Checking and Enforcing Security through Opacity in Healthcare Applications

The Internet of Things (IoT) is a paradigm that can tremendously revolutionize health care thus benefiting both hospitals, doctors and patients. In this context, protecting the IoT in health care against interference, including service attacks and malwares, is challenging. Opacity is a confidentiality property capturing a system's ability to keep a subset of its behavior hidden from passive observers. In this work, we seek to introduce an IoT-based heart attack detection system, that could be life-saving for patients without risking their need for privacy through the verification and enforcement of opacity. Our main contributions are the use of a tool to verify opacity in three of its forms, so as to detect privacy leaks in our system. Furthermore, we develop an efficient, Symbolic Observation Graph (SOG)-based algorithm for enforcing opacity

Understanding and Enforcing Opacity

Abstract—This paper puts a spotlight on the specification and enforcement of opacity, a security policy for protecting sensitive properties of system behavior. We illustrate the fine granularity of the opacity policy by location privacy and privacy-preserving aggregation scenarios. We present a frame-work for opacity and explore its key differences and formal connections with such well-known information-flow models as noninterference, knowledge-based security, and declassifica-tion. Our results are machine-checked and parameterized in the observational power of the attacker, including progress-insensitive, progress-sensitive, and timing-sensitive attackers. We present two approaches to enforcing opacity: a whitebox monitor and a blackbox sampling-based enforcement. We report on experiments with prototypes that utilize state-of-the-art Satisfiability Modulo Theories (SMT) solvers and the random testing tool QuickCheck to establish opacity for the location and aggregation-based scenarios. I

Opacity Of Discrete Event Systems: Analysis And Control

The exchange of sensitive information in many systems over a network can be manipulated by unauthorized access. Opacity is a property to investigate security and privacy problems in such systems. Opacity characterizes whether a secret information of a system can be inferred by an unauthorized user. One approach to verify security and privacy properties using opacity problem is to model the system that may leak confidential information as a discrete event system. The problem that has not investigated intensively is the enforcement of opacity properties by supervisory control. In other words, constructing a minimally restrictive supervisor to limit the system\u27s behavior so an unauthorized user cannot discover or infer the secret information. We describe and analyze the complexity of opacity in systems that are modeled as a discrete event system with partial observation mapping. We define three types of opacity: strong opacity, weak opacity, and no opacity. Strong Opacity describes the inability for the system\u27s observer to know what happened in a system. On the other hand, No-opacity refers to the condition where there is no ambiguity in the system behavior. The definitions introduce properties of opacity and its effects on the system behavior. Strong opacity can be used to study security related problems while no opacity can be used to study fault, detection and diagnosis, among many other applications. In this dissertation, we investigate the largest opaque sublanguages and smallest opaque superlanguages of a language if the language is not opaque. We studied how to ensure strong opacity, weak opacity and no opacity by supervisory control. If strong opacity, weak opacity or no opacity is not satisfied, then we can restrict the system\u27s behavior by a supervisor so that strong opacity, weak opacity or no opacity is satisfied. We investigate the strong opacity control problem (SOCP), the weak opacity control problem (WOCP), and no opacity control problem (NOCP). As illustrated by examples in the dissertation, the above properties of opacity can be used to characterize the security requirements in many applications, as anonymity requirements in protocols for web browsing. Solutions to SOCP in terms of the largest sublanguage that is controllable, observable (or normal), and strongly opaque were characterized. Similar characterization is available for solutions to NOCP

Flexible Information-Flow Control

As more and more sensitive data is handled by software, its trustworthinessbecomes an increasingly important concern. This thesis presents work on ensuringthat information processed by computing systems is not disclosed to thirdparties without the user\u27s permission; i.e. to prevent unwanted flows ofinformation. While this problem is widely studied, proposed rigorousinformation-flow control approaches that enforce strong securityproperties like noninterference have yet to see widespread practical use.Conversely, lightweight techniques such as taint tracking are more prevalent inpractice, but lack formal underpinnings, making it unclear what guarantees theyprovide.This thesis aims to shrink the gap between heavyweight information-flow controlapproaches that have been proven sound and lightweight practical techniqueswithout formal guarantees such as taint tracking. This thesis attempts toreconcile these areas by (a) providing formal foundations to taint trackingapproaches, (b) extending information-flow control techniques to more realisticlanguages and settings, and (c) exploring security policies and mechanisms thatfall in between information-flow control and taint tracking and investigating whattrade-offs they incur

