24 research outputs found
Model-driven Security Engineering for FPGAs
Tato práce obsahuje analýzu a adaptaci vhodných metod zabezpečení, pocházejících
ze softwarové domény, do světa FPGA. Metoda formalizace bezpečnostní výzvy
FPGA je prezentována jazykem FPGASECML, specifickým pro danou doménu,
vhodným pro modelování hrozeb zaměřených na systém a pro formální definování
bezpečnostní politiky. Vytvoření vhodných obranných mechanismů vyžaduje
inteligenci o agentech ohrožení, zejména o jejich motivaci a schopnostech.
Konstrukce založené na FPGA jsou, stejně jako jakýkoli jiný IT systém, vystaveny
různým agentům hrozeb po celou dobu jejich životnosti, což naléhavě vyžaduje
potřebu vhodné a přizpůsobitelné bezpečnostní strategie. Systematická analýza
návrhu založená na konceptu STRIDE poskytuje cenné informace o hrozbách a
požadovaných mechanismech protiopatření. Minimalizace povrchu útoku je jedním
z nezbytných kroků k vytvoření odolného designu. Konvenční paradigmata řízení
přístupu mohou modelovat pravidla řízení přístupu v návrzích FPGA. Výběr
vhodného závisí na složitosti a bezpečnostních požadavcích návrhu.
Formální popis architektury FPGA a bezpečnostní politiky podporuje přesnou
definici aktiv a jejich možných, povolených a zakázaných interakcí. Odstraňuje
nejednoznačnost z modelu hrozby a zároveň poskytuje plán implementace. Kontrola
modelu může být použita k ověření, zda a do jaké míry, je návrh v souladu s
uvedenou bezpečnostní politikou. Přenesení architektury do vhodného modelu a
bezpečnostní politiky do ověřitelných logických vlastností může být, jak je uvedeno v
této práci, automatizované, zjednodušující proces a zmírňující jeden zdroj chyb.
Posílení učení může identifikovat potenciální slabiny a kroky, které může útočník
podniknout, aby je využil. Některé metody zde uvedené mohou být použitelné také
v jiných doménách.ObhájenoThe thesis provides an analysis and adaptation of appropriate security methods from the
software domain into the FPGA world and combines them with formal verification
methods and machine learning techniques.
The deployment of appropriate defense mechanisms requires intelligence about the threat
agents, especially their motivation and capabilities. FPGA based designs are, like any other
IT system, exposed to different threat agents throughout the systems lifetime, urging the
need for a suitable and adaptable security strategy. The systematic analysis of the design,
based on the STRIDE concept, provides valuable insight into the threats and the mandated
counter mechanisms. Minimizing the attack surface is one essential step to create a resilient
design. Conventional access control paradigms can model access control rules in FPGA
designs and thereby restrict the exposure of sensitive elements to untrustworthy ones.
A method to formalize the FPGA security challenge is presented. FPGASECML is a
domain-specific language, suitable for dataflow-centric threat modeling as well as the formal
definition of an enforceable security policy. The formal description of the FPGA
architecture and the security policy promotes a precise definition of the assets and their
possible, allowed, and prohibited interactions. Formalization removes ambiguity from the
threat model while providing a blueprint for the implementation.
