5 research outputs found

    ΠœΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° Π²Π΅Ρ€ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠΈ сСтСвых ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½Ρ‹Ρ… ΠΏΠΎΡ‚ΠΎΠΊΠΎΠ² Π² ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎ-Ρ‚Π΅Π»Π΅ΠΊΠΎΠΌΠΌΡƒΠ½ΠΈΠΊΠ°Ρ†ΠΈΠΎΠ½Π½Ρ‹Ρ… систСмах со встроСнными устройствами

    Get PDF
    The paper comprises a technique of information flow verification for information and telecommunication systems with embedded devices. The goal of the technique is to evaluate the security level of the constructed system and check the compliance between real information flows and the set policies. The conducted verification is based on model checking with the use of SPIN tool. Implementation of such verification is fulfilled at initial design stages and provides earlier detection of contradictions in the used security policy and inconsistencies between the network topology and requirements of the information system.Π’ Ρ€Π°Π±ΠΎΡ‚Π΅ прСдставлСна ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠ° Π²Π΅Ρ€ΠΈΡ„ΠΈΠΊΠ°Ρ†ΠΈΠΈ сСтСвых ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½Ρ‹Ρ… ΠΏΠΎΡ‚ΠΎΠΊΠΎΠ² ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎ-Ρ‚Π΅Π»Π΅ΠΊΠΎΠΌΠΌΡƒΠ½ΠΈΠΊΠ°Ρ†ΠΈΠΎΠ½Π½Ρ‹Ρ… систСм со встроСнными устройствами. ЦСль ΠΌΠ΅Ρ‚ΠΎΠ΄ΠΈΠΊΠΈ – ΠΎΡ†Π΅Π½ΠΊΠ° защищСнности Ρ€Π°Π·Ρ€Π°Π±Π°Ρ‚Ρ‹Π²Π°Π΅ΠΌΠΎΠΉ систСмы ΠΈ ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° соотвСтствия ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½Ρ‹Ρ… ΠΏΠΎΡ‚ΠΎΠΊΠΎΠ² Π² Ρ€Π΅Π°Π»ΡŒΠ½ΠΎΠΉ систСмС Π·Π°Π΄Π°Π½Π½Ρ‹ΠΌ ΠΏΠΎΠ»ΠΈΡ‚ΠΈΠΊΠ°ΠΌ. ΠŸΡ€ΠΎΠ²ΠΎΠ΄ΠΈΠΌΠ°Ρ вСрификация базируСтся Π½Π° ΠΌΠ΅Ρ‚ΠΎΠ΄Π΅ Β«ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠΈ Π½Π° ΠΌΠΎΠ΄Π΅Π»ΠΈΒ» с использованиСм ΠΏΡ€ΠΎΠ³Ρ€Π°ΠΌΠΌΠ½ΠΎΠ³ΠΎ срСдства SPIN. ВСрификация ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½Ρ‹Ρ… ΠΏΠΎΡ‚ΠΎΠΊΠΎΠ² проводится Π½Π° Π½Π°Ρ‡Π°Π»ΡŒΠ½Ρ‹Ρ… этапах проСктирования ΠΈ обСспСчиваСт Π±ΠΎΠ»Π΅Π΅ Ρ€Π°Π½Π½Π΅Π΅ ΠΎΠ±Π½Π°Ρ€ΡƒΠΆΠ΅Π½ΠΈΠ΅ ΠΏΡ€ΠΎΡ‚ΠΈΠ²ΠΎΡ€Π΅Ρ‡ΠΈΠΉ Π² ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌΠΎΠΉ ΠΏΠΎΠ»ΠΈΡ‚ΠΈΠΊΠ΅ бСзопасности ΠΈ нСсоотвСтствий Ρ‚ΠΎΠΏΠΎΠ»ΠΎΠ³ΠΈΠΈ сСти трСбованиям ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎ-Ρ‚Π΅Π»Π΅ΠΊΠΎΠΌΠΌΡƒΠ½ΠΈΠΊΠ°Ρ†ΠΈΠΎΠ½Π½ΠΎΠΉ систСмы

    DDoS Attacks with Randomized Traffic Innovation: Botnet Identification Challenges and Strategies

    Full text link
    Distributed Denial-of-Service (DDoS) attacks are usually launched through the botnetbotnet, an "army" of compromised nodes hidden in the network. Inferential tools for DDoS mitigation should accordingly enable an early and reliable discrimination of the normal users from the compromised ones. Unfortunately, the recent emergence of attacks performed at the application layer has multiplied the number of possibilities that a botnet can exploit to conceal its malicious activities. New challenges arise, which cannot be addressed by simply borrowing the tools that have been successfully applied so far to earlier DDoS paradigms. In this work, we offer basically three contributions: i)i) we introduce an abstract model for the aforementioned class of attacks, where the botnet emulates normal traffic by continually learning admissible patterns from the environment; ii)ii) we devise an inference algorithm that is shown to provide a consistent (i.e., converging to the true solution as time progresses) estimate of the botnet possibly hidden in the network; and iii)iii) we verify the validity of the proposed inferential strategy over realreal network traces.Comment: Submitted for publicatio

    The Embedding Capacity of Information Flows Under Renewal Traffic

    Full text link
    Given two independent point processes and a certain rule for matching points between them, what is the fraction of matched points over infinitely long streams? In many application contexts, e.g., secure networking, a meaningful matching rule is that of a maximum causal delay, and the problem is related to embedding a flow of packets in cover traffic such that no traffic analysis can detect it. We study the best undetectable embedding policy and the corresponding maximum flow rate ---that we call the embedding capacity--- under the assumption that the cover traffic can be modeled as arbitrary renewal processes. We find that computing the embedding capacity requires the inversion of very structured linear systems that, for a broad range of renewal models encountered in practice, admits a fully analytical expression in terms of the renewal function of the processes. Our main theoretical contribution is a simple closed form of such relationship. This result enables us to explore properties of the embedding capacity, obtaining closed-form solutions for selected distribution families and a suite of sufficient conditions on the capacity ordering. We evaluate our solution on real network traces, which shows a noticeable match for tight delay constraints. A gap between the predicted and the actual embedding capacities appears for looser constraints, and further investigation reveals that it is caused by inaccuracy of the renewal traffic model rather than of the solution itself.Comment: Sumbitted to IEEE Trans. on Information Theory on March 10, 201

    Distributed Detection of Multi-Hop Information Flows With Fusion Capacity Constraints

    No full text
    The problem of detecting multihop information flows subject to communication constraints is considered. In a distributed detection scheme, eavesdroppers are deployed near nodes in a network, each able to measure the transmission timestamps of a single node. The eavesdroppers must then compress the information and transmit it to a fusion center, which then decides whether a sequence of monitored nodes are transmitting an information flow. A performance measure is defined based on the maximum fraction of chaff packets under which flows are still detectable. The performance of a detector becomes a function of the communication constraints and the number of nodes in the sequence. Achievability results are obtained by designing a practical distributed detection scheme, including a new flow finding algorithm that has vanishing error probabilities for a limited fraction of chaff packets. Converse results are obtained by characterizing the fraction of chaff packets sufficient for an information flow to mimic the distributions of independent traffic under the proposed compression scheme.National Science Foundation (U.S.) (Grant No. CCF-0635070)United States. Office of Naval Research (MURI W911NF-08-1-0238
    corecore