Verification of temporal-epistemic properties of access control systems

Verification of access control systems against vulnerabilities has always been a challenging problem in the world of computer security. The complication of security policies in large- scale multi-agent systems increases the possible existence of vulnerabilities as a result of mistakes in policy definition. This thesis explores automated methods in order to verify temporal and epistemic properties of access control systems. While temporal property verification can reveal a considerable number of security holes, verification of epistemic properties in multi-agent systems enable us to infer about agents' knowledge in the system and hence, to detect unauthorized information flow. This thesis first presents a framework for knowledge-based verification of dynamic access control policies. This framework models a coalition-based system, which evaluates if a property or a goal can be achieved by a coalition of agents restricted by a set of permissions defined in the policy. Knowledge is restricted to the information that agents can acquire by reading system information in order to increase time and memory efficiency. The framework has its own model-checking method and is implemented in Java and released as an open source tool named \char{cmmi10}{0x50}\char{cmmi10}{0x6f}\char{cmmi10}{0x6c}\char{cmmi10}{0x69}\char{cmmi10}{0x56}\char{cmmi10}{0x65}\char{cmmi10}{0x72}. In order to detect information leakage as a result of reasoning, the second part of this thesis presents a complimentary technique that evaluates access control policies over temporal-epistemic properties where the knowledge is gained by reasoning. We will demonstrate several case studies for a subset of properties that deal with reasoning about knowledge. To increase the efficiency, we develop an automated abstraction refinement technique for evaluating temporal-epistemic properties. For the last part of the thesis, we develop a sound and complete algorithm in order to identify information leakage in Datalog-based trust management systems

Regulated MAS: Social Perspective

This chapter addresses the problem of building normative multi-agent systems in terms of regulatory mechanisms. It describes a static conceptual model through which one can specify normative multi-agent systems along with a dynamic model to capture their operation and evolution. The chapter proposes a typology of applications and presents some open problems. In the last section, the authors express their individual views on these mattersMunindar Singh’s effort was partially supported by the U.S. Army Research Office under grant W911NF-08-1-0105. The content of this paper does not necessarily reflect the position or policy of the U.S. Government; no official endorsement should be inferred or implied. Nicoletta Fornara’s effort is supported by the Hasler Foundation project nr. 11115-KG and by the SER project nr. C08.0114 within the COST Action IC0801 Agreement Technologies. Henrique Lopes Cardoso’s effort is supported by Fundação para a Ciência e a Tecnologia (FCT), under project PTDC/EIA-EIA/104420/2008. Pablo Noriega’s effort has been partially supported by the Spanish Ministry of Science and Technology through the Agreement Technologies CONSOLIDER project under contract CSD2007-0022, and the Generalitat of Catalunya grant 2009-SGR-1434.Peer Reviewe

Blockchain and sustainable supply chain management in developing countries

Theoretical, empirical and anecdotal evidence suggests that there are more violations of sustainability principles in supply chains in developing countries than in developed countries. Recent research has demonstrated that blockchain can play an important role in promoting supply chain sustainability. In this paper we argue that blockchain’s characteristics are especially important for enforcing sustainability standards in developing countries. We analyze multiple case studies of blockchain projects implemented in supply chains in developing countries to assess product quality, environmental accounting and social impact measurement. We have developed seven propositions, which describe how blockchain can help address a number of challenges various stakeholders face in promoting sustainable supply chains in developing countries. The challenges that the propositions deal with include those associated with an unfavorable institutional environment, high costs, technological limitations, unequal power distribution among supply chain partners and porosity and opacity of value delivery networks