Tools and techniques for analysing the impact of information security

PhD ThesisThe discipline of information security is employed by organisations to protect the confidentiality, integrity and availability of information, often communicated in the form of information security policies. A policy expresses rules, constraints and procedures to guard against adversarial threats and reduce risk by instigating desired and secure behaviour of those people interacting with information legitimately. To keep aligned with a dynamic threat landscape, evolving business requirements, regulation updates, and new technologies a policy must undergo periodic review and change. Chief Information Security Officers (CISOs) are the main decision makers on information security policies within an organisation. Making informed policy modifications involves analysing and therefore predicting the impact of those changes on the success rate of business processes often expressed as workflows. Security brings an added burden to completing a workflow. Adding a new security constraint may reduce success rate or even eliminate it if a workflow is always forced to terminate early. This can increase the chances of employees bypassing or violating a security policy. Removing an existing security constraint may increase success rate but may may also increase the risk to security. A lack of suitably aimed impact analysis tools and methodologies for CISOs means impact analysis is currently a somewhat manual and ambiguous procedure. Analysis can be overwhelming, time consuming, error prone, and yield unclear results, especially when workflows are complex, have a large workforce, and diverse security requirements. This thesis considers the provision of tools and more formal techniques specific to CISOs to help them analyse the impact modifying a security policy has on the success rate of a workflow. More precisely, these tools and techniques have been designed to efficiently compare the impact between two versions of a security policy applied to the same workflow, one before, the other after a policy modification. This work focuses on two specific types of security impact analysis. The first is quantitative in nature, providing a measure of success rate for a security constrained workflow which must be executed by employees who may be absent at runtime. This work considers quantifying workflow resiliency which indicates a workflow’s expected success rate assuming the availability of employees to be probabilistic. New aspects of quantitative resiliency are introduced in the form of workflow metrics, and risk management techniques to manage workflows that must work with a resiliency below acceptable levels. Defining these risk management techniques has led to exploring the reduction of resiliency computation time and analysing resiliency in workflows with choice. The second area of focus is more qualitative, in terms of facilitating analysis of how people are likely to behave in response to security and how that behaviour can impact the success rate of a workflow at a task level. Large amounts of information from disparate sources exists on human behavioural factors in a security setting which can be aligned with security standards and structured within a single ontology to form a knowledge base. Consultations with two CISOs have been conducted, whose responses have driven the implementation of two new tools, one graphical, the other Web-oriented allowing CISOs and human factors experts to record and incorporate their knowledge directly within an ontology. The ontology can be used by CISOs to assess the potential impact of changes made to a security policy and help devise behavioural controls to manage that impact. The two consulted CISOs have also carried out an evaluation of the Web-oriented tool. vii

Analyzing Robustness of UML State Machines

UML State Machines constitute an integral part of software behavior specification within the Unified Modeling Language (UML). The development of realistic software applications often results in complex and distributed models. Hence, potential errors can be very subtle and hard to locate for the developer. In this paper, we present a set of robustness rules that seek to avoid common types of errors by ruling out certain modelling constructs. Furthermore, adherence to these rules can improve model readability and maintainability. The robustness rules constitute a general Statechart style guide for different dialects, such as UML State Machines, Statemate, and Esterel Studio. Based on this style guide, an automated checking framework has been implemented as a plug-in for the prototypical Statechart modeling tool KIEL. Simple structural checks can be formulated in a compact, abstract manner in the Object Constraint Language (OCL). The framework can also incorporate checks that go beyond the expressiveness of OCL by implementing them in Java directly, which can also serve as a gateway to formal verification tools; we have exploited this to incorporate a theorem prover for more advanced checks. As a case study, we adopted the UML well-formedness rules; this confirmed that individual rules can easily be incorporated into the framework

Temporal reasoning in a logic programming language with modularity

Actualmente os Sistemas de Informação Organizacionais (SIO) lidam cada vez mais com informação que tem dependências temporais. Neste trabalho concebemos um ambiente de trabalho para construir e manter SIO Temporais. Este ambiente assenta sobre um linguagem lógica denominada Temporal Contextua) Logic Programming que integra modularidade com raciocínio temporal fazendo com que a utilização de um módulo dependa do tempo do contexto. Esta linguagem é a evolução de uma outra, também introduzida nesta tese, que combina Contextua) Logic Programming com Temporal Annotated Constraint Logic Programming, na qual a modularidade e o tempo são características ortogonais. Ambas as linguagens são formalmente discutidas e exemplificadas. As principais contribuições do trabalho descrito nesta tese incluem: • Optimização de Contextua) Logic Programming (CxLP) através de interpretação abstracta. • Sintaxe e semântica operacional para uma linguagem que combina de um modo independente as linguagens Temporal Annotated Constraint Logic Programming (TACLP) e CxLP. É apresentado um compilador para esta linguagem. • Linguagem (sintaxe e semântica) que integra de um modo inovador modularidade (CxLP) com raciocínio temporal (TACLP). Nesta linguagem a utilização de um dado módulo está dependente do tempo do contexto. É descrito um interpretador e um compilador para esta linguagem. • Ambiente de trabalho para construir e fazer a manutenção de SIO Temporais. Assenta sobre uma especificação revista da linguagem ISCO, adicionando classes e manipulação de dados temporais. É fornecido um compilador em que a linguagem resultante é a descrita no item anterior. ABSTRACT- Current Organisational Information Systems (OIS) deal with more and more Infor-mation that, is time dependent. In this work we provide a framework to construct and maintain Temporal OIS. This framework builds upon a logical language called Temporal Contextual. Logic Programming that deeply integrates modularity with tem-poral reasoning making the usage of a module time dependent. This language is an evolution of another one, also introduced in this thesis, that combines Contextual Logic Programming with Temporal Annotated Constraint Logic Programming where modularity and time are orthogonal features. Both languages are formally discussed and illustrated. The main contributions of the work described in this thesis include: • Optimisation of Contextual Logic Programming (CxLP) through abstract interpretation. • Syntax and operational semantics for an independent combination of the temporal framework Temporal Annotated Constraint Logic Programming (TACLP) and CxLP. A compiler for this language is also provided. • Language (syntax and semantics) that integrates in a innovative way modularity (CxLP) with temporal reasoning (TACLP). In this language the usage of a given module depends of the time of the context. An interpreter and a compiler for this language are described. • Framework to construct and maintain Temporal Organisational Information Systems. It builds upon a revised specification of the language ISCO, adding temporal classes and temporal data manipulation. A compiler targeting the language presented in the previous item is also given

Proceedings of the 21st Conference on Formal Methods in Computer-Aided Design – FMCAD 2021

The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing