17,724 research outputs found
Recommended from our members
A Static Verification Framework for Secure Peer-to-Peer Applications
In this paper we present a static verification framework to support the design and verification of secure peer-to-peer applications. The framework supports the specification, modeling, and analysis of security aspects together with the general characteristics of the system, during early stages of the development life-cycle. The approach avoids security issues to be taken into consideration as a separate layer that is added to the system as an afterthought by the use of security protocols. The main functionality supported by the framework are concerned with the modeling of the system together with its security aspects by using an extension of UML, modeling of abuse cases to represent scenarios of attackers and assist with the identification of properties to be verified, specification of properties to be verified in a graphical template language, verification of the models against the properties, and visualization of the results of the verification process
Towards a Formal Model of Privacy-Sensitive Dynamic Coalitions
The concept of dynamic coalitions (also virtual organizations) describes the
temporary interconnection of autonomous agents, who share information or
resources in order to achieve a common goal. Through modern technologies these
coalitions may form across company, organization and system borders. Therefor
questions of access control and security are of vital significance for the
architectures supporting these coalitions.
In this paper, we present our first steps to reach a formal framework for
modeling and verifying the design of privacy-sensitive dynamic coalition
infrastructures and their processes. In order to do so we extend existing
dynamic coalition modeling approaches with an access-control-concept, which
manages access to information through policies. Furthermore we regard the
processes underlying these coalitions and present first works in formalizing
these processes. As a result of the present paper we illustrate the usefulness
of the Abstract State Machine (ASM) method for this task. We demonstrate a
formal treatment of privacy-sensitive dynamic coalitions by two example ASMs
which model certain access control situations. A logical consideration of these
ASMs can lead to a better understanding and a verification of the ASMs
according to the aspired specification.Comment: In Proceedings FAVO 2011, arXiv:1204.579
Closing the loop of SIEM analysis to Secure Critical Infrastructures
Critical Infrastructure Protection is one of the main challenges of last
years. Security Information and Event Management (SIEM) systems are widely used
for coping with this challenge. However, they currently present several
limitations that have to be overcome. In this paper we propose an enhanced SIEM
system in which we have introduced novel components to i) enable multiple layer
data analysis; ii) resolve conflicts among security policies, and discover
unauthorized data paths in such a way to be able to reconfigure network
devices. Furthermore, the system is enriched by a Resilient Event Storage that
ensures integrity and unforgeability of events stored.Comment: EDCC-2014, BIG4CIP-2014, Security Information and Event Management,
Decision Support System, Hydroelectric Da
Property specification and static verification of UML models
We present a static verification tool (SVT), a system that performs static verification on UML models composed of UML class and state machine diagrams. Additionally, the SVT allows the user to add extra behavior specification in the form of guards and effects by defining a small action language. UML models are checked against properties written in a special-purpose property language that allows the user to specify linear temporal logic formulas that explicitly reason about UML components. Thus, the SVT provides a strong foundation for the design of reliable systems and a step towards model-driven security
Agent-Based Simulations of Blockchain protocols illustrated via Kadena's Chainweb
While many distributed consensus protocols provide robust liveness and
consistency guarantees under the presence of malicious actors, quantitative
estimates of how economic incentives affect security are few and far between.
In this paper, we describe a system for simulating how adversarial agents, both
economically rational and Byzantine, interact with a blockchain protocol. This
system provides statistical estimates for the economic difficulty of an attack
and how the presence of certain actors influences protocol-level statistics,
such as the expected time to regain liveness. This simulation system is
influenced by the design of algorithmic trading and reinforcement learning
systems that use explicit modeling of an agent's reward mechanism to evaluate
and optimize a fully autonomous agent. We implement and apply this simulation
framework to Kadena's Chainweb, a parallelized Proof-of-Work system, that
contains complexity in how miner incentive compliance affects security and
censorship resistance. We provide the first formal description of Chainweb that
is in the literature and use this formal description to motivate our simulation
design. Our simulation results include a phase transition in block height
growth rate as a function of shard connectivity and empirical evidence that
censorship in Chainweb is too costly for rational miners to engage in. We
conclude with an outlook on how simulation can guide and optimize protocol
development in a variety of contexts, including Proof-of-Stake parameter
optimization and peer-to-peer networking design.Comment: 10 pages, 7 figures, accepted to the IEEE S&B 2019 conferenc
Supporting user-oriented analysis for multi-view domain-specific visual languages
This is the post-print version of the final paper published in Information and Software Technology. The published article is available from the link below. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. Copyright @ 2008 Elsevier B.V.The integration of usable and flexible analysis support in modelling environments is a key success factor in Model-Driven Development. In this paradigm, models are the core asset from which code is automatically generated, and thus ensuring model correctness is a fundamental quality control activity. For this purpose, a common approach is to transform the system models into formal semantic domains for verification. However, if the analysis results are not shown in a proper way to the end-user (e.g. in terms of the original language) they may become useless.
In this paper we present a novel DSVL called BaVeL that facilitates the flexible annotation of verification results obtained in semantic domains to different formats, including the context of the original language. BaVeL is used in combination with a consistency framework, providing support for all steps in a verification process: acquisition of additional input data, transformation of the system models into semantic domains, verification, and flexible annotation of analysis results.
The approach has been validated analytically by the cognitive dimensions framework, and empirically by its implementation and application to several DSVLs. Here we present a case study of a notation in the area of Digital Libraries, where the analysis is performed by transformations into Petri nets and a process algebra.Spanish Ministry of Education and Science and MODUWEB
International conference on software engineering and knowledge engineering: Session chair
The Thirtieth International Conference on Software Engineering and Knowledge Engineering (SEKE 2018) will be held at the Hotel Pullman, San Francisco Bay, USA, from July 1 to July 3, 2018. SEKE2018 will also be dedicated in memory of Professor Lofti Zadeh, a great scholar, pioneer and leader in fuzzy sets theory and soft computing.
The conference aims at bringing together experts in software engineering and knowledge engineering to discuss on relevant results in either software engineering or knowledge engineering or both. Special emphasis will be put on the transference of methods between both domains. The theme this year is soft computing in software engineering & knowledge engineering. Submission of papers and demos are both welcome
Verifying and Monitoring IoTs Network Behavior using MUD Profiles
IoT devices are increasingly being implicated in cyber-attacks, raising
community concern about the risks they pose to critical infrastructure,
corporations, and citizens. In order to reduce this risk, the IETF is pushing
IoT vendors to develop formal specifications of the intended purpose of their
IoT devices, in the form of a Manufacturer Usage Description (MUD), so that
their network behavior in any operating environment can be locked down and
verified rigorously. This paper aims to assist IoT manufacturers in developing
and verifying MUD profiles, while also helping adopters of these devices to
ensure they are compatible with their organizational policies and track devices
network behavior based on their MUD profile. Our first contribution is to
develop a tool that takes the traffic trace of an arbitrary IoT device as input
and automatically generates the MUD profile for it. We contribute our tool as
open source, apply it to 28 consumer IoT devices, and highlight insights and
challenges encountered in the process. Our second contribution is to apply a
formal semantic framework that not only validates a given MUD profile for
consistency, but also checks its compatibility with a given organizational
policy. We apply our framework to representative organizations and selected
devices, to demonstrate how MUD can reduce the effort needed for IoT acceptance
testing. Finally, we show how operators can dynamically identify IoT devices
using known MUD profiles and monitor their behavioral changes on their network.Comment: 17 pages, 17 figures. arXiv admin note: text overlap with
arXiv:1804.0435
- …