Modelling, Verification, and Formal Analysis of Security Properties in a P2P System

International audienceWe present a security analysis of the SPREADS 1 system, a distributed storage service based on a centralized peer-to-peer architecture. We formally modelled the salient behavior of the actual system using ABCD, a high level specification language with a coloured Petri net semantics, which allowed the execution states of the system to be verified. We verified the behavior of the system in the presence of an external Dolev-Yao attacker, unearthing some replay attacks in the original system. Furthermore, since the implementation is also a formal model, we have been able to show that any execution of the model satisfies certain desirable security properties once these flaws are repaired

A static analysis framework for security properties in mobile and cryptographic systems

We introduce a static analysis framework for detecting instances of security breaches in infinite mobile and cryptographic systems specified using the languages of the 7r-calculus and its cryptographic extension, the spi calculus. The framework is composed from three components: First, standard denotational semantics of the 7r-calculus and the spi calculus are constructed based on domain theory. The resulting model is sound and adequate with respect to transitions in the operational semantics. The standard semantics is then extended correctly to non-uniformly capture the property of term substitution, which occurs as a result of communications and successful cryptographic operations. Finally, the non-standard semantics is abstracted to operate over finite domains so as to ensure the termination of the static analysis. The safety of the abstract semantics is proven with respect to the nonstandard semantics. The results of the abstract interpretation are then used to capture breaches of the secrecy and authenticity properties in the analysed systems. Two initial prototype implementations of the security analysis for the 7r-calculus and the spi calculus are also included in the thesis. The main contributions of this thesis are summarised by the following. In the area of denotational semantics, the thesis introduces a domain-theoretic model for the spi calculus that is sound and adequate with respect to transitions in the structural operational semantics. In the area of static program analysis, the thesis utilises the denotational approach as the basis for the construction of abstract interpretations for infinite systems modelled by the 7r-calculus and the spi calculus. This facilitates the use of computationally significant mathematical concepts like least fixed points and results in an analysis that is fully compositional. Also, the thesis demonstrates that the choice of the term-substitution property in mobile and cryptographic programs is rich enough to capture breaches of security properties, like process secrecy and authenticity. These properties are used to analyse a number of mobile and cryptographic protocols, like the file transfer protocol and the Needham-Schroeder, SPLICE/AS, Otway-Rees, Kerberos, Yahalom and Woo Lam authentication protocols

Software Product Line

The Software Product Line (SPL) is an emerging methodology for developing software products. Currently, there are two hot issues in the SPL: modelling and the analysis of the SPL. Variability modelling techniques have been developed to assist engineers in dealing with the complications of variability management. The principal goal of modelling variability techniques is to configure a successful software product by managing variability in domain-engineering. In other words, a good method for modelling variability is a prerequisite for a successful SPL. On the other hand, analysis of the SPL aids the extraction of useful information from the SPL and provides a control and planning strategy mechanism for engineers or experts. In addition, the analysis of the SPL provides a clear view for users. Moreover, it ensures the accuracy of the SPL. This book presents new techniques for modelling and new methods for SPL analysis

A virtual factory for smart city service integration

Tese de Doutoramento em Informática (MAP-i)In the context of smart cities, governments are investing efforts on creating public value through the development of digital public services (DPS) focusing on specific policy areas, such as transport. Main motivations to deliver DPS include reducing administrative burdens and costs, increasing effectiveness and efficiency of government processes, and improving citizens’ quality of life through enhanced services and simplified interactions with governments. To ensure effective planning and design of DPS in a given domain, governments face several challenges, like the need of specialized tools to facilitate the effective planning and the rapid development of DPS, as well as, tools for service integration, affording high development costs, and ensuring DPS conform with laws and regulations. These challenges are exacerbated by the fact that many public administrations develop tailored DPS, disregarding the fact that services share common functionality and business processes. To address the above challenges, this thesis focuses on leveraging the similarities of DPS and on applying a Software Product Line (SPL) approach combined with formal methods techniques for specifying service models and verifying their behavioural properties. In particular, the proposed solution introduces the concept of a virtual factory for the planning and rapid development of DPS in a given smart city domain. The virtual factory comprises a framework including software tools, guidelines, practices, models, and other artefacts to assist engineers to automate and make more efficient the development of a family of DPS. In this work the virtual factory is populated with tools for government officials and software developers to plan and design smart mobility services, and to rapidly model DPS relying on SPLs and components-base development techniques. Specific contributions of the thesis include: 1) the concept of virtual factory; 2) a taxonomy for planning and designing smart mobility services; 3) an ontology to fix a common vocabulary for a specific family of DPS; 4) a compositional formalism to model SPLs, to serve as a specification language for DPS; and 5) a variable semantics for a coordination language to simplify coordination of services in the context of SPLs.No contexto das cidades inteligentes, os governos investem esforços na criação de valor público através do desenvolvimento de serviços públicos digitais (DPS), concentrandose em áreas políticas específicas, como os transportes. As principais motivações para entregar o DPS incluem a redução de custos administrativos, o aumento da eficácia dos processos do governo e a melhoria da qualidade de vida dos cidadãos através de serviços melhorados e interações simplificadas com os governos. Para garantir um planeamento efetivo do DPS num determinado domínio, os governos enfrentam vários desafios, como a necessidade de ferramentas especializadas para facilitar o planeamento eficaz e o rápido desenvolvimento do DPS, bem como ferramentas para integração de DPS, reduzindo altos custos de desenvolvimento e garantindo que os DPS estejam em conformidade com as leis e regulamentos. Esses desafios são exacerbados pelo fato de que muitas administrações públicas desenvolvem o DPS sob medida, desconsiderando o fato de que os serviços compartilham funcionalidade e processos de negócios comuns. Para enfrentar os desafios, esta tese concentra-se em aproveitar as semelhanças dos DPS aplicando uma abordagem de Software Product Lines (SPL) combinada com métodos formais para especificar modelos de DPS e verificar propriedades. Em particular, introduz o conceito de uma fábrica virtual (VF) para o planeamento e desenvolvimento rápido de DPS num domínio de cidade inteligente. A VF compreende ferramentas de software, diretrizes, modelos e outros artefatos para auxiliar os engenheiros a automatizar e tornar mais eficiente o desenvolvimento de uma família de DPS. Neste trabalho, a VF é preenchida com ferramentas para várias partes para planear e projetar serviços de mobilidade inteligente (MI), e modelar rapidamente o DPS com base em SPLs e técnicas de desenvolvimento baseadas em componentes. Contribuições específicas da tese incluem: 1) o conceito de VF; 2) uma taxonomia para planear serviços de MI; 3) uma ontologia para fixar um vocabulário comum para uma família específica de DPS; 4) um formalismo composicional para modelar SPLs, e servir como uma linguagem de especificação para DPS; e 5) uma semântica variável para uma linguagem de coordenação para simplificar a coordenação.This work was funded by FCT – Foundation for Science and Technology, the Portuguese Ministry of Science, Technology and Higher Education, through the Operational Programme for Human Capital (POCH). Grant reference: PD/BD/52238/201

