regulation will be fined with penalties of 20 Million EUR. This is a strong motivation for system designers to enable the proof of compliance to the GDPR. We propose the use of formal modeling and analysis using interactive theorem proving. Based on previous work on modeling infrastructures and security policies for insider attacks, we demonstrate the use of logical modeling and machine assisted verification to support data protection (privacy) by design. We illustrate this process on the case study of IoT based monitoring of Alzheimer’s patients that we work on in the CHIST-ERA project SUCCESS

    Combining secure system design with risk assessment for IoT healthcare systems

    Get PDF
    In this paper, we show how to derive formal spec- ifications of secure IoT systems by a process that uses the risk assessment strategy of attack trees on infrastructure models. The models of the infrastructure are logical models in the Isabelle Infrastructure framework. It comprises actors, policies and a state transition of the dynamic evolution of the system. This logical framework also provides attack trees. The process we propose in this paper incrementally uses those two features to refine a system specification until expected security and privacy properties can be proved. Infrastructures allow modeling logical as well as physical elements which makes them well suited for IoT applications. We illustrate the stepwise application of the proposed process in the Isabelle Insider framework on the case study of an IoT healthcare system

    Combining secure system design with risk assessment for IoT healthcare systems

    Get PDF
    In this paper, we show how to derive formal spec- ifications of secure IoT systems by a process that uses the risk assessment strategy of attack trees on infrastructure models. The models of the infrastructure are logical models in the Isabelle Infrastructure framework. It comprises actors, policies and a state transition of the dynamic evolution of the system. This logical framework also provides attack trees. The process we propose in this paper incrementally uses those two features to refine a system specification until expected security and privacy properties can be proved. Infrastructures allow modeling logical as well as physical elements which makes them well suited for IoT applications. We illustrate the stepwise application of the proposed process in the Isabelle Insider framework on the case study of an IoT healthcare system

    Exploring rationality of self awareness in social networking for logical modeling of unintentional insiders

    Get PDF
    Unawareness of privacy risks together with approval seeking motivations make humans enter too much detail into the likes of Facebook, Twitter, and Instagram. To test whether the rationality principle applies, we construct a tool that shows to a user what is known publicly on social networking sites about her. In our experiment, we check whether this revelation changes human behaviour. To extrapolate and generalize, we use the insights gained by practical experimentation. Unaware users can become targeted by attackers. They then become unintentional insid- ers. We demonstrate this by extending the Isabelle Insider framework to accommodate a formal model of unintentional insiders, an open problem with long standing

    Exploring rationality of self awareness in social networking for logical modeling of unintentional insiders

    Get PDF
    Unawareness of privacy risks together with approval seeking motivations make humans enter too much detail into the likes of Facebook, Twitter, and Instagram. To test whether the rationality principle applies, we construct a tool that shows to a user what is known publicly on social networking sites about her. In our experiment, we check whether this revelation changes human behaviour. To extrapolate and generalize, we use the insights gained by practical experimentation. Unaware users can become targeted by attackers. They then become unintentional insid- ers. We demonstrate this by extending the Isabelle Insider framework to accommodate a formal model of unintentional insiders, an open problem with long standing

    Inter-blockchain protocols with the Isabelle Infrastructure framework

    Get PDF
    The main incentives of blockchain technology are distribution and distributed change, consistency, and consensus. Beyond just being a distributed ledger for digital currency, smart contracts add transaction protocols to blockchains to execute terms of a contract in a blockchain network. Inter-blockchain (IBC) protocols define and control exchanges between different blockchains. The Isabelle Infrastructure framework has been designed to serve security and privacy for IoT architectures by formal specification and stepwise attack analysis and refinement. A major case study of this framework is a distributed health care scenario for data consistency for GDPR compliance. This application led to the development of an abstract system specification of blockchains for IoT infrastructures. In this paper, we first give a summary of the concept of IBC. We then introduce an instantiation of the Isabelle Infrastructure framework to model blockchains. Based on this we extend this model to instantiate different blockchains and formalize IBC protocols. We prove the concept by defining the generic property of global consistency and prove it in Isabelle

    Inter-Blockchain Protocols with the Isabelle Infrastructure Framework

    Get PDF
    The main incentives of blockchain technology are distribution and distributed change, consistency, and consensus. Beyond just being a distributed ledger for digital currency, smart contracts add transaction protocols to blockchains to execute terms of a contract in a blockchain network. Inter-blockchain (IBC) protocols define and control exchanges between different blockchains. The Isabelle Infrastructure framework {has been designed to} serve security and privacy for IoT architectures by formal specification and stepwise attack analysis and refinement. A major case study of this framework is a distributed health care scenario for data consistency for GDPR compliance. This application led to the development of an abstract system specification of blockchains for IoT infrastructures. In this paper, we first give a summary of the concept of IBC. We then introduce an instantiation of the Isabelle Infrastructure framework to model blockchains. Based on this we extend this model to instantiate different blockchains and formalize IBC protocols. We prove the concept by defining the generic property of global consistency and prove it in Isabelle
    corecore