Model transformations allow the application of dedicated and proven tools to answer
specific questions while minimizing the workload for the user. Model-checking can be
applied to verify if, and to a certain degree when, a design complies with the stated security
policy. Transferring the architecture into a suitable model and the security policy into
verifiable logic properties can be, as demonstrated in the thesis, automated, simplifying the
process and mitigating one source of error. Reinforcement learning, a machine learning
method, can identify potential weaknesses and the steps an attacker may take to exploit
them. The approach presented uses a Markov Decision Process in combination with a Qlearning
algorithm
Synthesis from multi-paradigm specifications
This work proposes a language for describing reactive synthesis problems that integrates imperative and declarative elements. The semantics is defined in terms of two-player turn-based infinite games with full information. Currently, synthesis tools accept linear temporal logic (LTL) as input, but this description is less structured and does not facilitate the expression of sequential constraints. This motivates the use of a structured programming language to specify synthesis problems. Transition systems and guarded commands serve as imperative constructs, expressed in a syntax based on that of the modeling language Promela. The syntax allows defining which player controls data and control flow, and separating a program into assumptions and guarantees. These notions are necessary for input to game solvers. The integration of imperative and declarative paradigms allows using the paradigm that is most appropriate for expressing each requirement. The declarative part is expressed in the LTL fragment of generalized reactivity(1), which admits efficient synthesis algorithms. The implementation translates Promela to input for the Slugs synthesizer and is written in Python
Developing a distributed electronic health-record store for India
The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India
Formal Methods for Autonomous Systems
Formal methods refer to rigorous, mathematical approaches to system
development and have played a key role in establishing the correctness of
safety-critical systems. The main building blocks of formal methods are models
and specifications, which are analogous to behaviors and requirements in system
design and give us the means to verify and synthesize system behaviors with
formal guarantees.
This monograph provides a survey of the current state of the art on
applications of formal methods in the autonomous systems domain. We consider
correct-by-construction synthesis under various formulations, including closed
systems, reactive, and probabilistic settings. Beyond synthesizing systems in
known environments, we address the concept of uncertainty and bound the
behavior of systems that employ learning using formal methods. Further, we
examine the synthesis of systems with monitoring, a mitigation technique for
ensuring that once a system deviates from expected behavior, it knows a way of
returning to normalcy. We also show how to overcome some limitations of formal
methods themselves with learning. We conclude with future directions for formal
methods in reinforcement learning, uncertainty, privacy, explainability of
formal methods, and regulation and certification
ENSURING SPECIFICATION COMPLIANCE, ROBUSTNESS, AND SECURITY OF WIRELESS NETWORK PROTOCOLS
Several newly emerged wireless technologies (e.g., Internet-of-Things, Bluetooth, NFC)—extensively backed by the tech industry—are being widely adopted and have resulted in a proliferation of diverse smart appliances and gadgets (e.g., smart thermostat, wearables, smartphones), which has ensuingly shaped our modern digital life. These technologies include several communication protocols that usually have stringent requirements stated in their specifications. Failing to comply with such requirements can result in incorrect behaviors, interoperability issues, or even security vulnerabilities. Moreover, lack of robustness of the protocol implementation to malicious attacks—exploiting subtle vulnerabilities in the implementation—mounted by the compromised nodes in an adversarial environment can limit the practical utility of the implementation by impairing the performance of the protocol and can even have detrimental effects on the availability of the network. Even having a compliant and robust implementation alone may not suffice in many cases because these technologies often expose new attack surfaces as well as new propagation vectors, which can be exploited by unprecedented malware and can quickly lead to an epidemic
Using probabilistic model checking to balance games
In this thesis, we consider problem areas in game development and use probabilistic model checking to address them. In particular, we address the problem of multiplayer game balancing and introduce an approach called Chained Strategy Generation (CSG). This technique uses model checking to generate synthetic player data representing a game-playing community moving between effective strategies. The results of CSG mimic the metagame, an ever-evolving state of play describing the players’ collective understanding of what strategies are effective. We expand upon CSG with optimality networks, a visualisation that compares game material and can be used to show that a game exhibits certain qualities necessary for balance.
We demonstrate our approach using a purpose-built mobile game (RPGLite). We initially balanced RPGLite using our technique and collected data from real world players via the mobile app. The application and its development are described in detail. The gathered data is then used to show that the model checking did lead to a well-balanced game. We compare the analysis performed from model checking to the gameplay data and refine the baseline qualities of a balanced game which model checking can be used to guarantee.
We show how the collected data via the mobile app can be used in conjunction with the prior model checking to calculate action-costs – the difference between the value of the action chosen and the best action available. We use action-costs to evaluate player skill and to consider other factors of the game