ENSURING SPECIFICATION COMPLIANCE, ROBUSTNESS, AND SECURITY OF WIRELESS NETWORK PROTOCOLS

Several newly emerged wireless technologies (e.g., Internet-of-Things, Bluetooth, NFC)—extensively backed by the tech industry—are being widely adopted and have resulted in a proliferation of diverse smart appliances and gadgets (e.g., smart thermostat, wearables, smartphones), which has ensuingly shaped our modern digital life. These technologies include several communication protocols that usually have stringent requirements stated in their specifications. Failing to comply with such requirements can result in incorrect behaviors, interoperability issues, or even security vulnerabilities. Moreover, lack of robustness of the protocol implementation to malicious attacks—exploiting subtle vulnerabilities in the implementation—mounted by the compromised nodes in an adversarial environment can limit the practical utility of the implementation by impairing the performance of the protocol and can even have detrimental effects on the availability of the network. Even having a compliant and robust implementation alone may not suffice in many cases because these technologies often expose new attack surfaces as well as new propagation vectors, which can be exploited by unprecedented malware and can quickly lead to an epidemic

Hybrid session veri cation through endpoint API generation

This paper proposes a new hybrid session veri cation method- ology for applying session types directly to mainstream languages, based on generating protocol-speci c endpoint APIs from multiparty session types. The API generation promotes static type checking of the be- havioural aspect of the source protocol by mapping the state space of an endpoint in the protocol to a family of channel types in the tar- get language. This is supplemented by very light run-time checks in the generated API that enforce a linear usage discipline on instances of the channel types. The resulting hybrid veri cation guarantees the absence of protocol violation errors during the execution of the session. We have implemented our methodology for Java as an extension to the Scrib- ble framework, and used it to implement compliant clients and servers for real-world protocols such as HTTP and SMTP. The API genera- tion methodology additionally provides a platform for applying further features from session type theory: our implementation supports choice subtyping through branch interface generation, and safe permutation of I/O actions and a ne inputs through input future generation

An affordable post-silicon testing framework applied to a RISC-V based microcontroller

The RISC-V architecture is a very attractive option for developing application specific systems needing an affordable yet efficient central processing unit. Post-silicon validation on RISC-V applications has been done in industry for a while, however documentation is scarce. This paper proposes a practical low-cost post-silicon testing framework applied to a RISC-V RV32I based microcontroller. The framework uses FPGA-based emulation as a cornerstone to test the microcontroller before and after its fabrication. The platform only requires a handful of elements like the FPGA, a PC, the fabricated chip and some discrete components, without losing the capacity to functionally validate the design under test and save development testing time by using a re-utilize philosophy.Agencia Nacional de Investigación e Innovació

An investigation of interoperability issues between authorisation systems within web services

The existing authorisation systems within the context of Web Services mainly apply two access control approaches – Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The RBAC approach links an authenticated Web Service Requester to its specific access control permission through roles, but RBAC is not flexible enough to cater for some cases where extra attribute information is needed in addition to the identity. By contrast, the ABAC approach has more flexibility, as it allows a Web Service Requester to submit necessary credentials containing extra attribute information that can fulfil the policies declared by a Web Service Provider, which aims to protect the sensitive resources/services.RBAC and ABAC can only help to establish a unilateral trust relationship between two Web Services to enable a Web Service Provider to make an access control decision. Unfortunately, the nature of Web Services presents a high probability that two Web Services may not know each other. Therefore, successful authorisation may fail, if the Web Service Requester does not trust the Web Service Provider.Trust Negotiation (TN) is also an access control approach, which can provide a bilateral trust relationship between two unknown entities, so it sometimes can enable authorisation success in situations where success is not possible through RBAC or ABAC approaches. However, interoperability issues will arise between authorisation systems within Web Services, where a bilateral trust-based authorisation solution is applied. In addition, a lack of a unified approach that can address the interoperability issues remains as a research problem. This research aims to explore possible factors causing the lack of interoperability first, and then to explore an approach that can address the interoperability issues. The main contributions of this research are an improved interoperability model illustrating interoperability issues at different layers of abstraction, and a novel interoperability-solution design along with an improved TN protocol as an example of utilising this design to provide interoperability between authorisation systems within Web Services

Contract representation for validation and run time monitoring

PhD ThesisOrganisations are increasingly using the Internet to offer their own services and to utilise the services of others. This naturally leads to resource sharing across organisational boundaries. Nevertheless, organisations will require their interactions with other organisations to be strictly controlled. In the paper-based world, business interactions, information exchange and sharing have been conducted under the control of contracts that the organisations sign. The world of electronic business needs to emulate electronic equivalents of the contract based business management practices. This thesis examines how a 'conventional' contract can be converted into its electronic equivalent and how it can be used for controlling business interactions taking place through computer messages. To implement a contract electronically, a conventional text contract needs to be described in a mathematically precise notation so that the description can be subjected to rigorous analysis and freed from the ambiguities that the original humanoriented text is likely to contain. Furthermore, a suitable run time infrastructure is required for monitoring the executable version of the contract. To address these issues, this thesis describes how standard conventional contracts can be converted into Finite State Machines (FSMs). It is illustrated how to map the rights and obligations extracted from the clauses of the contract into the states, transition and output functions, and input and output symbols of a FSM. The thesis then goes on to develop a list of correctness properties that a typical executable business contract should satisfy. A contract model should be validated against safety properties, which specify situations that the contract must not get into (such as deadlocks, unreachable states .... etc), and liveness properties, which detail qualities that would be desirable for the contract to contain (responsiveness, accessibility .... etc). The FSM description can then be subjected to model checking. This is demonstrated with the aid of examples using the Promela language and the Spin validator. Subsequently, the FSM representation can be used to ensure that the clauses stipulated in the contract are observed when the contract is executed. The requirements of a suitable run time infrastructure for monitoring contract compliance are discussed and a prototype middleware implementation is presented.UK Engineering and Physical Sciences Research Council (EPSRC)

Model-Based Testing for Composite Web Services in Cloud Brokerage Scenarios

Cloud brokerage is an enabling technology allowing various services to be merged together for providing optimum quality of service for the end-users. Within this collection of composed services, testing is a challenging task which brokers have to take on to ensure quality of service. Most Software-as-a-Service (SaaS) testing has focused on high-level test generation from the functional specification of individual services, with little research into how to achieve sufficient test coverage of composite services. This paper explores the use of model-based testing to achieve testing of composite services, when two individual web services are tested and combined. Two example web services – a login service and a simple shopping service – are combined to give a more realistic shopping cart service. This paper focuses on the test coverage required for testing the component services individually and their composition. The paper highlights the problems of service composition testing, requiring a reworking of the combined specification and regeneration of the tests, rather than a simple composition of the test suites; and concludes by arguing that more work needs to be done in this area