12 research outputs found
Quantitative Analysis of Information Leakage in Probabilistic and Nondeterministic Systems
This thesis addresses the foundational aspects of formal methods for
applications in security and in particular in anonymity. More concretely, we
develop frameworks for the specification of anonymity properties and propose
algorithms for their verification. Since in practice anonymity protocols always
leak some information, we focus on quantitative properties, which capture the
amount of information leaked by a protocol.
The main contribution of this thesis is cpCTL, the first temporal logic that
allows for the specification and verification of conditional probabilities
(which are the key ingredient of most anonymity properties). In addition, we
have considered several prominent definitions of information-leakage and
developed the first algorithms allowing us to compute (and even approximate)
the information leakage of anonymity protocols according to these definitions.
We have also studied a well-known problem in the specification and analysis of
distributed anonymity protocols, namely full-information scheduling. To
overcome this problem, we have proposed an alternative notion of scheduling and
adjusted accordingly several anonymity properties from the literature. Our last
major contribution is a debugging technique that helps on the detection of
flaws in security protocols.Comment: thesis, ISBN: 978-94-91211-74-
Quantitative Analysis of Opacity in Cloud Computing Systems
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Federated cloud systems increase the reliability and reduce the cost of the computational support.
The resulting combination of secure private clouds and less secure public clouds, together with the fact that resources need to be located within different clouds, strongly affects the information flow security of the entire system. In this paper, the clouds as well as entities of a federated cloud system are
assigned security levels, and a probabilistic flow sensitive security model for a federated cloud system is proposed. Then the notion of opacity --- a notion capturing the security of information flow ---
of a cloud computing systems is introduced, and different variants of quantitative analysis of opacity are presented. As a result, one can track the information flow in a cloud system, and analyze the impact of different resource allocation strategies by quantifying the corresponding opacity characteristics
Opacity in Internet of Things with Cloud Computing
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Internet of Things (IoT) with Cloud Computing (CC) is a new paradigm incorporating a pervasive presence of a wide range of things/objects which can interact with each other and cooperate, creating new services and reaching common goals. This will lead to more intelligent smart environments in a wide range of applications. In this context, protecting the Internet of Things with Cloud Computing (IoTwCC) against interference, including service attacks and viruses, becomes paramount. In this paper, we introduce a transition system representation to capture the information flow in IoTwCCs, and then investigate the opacity of the information flow model. In addition, we introduce a threat model to describe the actions of the system, and propose entropy as a security metrics to quantify the amount of information related to a service that might be exposed to other users or adversaries. It turns out that the opacity of the system is affected by the availability of the services. As a result, the trade-off between opacity and service availability can be analyzed
Effective verification of confidentiality for multi-threaded programs
This paper studies how confidentiality properties of multi-threaded programs can be verified efficiently by a combination of newly developed and existing model checking algorithms. In particular, we study the verification of scheduler-specific observational determinism (SSOD), a property that characterizes secure information flow for multi-threaded programs under a given scheduler. Scheduler-specificness allows us to reason about refinement attacks, an important and tricky class of attacks that are notorious in practice. SSOD imposes two conditions: (SSOD-1)~all individual public variables have to evolve deterministically, expressed by requiring stuttering equivalence between the traces of each individual public variable, and (SSOD-2)~the relative order of updates of public variables is coincidental, i.e., there always exists a matching trace. \ud
\ud
We verify the first condition by reducing it to the question whether all traces of \ud
each public variable are stuttering equivalent. \ud
To verify the second condition, we show how\ud
the condition can be translated, via a series of steps, \ud
into a standard strong bisimulation problem. \ud
Our verification techniques can be easily\ud
adapted to verify other formalizations of similar information flow properties.\ud
\ud
We also exploit counter example generation techniques to synthesize attacks for insecure programs that fail either SSOD-1 or SSOD-2, i.e., showing how confidentiality \ud
of programs can be broken
Maximizing the Conditional Expected Reward for Reaching the Goal
The paper addresses the problem of computing maximal conditional expected
accumulated rewards until reaching a target state (briefly called maximal
conditional expectations) in finite-state Markov decision processes where the
condition is given as a reachability constraint. Conditional expectations of
this type can, e.g., stand for the maximal expected termination time of
probabilistic programs with non-determinism, under the condition that the
program eventually terminates, or for the worst-case expected penalty to be
paid, assuming that at least three deadlines are missed. The main results of
the paper are (i) a polynomial-time algorithm to check the finiteness of
maximal conditional expectations, (ii) PSPACE-completeness for the threshold
problem in acyclic Markov decision processes where the task is to check whether
the maximal conditional expectation exceeds a given threshold, (iii) a
pseudo-polynomial-time algorithm for the threshold problem in the general
(cyclic) case, and (iv) an exponential-time algorithm for computing the maximal
conditional expectation and an optimal scheduler.Comment: 103 pages, extended version with appendices of a paper accepted at
TACAS 201
Quantitative analysis of distributed systems
PhD ThesisComputing Science addresses the security of real-life systems by using
various security-oriented technologies (e.g., access control solutions
and resource allocation strategies). These security technologies
signficantly increase the operational costs of the organizations in
which systems are deployed, due to the highly dynamic, mobile and
resource-constrained environments. As a result, the problem of designing
user-friendly, secure and high efficiency information systems
in such complex environment has become a major challenge for the
developers.
In this thesis, firstly, new formal models are proposed to analyse the
secure information
flow in cloud computing systems. Then, the opacity of work
flows in cloud computing systems is investigated, a threat
model is built for cloud computing systems, and the information leakage
in such system is analysed. This study can help cloud service
providers and cloud subscribers to analyse the risks they take with
the security of their assets and to make security related decision.
Secondly, a procedure is established to quantitatively evaluate the
costs and benefits of implementing information security technologies.
In this study, a formal system model for data resources in a dynamic
environment is proposed, which focuses on the location of different
classes of data resources as well as the users. Using such a model, the
concurrent and probabilistic behaviour of the system can be analysed.
Furthermore, efficient solutions are provided for the implementation of
information security system based on queueing theory and stochastic
Petri nets. This part of research can help information security officers
to make well judged information security investment decisions
Information Hiding in Probabilistic Concurrent Systems
Contains fulltext :
84305.pdf (preprint version ) (Open Access)Qest 2010, 15 september 201
Information Hiding in Probabilistic Concurrent Systems
Information hiding is a general concept which refers to the goal of preventing an adversary to infer secret information from the observables. Anonymity and Information Flow are examples of this notion. We study the problem of information hiding in systems characterized by the presence of randomization and concurrency. It is well known that the raising of nondeterminism, due to the possible interleavings and interactions of the parallel components, can cause unintended information leaks. One way to solve this problem is to fix the strategy of the scheduler beforehand. In this work, we propose a milder restriction on the schedulers, and we define the notion of strong (probabilistic) information hiding under various notions of observables. Furthermore, we propose a method, based on the notion of automorphism, to verify that a system satisfies the property of strong information hiding, namely strong anonymity or no-interference, depending on the context