15,009 research outputs found
A model for the analysis of security policies in service function chains
Two emerging architectural paradigms, i.e., Software Defined Networking (SDN)
and Network Function Virtualization (NFV), enable the deployment and management
of Service Function Chains (SFCs). A SFC is an ordered sequence of abstract
Service Functions (SFs), e.g., firewalls, VPN-gateways,traffic monitors, that
packets have to traverse in the route from source to destination. While this
appealing solution offers significant advantages in terms of flexibility, it
also introduces new challenges such as the correct configuration and ordering
of SFs in the chain to satisfy overall security requirements. This paper
presents a formal model conceived to enable the verification of correct policy
enforcements in SFCs. Software tools based on the model can then be designed to
cope with unwanted network behaviors (e.g., security flaws) deriving from
incorrect interactions of SFs in the same SFC
Towards a Semantic-based Approach for Modeling Regulatory Documents in Building Industry
Regulations in the Building Industry are becoming increasingly complex and
involve more than one technical area. They cover products, components and
project implementation. They also play an important role to ensure the quality
of a building, and to minimize its environmental impact. In this paper, we are
particularly interested in the modeling of the regulatory constraints derived
from the Technical Guides issued by CSTB and used to validate Technical
Assessments. We first describe our approach for modeling regulatory constraints
in the SBVR language, and formalizing them in the SPARQL language. Second, we
describe how we model the processes of compliance checking described in the
CSTB Technical Guides. Third, we show how we implement these processes to
assist industrials in drafting Technical Documents in order to acquire a
Technical Assessment; a compliance report is automatically generated to explain
the compliance or noncompliance of this Technical Documents
Recommended from our members
KWM: Knowledge-based Workflow Model for agile organization
The workflow management system (WFMS) in an agile organization should be highly adaptable to the frequent organizational changes. To increase the adaptability of contemporary WFMSs, a mechanism for managing changes within the organizational structure and changes in business rules needs to be reinforced. In this paper, a knowledge-based approach for workflow modeling is proposed, in which a workflow is defined as a set of business rules. Knowledge on the organizational structure and special workflow, such as role/actor mappings and complex routing rules, can be explicitly modeled in KWM (Knowledge-based Workflow Model).
Using knowledge representation scheme and dependency management facility, a change propagation mechanism is provided to adapt to the frequent changes in the organizational structure, business rules, and procedures
Link-time smart card code hardening
This paper presents a feasibility study to protect smart card software against fault-injection attacks by means of link-time code rewriting. This approach avoids the drawbacks of source code hardening, avoids the need for manual assembly writing, and is applicable in conjunction with closed third-party compilers. We implemented a range of cookbook code hardening recipes in a prototype link-time rewriter and evaluate their coverage and associated overhead to conclude that this approach is promising. We demonstrate that the overhead of using an automated link-time approach is not significantly higher than what can be obtained with compile-time hardening or with manual hardening of compiler-generated assembly code
Access control for IoT environments: specification and analysis
2021 Spring.Includes bibliographical references.Smart homes have devices which are prone to attacks as seen in the 2016 Mirai botnet attacks. Authentication and access control form the first line of defense. Towards this end, we propose an attribute-based access control framework for smart homes that is inspired by the Next Generation Access Control (NGAC) model. Policies in a smart home can be complex. Towards this end, we demonstrate how the formal modeling language Alloy can be used for policy analysis. In this work we formally define an IoT environment, express an example security policy in the context of a smart home, and show the policy analysis using Alloy. This work introduces processes for identifying conflicting and redundant rules with respect to a given policy. This work also demonstrates a practical use case for the processes described. In other words, this work formalizes policy rule definition, home IoT environment definition, and rule analysis all in the context of NGAC and Alloy
- …