Automated Verification of Virtualized Infrastructures

Virtualized infrastructures and clouds present new challenges for security analysis and formal verification: they are complex environments that continuously change their shape, and that give rise to non-trivial security goals such as isolation and failure resilience requirements. We present a platform that connects declarative and expressive description languages with state-of-the art verification methods. The languages integrate homogeneously descriptions of virtualized infras-tructures, their transformations, their desired goals, and evaluation strategies. The different verification tools range from model checking to theorem proving; this allows us to exploit the complementary strengths of methods, and also to understand how to best represent the analysis problems in different contexts. We consider first the static case where the topology of the virtual infrastructure is fixed and demonstrate that our platform allows for the declarative specification of a large class of properties. Even though tools that are special-ized to checking particular properties perform better than our generic approach, we show with a real-world case study that our approach is practically feasible. We finally consider also the dynamic case where the intruder can actively change the topology (by migrating machines). The combination of a complex topology and changes to it by an intruder is a problem that lies beyond the scope of previous analysis tools and to which we can give first positive verification results

Evidence of Log Integrity in Policy-based Security Monitoring

Abstract-Monitoring systems are commonly used by many organizations to collect information about their system and network operations. Typically, SNMP, IDS, or software agents generate log data and store them in a centralized monitoring system for analysis. However, malicious employees, attackers, or even organizations themselves can modify such data to hide malicious activities or to avoid expensive non-compliance fines. This paper proposes a cloud-based framework for verifying the trustworthiness of the logs based on a small amount of evidence data. A simple Cloud Security Monitoring (CSM) API, made available on the cloud services, allows organizations operating on the cloud to collect additional "evidence" about their systems. Such evidence is used to verify system compliance against the policies set by security managers or regulatory authorities. We present a strategy for randomly auditing and verifying resource compliance, and propose an architecture that allows the organizations to prove compliance to an external auditing agency

Semantic hierarchies for extracting, modeling, and connecting compliance requirements in information security control standards

Companies and government organizations are increasingly compelled, if not required by law, to ensure that their information systems will comply with various federal and industry regulatory standards, such as the NIST Special Publication on Security Controls for Federal Information Systems (NIST SP-800-53), or the Common Criteria (ISO 15408-2). Such organizations operate business or mission critical systems where a lack of or lapse in security protections translates to serious confidentiality, integrity, and availability risks that, if exploited, could result in information disclosure, loss of money, or, at worst, loss of life. To mitigate these risks and ensure that their information systems meet regulatory standards, organizations must be able to (a) contextualize regulatory documents in a way that extracts the relevant technical implications for their systems, (b) formally represent their systems and demonstrate that they meet the extracted requirements following an accreditation process, and (c) ensure that all third-party systems, which may exist outside of the information system enclave as web or cloud services also implement appropriate security measures consistent with organizational expectations. This paper introduces a step-wise process, based on semantic hierarchies, that systematically extracts relevant security requirements from control standards to build a certification baseline for organizations to use in conjunction with formal methods and service agreements for accreditation. The approach is demonstrated following a case study of all audit-related controls in the SP-800-53, ISO 15408-2, and related documents. Accuracy, applicability, consistency, and efficacy of the approach were evaluated using controlled qualitative and quantitative methods in two separate studies

Dagstuhl News January - December 2011

"Dagstuhl News" is a publication edited especially for the members of the Foundation "Informatikzentrum Schloss Dagstuhl" to thank them for their support. The News give a summary of the scientific work being done in Dagstuhl. Each Dagstuhl Seminar is presented by a small abstract describing the contents and scientific highlights of the seminar as well as the perspectives or challenges of the research topic

Formalização e verificação de um protocolo de autenticação multifator

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2012Nesta Dissertação de Mestrado, apresenta-se a proposta de um protocolo para autenticação de usuários, fazendo uso de biometria e smartcards. As principais características desse conjunto de protocolos são: prover um mecanismo próprio e integrado para cadastro e autenticação, assim como permitir a existência de diferentes papéis de usuários. Com a união destas duas características, almeja-se a obtenção de protocolos que possuam níveis aprimorados, não apenas de segurança, mas também de gerenciamento. Seu desenvolvimento é norteado pela adoção de uma metodologia própria ao projeto de protocolos de segurança. As seguintes etapas fazem parte desta metodologia: projeto inicial, prototipação, implantação, modelagem formal e verificação. A modelagem formal é feita em Lógica de Primeira Ordem. Os modelos lógicos criados são, posteriormente, alvo de verificação com auxílio de um provador automático de teoremas (em nosso caso, o SPASS). De modo a antecipar as ações de um atacante em potencial, seus possíveis movimentos são também alvo de formalização, resultando na criação de um modelo lógico próprio. Logo após, tem início a etapa de verificação, a qual consiste no teste de conjecturas sobre os modelos lógicos. O resultado deste teste permite a extração de fatos (certezas) sobre nosso conjunto de protocolos. Em última análise, estes fatos são a comprovação da resistência do protocolo a padrões conhecidos de ataque. Com a finalidade de propiciar uma visão geral da temática da verificação de protocolos de segurança, este trabalho também apresenta uma revisão dos métodos disponíveis, não se limitando apenas àqueles efetivamente utilizados neste estudo. Ademais, todo o material relativo às modelagens formais e respectivas provas é incluído como anexos.Abstract : In this Master Thesis, a proposal for a set of authentication protocols through the use of biometrics and smartcards is presented. The main characteristics of such protocols are: to provide their own integrated mechanism for user registration and authentication, as well as to differentiate the existent user roles. By combining these characteristics, we aim at creating protocols with, not only improved security levels, but also with flexible management. Their development is guided by the adoption of a proper methodology for the security protocols' project. The following steps make part of it: initial design, prototyping, deployment, formal modelling and verification. The formal modelling is carried out in First-Order Logic. The logic models created are subsequently targeted of verification with the assistance of an automated theorem prover (in this case, SPASS). To anticipate the actions from a potential attacker, his characteristics are also target of formalisation, resulting in his own logic model. After, we proceed with the verification which consists on testing conjectures upon the logic models. The results collected with those tests allow the extraction of facts about our set of protocols. In a last instance, such facts are the evidence of the protocol's resistance to well-known attack patterns. In order to provide a broader view of the subject of security protocol verification, this work also reviews all the available methods. Not limiting to those already used in this study. In addition, every piece of material related to the formal modelling and respective proofs is included as appendices