5 research outputs found
A Typed Model for Dynamic Authorizations
Security requirements in distributed software systems are inherently dynamic.
In the case of authorization policies, resources are meant to be accessed only
by authorized parties, but the authorization to access a resource may be
dynamically granted/yielded. We describe ongoing work on a model for specifying
communication and dynamic authorization handling. We build upon the pi-calculus
so as to enrich communication-based systems with authorization specification
and delegation; here authorizations regard channel usage and delegation refers
to the act of yielding an authorization to another party. Our model includes:
(i) a novel scoping construct for authorization, which allows to specify
authorization boundaries, and (ii) communication primitives for authorizations,
which allow to pass around authorizations to act on a given channel. An
authorization error may consist in, e.g., performing an action along a name
which is not under an appropriate authorization scope. We introduce a typing
discipline that ensures that processes never reduce to authorization errors,
even when authorizations are dynamically delegated.Comment: In Proceedings PLACES 2015, arXiv:1602.0325
Gopi: compiling linear and static channels in go
PTDC/CCI-COM/32166/2017We identify two important features to enhance the design of communication protocols specified in the pi-calculus, that are linear and static channels, and present a compiler, named GoPi, that maps high level specifications into executable Go programs. Channels declared as linear are deadlock-free, while the scope of static channels, which are bound by a hide declaration, does not enlarge at runtime; this is enforced statically by means of type inference, while specifications do not include annotations. Well-behaved processes are transformed into Go code that supports non-deterministic synchronizations and race-freedom. We sketch two main examples involving protection against message forwarding, and forward secrecy, and discuss the features of the tool, and the generated code. We argue that GoPi can support academic activities involving process algebras and formal models, which range from the analysis and testing of concurrent processes for research purposes to teaching formal languages and concurrent systems.publishersversionpublishe
Discovering, quantifying, and displaying attacks
In the design of software and cyber-physical systems, security is often
perceived as a qualitative need, but can only be attained quantitatively.
Especially when distributed components are involved, it is hard to predict and
confront all possible attacks. A main challenge in the development of complex
systems is therefore to discover attacks, quantify them to comprehend their
likelihood, and communicate them to non-experts for facilitating the decision
process. To address this three-sided challenge we propose a protection analysis
over the Quality Calculus that (i) computes all the sets of data required by an
attacker to reach a given location in a system, (ii) determines the cheapest
set of such attacks for a given notion of cost, and (iii) derives an attack
tree that displays the attacks graphically. The protection analysis is first
developed in a qualitative setting, and then extended to quantitative settings
following an approach applicable to a great many contexts. The quantitative
formulation is implemented as an optimisation problem encoded into
Satisfiability Modulo Theories, allowing us to deal with complex cost
structures. The usefulness of the framework is demonstrated on a national-scale
authentication system, studied through a Java implementation of the framework.Comment: LMCS SPECIAL ISSUE FORTE 201
Razvoj i analiza formalnih modela za korišćenje i deljenje resursa u distribuiranim softverskim sistemima
This thesis investigates problems of formal, mathematically based, representation and analysis of controlled usage and sharing of resources in distributed software systems. We present a model for confidential name passing, and a model for controlled resource usage. For the second model we also introduce a type system for performing a static verification that can ensure absence of unauthorized usages of resources in the system.У тези су разматрани проблеми формалног описа и анализе дељења и коришћења ресурса у дистрибуираним софтверским системима. Уведен је један рачун који моделира поверљиво дељење имена и један који моделира контролисано коришћење ресурса. За други модел предложен је и типски систем за статичку проверу који осигурава одсуство неауторизованог коришћења ресурса у систему.U tezi su razmatrani problemi formalnog opisa i analize deljenja i korišćenja resursa u distribuiranim softverskim sistemima. Uveden je jedan račun koji modelira poverljivo deljenje imena i jedan koji modelira kontrolisano korišćenje resursa. Za drugi model predložen je i tipski sistem za statičku proveru koji osigurava odsustvo neautorizovanog korišćenja resursa u sistemu