Security Programming with High-Level Abstractions: a Tutorial (Extended Abstract)

The specification of security protocols with high-level programming abstractions, suited for security analysis and verification, has been advocated by the formal methods for security research community. Based on these principles of application design, we developed a tutorial to introduce undergraduate students to the foundations of security programming. The main pedagogical goal of this tutorial is to teach, in a simple and effective way, how to build secure distributed applications using common cryptographic primitives abstracting from their low-level details. The tutorial is aimed at helping the students to grasp quickly the main security concepts and to apply them effectively to the coding of distributed programs implementing security properties like authentication and secrecy. As programming is one of the main skills required by the cybersecurity industry, we believe that this tutorial can contribute to the professional development of future graduates

Security Programming with High-Level Abstractions: a Tutorial (Extended Abstract)

The specification of security protocols with high-level programming abstractions, suited for security analysis and verification, has been advocated by the formal methods for security research community. Based on these principles of application design, we developed a tutorial to introduce undergraduate students to the foundations of security programming. The main pedagogical goal of this tutorial is to teach, in a simple and effective way, how to build secure distributed applications using common cryptographic primitives abstracting from their low-level details. The tutorial is aimed at helping the students to grasp quickly the main security concepts and to apply them effectively to the coding of distributed programs implementing security properties like authentication and secrecy. As programming is one of the main skills required by the cybersecurity industry, we believe that this tutorial can contribute to the professional development of future graduates

AnBx - Security Protocols Design and Verification

Designing distributed protocols is challenging, as it requires actions at very different levels: from the choice of network-level mechanisms to protect the exchange of sensitive data, to the definition of structured interaction patterns to convey application-specific guarantees. Current security infrastructures provide very limited support for the specification of such guarantees. As a consequence, the high-level security properties of a protocol typically must often be hard-coded explicitly, in terms of low-level cryptographic notions and devices which clutter the design and undermine its scalability and robustness. To counter these problems, we propose an extended Alice & Bob notation for protocol narrations (AnBx) to be employed for a purely declarative modelling of distributed protocols. These abstractions provide a compact specification of the high-level security guarantees they convey, and help shield the design from the details of the underlying cryptographic infrastructure. We discuss an implementation of the abstractions based on a translation from the AnBx notation to the AnB language supported by the OFMC [1,2] verification tool. We show the practical effectiveness of our approach by revisiting the iKP e-payment protocols, and showing that the security goals achieved by our declarative specification outperform those offered by the original protocols

Channel Abstractions for Network Security

Process algebraic techniques for distributed systems are increasingly being targeted at identifying abstractions adequate both for high-level programming and specification, and for security analysis and verification. Drawing on our earlier work in [Bugliesi & Focardi 2008] F08}, we investigate the expressive power of a core set of security and network abstractions that provide high-level primitives for the specifications of the honest principals in a network, while at the same time enabling an analysis of the network-level adversarial attacks that may be mounted by an intruder. We analyze various bisimulation equivalences for security, arising from endowing the intruder with (i) different adversarial capabilities and (ii) increasingly powerful control on the interaction among the distributed principals of a network. By comparing the relative strength of the bisimulation equivalences, we obtain a direct measure of the discriminating power of the intruder, hence of the expressiveness of the corresponding intruder model

Automatic Generation of Security Protocols Attacks Specifications and Implementations

Confidence in a communication protocol’s security is a key requirement for its deployment and long-term maintenance. Checking if a vulnerability exists and is exploitable requires extensive expertise. The research community has advocated for a systematic approach with formal methods to model and automatically test a protocol against a set of desired security properties. As verification tools reach conclusions, the applicability of their results still requires expert scrutiny. We propose a code generation approach to automatically build both an abstract specification and a concrete implementation of a Dolev-Yao intruder from an abstract attack trace, bridging the gap between theoretical attacks discovered by formal means and practical ones. Through our case studies, we focus on attack traces from the OFMC model checker, Alice&Bob specifications and Java implementations. We introduce a proof-of-concept workflow for concrete attack validation that allows to conveniently integrate, in a user-friendly way, formal methods results into a Model-Driven Development process and at the same time automatically generate a program that allows to demonstrate the attack in practice. In fact, in this contribution, we produce high-level and concrete attack narrations that are both human and machine readable

Broker-based service-oriented content adaptation framework

Electronic documents are becoming increasingly rich in content and varied in format and structure. At the same time, user preferences vary towards the contents and their devices are getting increasingly varied in capabilities. This mismatch between rich contents and user preferences along with the end device capability presents a challenge in providing ubiquitous access to these contents. Content adaptation is primarily used to bridge the mismatch by providing users with contents that is tailored to the given contexts e.g., device capability, preferences, or network bandwidth. Existing content adaptation systems employing these approaches such as client-side, server-side or proxy-side adaptation, operate in isolation, often encounter limited adaptation functionality, get overload if too many concurrent users and open to single point of failure, thus limiting the scope and scale of their services. To move beyond these shortcomings, this thesis establishes the basis for developing content adaptation solutions that are efficient and scalable. It presents a framework to enable content adaptation to be consumed as Web services provided by third-party service providers, which is termed as “service-oriented content adaptation”. Towards this perspective, this thesis addresses five key issues – how to enable content adaptation as services (serviceoriented framework); how to locate services in the network (service discovery protocol); how to select best possible services (path determination); how to provide quality assurance (service level agreement (SLA) framework); and how to negotiate quality of service (QoS negotiation). Specifically, we have: (i) identified the key research challenges for service-oriented content adaptation, along with a systematic understanding of the content adaptation research spectrum, captured in a taxonomy of content adaptation systems; (ii) developed an architectural framework that provides the basis for enabling content adaptation as Web services, providing the facilities to serve clients’ content adaptation requests through the client-side brokering; (iii) developed a service discovery protocol, by taking into account the searching space, searching time, match type of the services and physical location of the service providers; (iv) developed a mechanism to choose the best possible combination of services to serve a given content adaptation request, considering QoS levels offered; (v) developed an architectural framework that provides the basis for managing quality through the conceptualization of service level agreement; and (vi) introduced a strategy for QoS negotiation between multiple brokers and service providers, by taking into account the incoming requests and server utilization and, thus requiring the basis of determining serving priority and negotiating new QoS levels. The performance of the proposed solutions are compared with other competitive solutions and shown to be substantially better

Wedding planner in a box

Marriage describes the connection of two souls who promise to become one heart. Everyone dreams their marriage to be nearly perfect and that will happen only if they are able to make their wedding plan with best packages. In this busy world, many couples delay their wedding mainly because of high budget required to meet their dream wedding ceremony. Wedding ceremony requires careful and meticulous planning from many aspects such as choosing the food, make up, decoration, and gifts

Channel Abstractions for Network Security

Process algebraic techniques for distributed systems are increasingly being targeted at identifying abstractions adequate both for high-level programming and specification, and for security analysis and verification. Drawing on our earlier work in [Bugliesi & Focardi 2008] F08}, we investigate the expressive power of a core set of security and network abstractions that provide high-level primitives for the specifications of the honest principals in a network, while at the same time enabling an analysis of the network-level adversarial attacks that may be mounted by an intruder. We analyze various bisimulation equivalences for security, arising from endowing the intruder with (i) different adversarial capabilities and (ii) increasingly powerful control on the interaction among the distributed principals of a network. By comparing the relative strength of the bisimulation equivalences, we obtain a direct measure of the discriminating power of the intruder, hence of the expressiveness of the corresponding intruder model