216 research outputs found
DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees
This paper presents the current state of the art on attack and defense
modeling approaches that are based on directed acyclic graphs (DAGs). DAGs
allow for a hierarchical decomposition of complex scenarios into simple, easily
understandable and quantifiable actions. Methods based on threat trees and
Bayesian networks are two well-known approaches to security modeling. However
there exist more than 30 DAG-based methodologies, each having different
features and goals. The objective of this survey is to present a complete
overview of graphical attack and defense modeling techniques based on DAGs.
This consists of summarizing the existing methodologies, comparing their
features and proposing a taxonomy of the described formalisms. This article
also supports the selection of an adequate modeling technique depending on user
requirements
Interim research assessment 2003-2005 - Computer Science
This report primarily serves as a source of information for the 2007 Interim Research Assessment Committee for Computer Science at the three technical universities in the Netherlands. The report also provides information for others interested in our research activities
On the connection of probabilistic model checking, planning, and learning for system verification
This thesis presents approaches using techniques from the model checking, planning, and learning community to make systems more reliable and perspicuous. First, two heuristic search and dynamic programming algorithms are adapted to be able to check extremal reachability probabilities, expected accumulated rewards, and their bounded versions, on general Markov decision processes (MDPs). Thereby, the problem space originally solvable by these algorithms is enlarged considerably. Correctness and optimality proofs for the adapted algorithms are given, and in a comprehensive case study on established benchmarks it is shown that the implementation, called Modysh, is competitive with state-of-the-art model checkers and even outperforms them on very large state spaces. Second, Deep Statistical Model Checking (DSMC) is introduced, usable for quality assessment and learning pipeline analysis of systems incorporating trained decision-making agents, like neural networks (NNs). The idea of DSMC is to use statistical model checking to assess NNs resolving nondeterminism in systems modeled as MDPs. The versatility of DSMC is exemplified in a number of case studies on Racetrack, an MDP benchmark designed for this purpose, flexibly modeling the autonomous driving challenge. In a comprehensive scalability study it is demonstrated that DSMC is a lightweight technique tackling the complexity of NN analysis in combination with the state space explosion problem.Diese Arbeit präsentiert Ansätze, die Techniken aus dem Model Checking, Planning und Learning Bereich verwenden, um Systeme verlässlicher und klarer verständlich zu machen. Zuerst werden zwei Algorithmen für heuristische Suche und dynamisches Programmieren angepasst, um Extremwerte für Erreichbarkeitswahrscheinlichkeiten, Erwartungswerte für Kosten und beschränkte Varianten davon, auf generellen Markov Entscheidungsprozessen (MDPs) zu untersuchen. Damit wird der Problemraum, der ursprünglich mit diesen Algorithmen gelöst wurde, deutlich erweitert. Korrektheits- und Optimalitätsbeweise für die angepassten Algorithmen werden gegeben und in einer umfassenden Fallstudie wird gezeigt, dass die Implementierung, namens Modysh, konkurrenzfähig mit den modernsten Model Checkern ist und deren Leistung auf sehr großen Zustandsräumen sogar übertrifft. Als Zweites wird Deep Statistical Model Checking (DSMC) für die Qualitätsbewertung und Lernanalyse von Systemen mit integrierten trainierten Entscheidungsgenten, wie z.B. neuronalen Netzen (NN), eingeführt. Die Idee von DSMC ist es, statistisches Model Checking zur Bewertung von NNs zu nutzen, die Nichtdeterminismus in Systemen, die als MDPs modelliert sind, auflösen. Die Vielseitigkeit des Ansatzes wird in mehreren Fallbeispielen auf Racetrack gezeigt, einer MDP Benchmark, die zu diesem Zweck entwickelt wurde und die Herausforderung des autonomen Fahrens flexibel modelliert. In einer umfassenden Skalierbarkeitsstudie wird demonstriert, dass DSMC eine leichtgewichtige Technik ist, die die Komplexität der NN-Analyse in Kombination mit dem State Space Explosion Problem bewältigt
Semantic framework for regulatory compliance support
Regulatory Compliance Management (RCM) is a management process, which an organization
implements to conform to regulatory guidelines. Some processes that contribute towards
automating RCM are: (i) extraction of meaningful entities from the regulatory text and (ii)
mapping regulatory guidelines with organisational processes. These processes help in updating
the RCM with changes in regulatory guidelines. The update process is still manual since there
are comparatively less research in this direction. The Semantic Web technologies are potential
candidates in order to make the update process automatic. There are stand-alone frameworks
that use Semantic Web technologies such as Information Extraction, Ontology Population,
Similarities and Ontology Mapping. However, integration of these innovative approaches in
the semantic compliance management has not been explored yet. Considering these two
processes as crucial constituents, the aim of this thesis is to automate the processes of RCM. It
proposes a framework called, RegCMantic.
The proposed framework is designed and developed in two main phases. The first part of the
framework extracts the regulatory entities from regulatory guidelines. The extraction of
meaningful entities from the regulatory guidelines helps in relating the regulatory guidelines
with organisational processes. The proposed framework identifies the document-components
and extracts the entities from the document-components. The framework extracts important
regulatory entities using four components: (i) parser, (ii) definition terms, (iii) ontological
concepts and (iv) rules. The parsers break down a sentence into useful segments. The
extraction is carried out by using the definition terms, ontological concepts and the rules in the
segments. The entities extracted are the core-entities such as subject, action and obligation, and
the aux-entities such as time, place, purpose, procedure and condition.
The second part of the framework relates the regulatory guidelines with organisational
processes. The proposed framework uses a mapping algorithm, which considers three types of
Abstract
3
entities in the regulatory-domain and two types of entities in the process-domains. In the
regulatory-domain, the considered entities are regulation-topic, core-entities and aux-entities.
Whereas, in the process-domain, the considered entities are subject and action. Using these
entities, it computes aggregation of three types of similarity scores: topic-score, core-score and
aux-score. The aggregate similarity score determines whether a regulatory guideline is related
to an organisational process.
The RegCMantic framework is validated through the development of a prototype system. The
prototype system implements a case study, which involves regulatory guidelines governing the
Pharmaceutical industries in the UK. The evaluation of the results from the case-study has
shown improved accuracy in extraction of the regulatory entities and relating regulatory
guidelines with organisational processes. This research has contributed in extracting
meaningful entities from regulatory guidelines, which are provided in unstructured text and
mapping the regulatory guidelines with organisational processes semantically
- …