Towards privacy-aware identity management

The overall goal of the PRIME project (Privacy and Identity Management for Europe) is the development of a privacy-enhanced identity management system that allows users to control the release of their personal information. The PRIME architecture includes an Access Control component allowing the enforcement of protection requirements on personal identifiable information (PII). The overall goal of the PRIME project (Privacy and Identity Management for Europe) is the development of a privacy-enhanced identity management system that allows users to control the release of their personal information. The PRIME architecture includes an Access Control component allowing the enforcement of protection requirements on personal identifiable information (PII)

Towards an aspect weaving BPEL engine

This position paper proposes the use of dynamic aspects and the visitor design pattern to obtain a highly configurable and extensible BPEL engine. Using these two techniques, the core of this infrastructural software can be customised to meet new requirements and add features such as debugging, execution monitoring, or changing to another Web Service selection policy. Additionally, it can easily be extended to cope with customer-specific BPEL extensions. We propose the use of dynamic aspects not only on the engine itself but also on the workflow in order to tackle the problems of Web Service hot deployment and hot fixes to long running processes. In this way, composing aWeb Service "on-the-fly" means weaving its choreography interface into the workflow

An integrated approach to QoS and security in future mobile networks using the Y-Comm framework

Future networks will comprise a wide variety of wireless networks. Users will expect to be always connected from anywhere and at any time as connections will be switched to available networks using vertical handover techniques. However, different networks have different Qualities-of-Service (QoS) so a QoS framework is needed to help applications and services deal with this new environment. In addition, since these networks must work together, future mobile systems will have an open, instead of the currently closed, architecture. Therefore new mechanisms will be needed to protect users, servers and network infrastructure. This means that future mobile networks will have to integrate communications, mobility, quality-of-service and security. However, in order to achieve this integration without affecting the flexibility of future networks, there is a need for novel methods that address QoS and security in a targeted manner within specific situations. Also, there is a need for a communication framework wherein these methods along with the communication and handover mechanisms could be integrated together. Therefore, this research uses the Y-Comm framework, which is a communication architecture to support vertical handover in Next Generations Networks, as an example of future communication frameworks that integrate QoS, security, communication and mobility mechanisms. Within the context of Y-Comm, research has been conducted to address QoS and security in heterogeneous networks. To preserve the flexibility of future network, the research in this thesis proposes the concept of Targeted Models to address security and QoS in specific scenarios: to address the QoS issue, a new QoS framework is introduced in this thesis, which will define targeted QoS models that will provide QoS in different situations such as connection initiation and in the case of handover. Similarly, to deal with the security side, targeted security models are proposed to address security in situations like connection initiation and handover. To define the targeted models and map them to actual network entities, research has been conducted to define a potential structure for future networks along with the main operational entities. The cooperation among these entities will define the targeted models. Furthermore, in order to specify the security protocols used by the targeted security models, an Authentication and Key Agreement framework is introduced to address security at different levels such as network and service levels. The underlying protocols of the Authentication and Key Agreement protocol are verified using Casper/FDR, which is a well-known, formal methods- based tool. The research also investigates potential methods to implement the proposed security protocols. To enable the implementation of some of the targeted security models, the research also proposes major enhancements to the current addressing, naming and location systems

Engineering security into distributed systems: a survey of methodologies

Rapid technological advances in recent years have precipitated a general shift towards software distribution as a central computing paradigm. This has been accompanied by a corresponding increase in the dangers of security breaches, often causing security attributes to become an inhibiting factor for use and adoption. Despite the acknowledged importance of security, especially in the context of open and collaborative environments, there is a growing gap in the survey literature relating to systematic approaches (methodologies) for engineering secure distributed systems. In this paper, we attempt to fill the aforementioned gap by surveying and critically analyzing the state-of-the-art in security methodologies based on some form of abstract modeling (i.e. model-based methodologies) for, or applicable to, distributed systems. Our detailed reviews can be seen as a step towards increasing awareness and appreciation of a range of methodologies, allowing researchers and industry stakeholders to gain a comprehensive view of the field and make informed decisions. Following the comprehensive survey we propose a number of criteria reflecting the characteristics security methodologies should possess to be adopted in real-life industry scenarios, and evaluate each methodology accordingly. Our results highlight a number of areas for improvement, help to qualify adoption risks, and indicate future research directions.Anton V. Uzunov, Eduardo B. Fernandez, Katrina Falkne