6 research outputs found
Lazy Security Controllers
A security controller follows the execution of a target to identify and prevent security violations. Eective controllers proactively observe a full execution of a target and, in case of a security violation, either interrupt or modify its original behaviour. Beyond the theoretical aspects, the assumption that a controller can observe the entire execution of its target might be restrictive in several practical cases. In this paper we dene lazy controllers, a category of security controllers which can schedule observation points over the target execution. Finding an optimal scheduling strategy is non-trivial in general. Indeed, a lazy controller could miss security-sensitive observations. Also, we propose synthesis strategies applicable to (i) non-deterministic targets with non-instantaneous actions, (ii) probabilistic targets modelled as Discrete Time Markov Chains and (iii) stochastic targets modelled as Continuous Time Markov Chains. In each case we give an analytical characterization of the probability that the lazy controller misses the detection of a violation
There are Two Sides to Every Question - Controller Versus Attacker.
We investigate security enforcement mechanisms that run in parallel with a system; the aim is to check and modify the run-time behaviour of a possible attacker in order to guarantee that the system satisfies some security policies. We focus on a CSP-like quantitative process-algebra to model such processes. Weights on actions are modelled with semirings, which represent a parametric structure where to cast different metrics. The basic tools are represented by a quantitative logic and a model checking function. First, the behaviour of the system is removed from the parallel computation with respect to some security property to be satisfied. Secondly, what remains is refined in two formulas with respect to the given operator executed by a controller. The result describes what a controller has to do to prevent a given attack
A Plug-in Tiny AI Module for Intelligent and Selective Sensor Data Transmission
Applications in the Internet of Things (IoT) utilize machine learning to
analyze sensor-generated data. However, a major challenge lies in the lack of
targeted intelligence in current sensing systems, leading to vast data
generation and increased computational and communication costs. To address this
challenge, we propose a novel sensing module to equip sensing frameworks with
intelligent data transmission capabilities by integrating a highly efficient
machine learning model placed near the sensor. This model provides prompt
feedback for the sensing system to transmit only valuable data while discarding
irrelevant information by regulating the frequency of data transmission. The
near-sensor model is quantized and optimized for real-time sensor control. To
enhance the framework's performance, the training process is customized and a
"lazy" sensor deactivation strategy utilizing temporal information is
introduced. The suggested method is orthogonal to other IoT frameworks and can
be considered as a plugin for selective data transmission. The framework is
implemented, encompassing both software and hardware components. The
experiments demonstrate that the framework utilizing the suggested module
achieves over 85% system efficiency in terms of energy consumption and storage,
with negligible impact on performance. This methodology has the potential to
significantly reduce data output from sensors, benefiting a wide range of IoT
applications.Comment: 14 pages, 6 figure
Quantitative evaluation of enforcement strategies
In Security, monitors and enforcement mechanisms run in parallel with programs to check, and modify their run-time behaviour, respectively, in order to guarantee the satisfaction of a security policy. For the same pol- icy, several enforcement strategies are possible. We provide a framework for quantitative monitoring and enforcement. Enforcement strategies are analysed according to user-dened parameters. This is done by extending the notion controller processes, that mimics the well-known edit automata, with weights on transitions, valued in a C-semiring. C-semirings permit one to be exible and general in the quantitative criteria. Furthermore, we provide some examples of orders on controllers that are evaluated under incomparable criteria
Lazy security controllers
Security controllers follow the execution of the target systems to prevent security violations. In fact, by proactively observing the target, they are able to catch security violations before they occur and act consequently, such as by interrupting the execution. In this paper we define a novel category of security controllers called lazy controllers, a conservative extension of standard controllers which routinely suspend the observation of the target for different time spans, in order to reduce the cost of monitoring and increase performance, at the expense of the possibility of missing a violation. We show how a proactive truncation controller can be extended to the lazy setting, and we formally characterize the relation between the length of suspended time spans and the actual violation risk, which constitutes the formal ground of our approach. This allows the actual time of suspension to be determined according to a given maximum bearable risk. Precisely, we formally investigate three classes of systems, namely non-deterministic, probabilistic, and stochastic systems. \ua9 Springer-Verlag Berlin Heidelberg 2013