Finding secure compositions of software services: Towards a pattern based approach

In service based systems, there is often a need to replace services at runtime as they become either unavailable or they no longer meet required quality or security properties. In such cases, it is often necessary to build compositions of services that can replace a problematic service because no single service with a sufficient match to it can be located. In this paper, we present an approach for building compositions of services that can preserve required security properties. Our approach is based on the use of secure composition patterns which are applied in connection with basic discovery mechanisms to build secure service compositions

Describing secure interfaces with interface automata

Interface automata are a model that allows for the representation of stateful interfaces. In this paper we introduce a variant of interface automata, which we call interface structure for security (ISS), that allows for the modelling of security. We focus on the property of non interference, more precisely in bisimulation-based non interference for reactive systems. We define the notion of compatible interfaces in this setting meaning that they can be composed so that a secure interface can be synthesized from the composition. In fact, we provide an algorithm that determines whether an ISS can be made secure by controlling (more specifically, pruning) some public input actions, and if so, synthesize the secure ISS. In addition, we also provide some sufficient conditions on the components ISS to ensure that their composition is secure (and hence no synthesis process is needed).Fil: Lee, Matias David. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Córdoba; Argentina. Universidad Nacional de Córdoba. Facultad de Matemática, Astronomía y Física; ArgentinaFil: D'argenio, Pedro Ruben. Universidad Nacional de Córdoba. Facultad de Matemática, Astronomía y Física; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - Córdoba; Argentin

Cyber Security Awareness Among College Students

This study reports the early results of a study aimed to investigate student awareness and attitudes toward cyber security and the resulting risks in the most advanced technology environment: the Silicon Valley in California, USA. The composition of students in Silicon Valley is very ethnically diverse. The objective was to see how much the students in such a tech-savvy environment are aware of cyber-attacks and how they protect themselves against them. The early statistical analysis suggested that college students, despite their belief that they are observed when using the Internet and that their data is not secure even on university systems, are not very aware of how to protect their data. Also, it appears that educational institutions do not have an active approach to improve awareness among college students to increase their knowledge on these issues and how to protect themselves from potential cyber-attacks, such as identity theft or ransomware

Generating Secure Service Compositions

Ensuring that the compositions of services that constitute service-based systems satisfy given security properties is a key prerequisite for the adoption of the service oriented computing paradigm. In this paper, we address this issue using a novel approach that guarantees service composition security by virtue of the generation of compositions. Our approach generates service compositions that are guaranteed to satisfy security properties based on secure service orchestration (SESO) patterns. These patterns express primitive (e.g., sequential, parallel) service orchestrations, which are proven to have certain global security properties if the individual services participating in them have themselves other security properties. The paper shows how SESO patterns can be constructed and gives examples of proofs for such patterns. It also presents the process of using SESO patterns to generate secure service compositions and presents the results of an initial experimental evaluation of the approach

ATTACHMENT REPRESENTATIONS AND MOTHER-CHILD DIALOGUE

With the emerging linguistic competencies of the child, dialogue becomes a regular part of mother-child everyday interactions, and may serve as one of the mechanisms of transmission of attachment in early and middle childhood. The goal of this study was to investigate the hypothesis about the co-constructive nature of children\u27s knowledge of secure base script. Formation of the secure base script is a result of child-caregiver interactions that have been consolidated into a unit of knowledge available for use in attachment related situations. Individual attachment narratives and mother-child co-constructed narratives were collected from 86 mother-child dyads when children were 3.7 years old. Using Structural Equation Modeling, this study tested the relationships between maternal knowledge of secure base script, child knowledge of secure base script, and maternal dialogic co-construction skills, observed as mothers helped their children with narrative construction. Further, it was tested if maternal co-construction skills mediated the relationship between maternal secure base script knowledge and child secure base script knowledge. Confirming the co-constructive nature of children\u27s attachment representations, a significant relationship was found between maternal co-construction skills and child knowledge of secure base script. A trend between maternal access to secure base script and maternal co-construction skills was found, suggesting that maternal attachment representations may be related to the way mothers converse with their children. No significant effects of maternal access to secure base script on child access to secure base script were found when examining the relationship directly and via co-construction skills. Implications of these findings are discussed in the context of specific study characteristics, such as methods of assessment, coding systems, sample composition, and age of children at the time of study

Password Composition and Security: An Exploratory Study of User Practice

User authentication is a vital element in ensuring the secure operation of computer-based systems. The most common control mechanism for authenticating user access to computerised information systems is the use of passwords. Password-based systems remain the predominant method of user authentication despite the many sophisticated and viable security alternatives that have emerged from research and development. However, evidence suggests that this method is often compromised by poor security practices. This paper presents the results of a survey that examines user practice in creating and using password keys. This paper reports the findings from a pilot study examining user password composition and security practices for e-mail. Despite a greater awareness of security issues, the results show that an improvement in user password management practice is required

Dynamic Probabilistic Input Output Automata

We present probabilistic dynamic I/O automata, a framework to model dynamic probabilistic systems. Our work extends dynamic I/O Automata formalism of Attie & Lynch [Paul C. Attie and Nancy A. Lynch, 2016] to the probabilistic setting. The original dynamic I/O Automata formalism included operators for parallel composition, action hiding, action renaming, automaton creation, and behavioral sub-typing by means of trace inclusion. They can model mobility by using signature modification. They are also hierarchical: a dynamically changing system of interacting automata is itself modeled as a single automaton. Our work extends all these features to the probabilistic setting. Furthermore, we prove necessary and sufficient conditions to obtain the monotonicity of automata creation/destruction with implementation preorder. Our construction uses a novel proof technique based on homomorphism that can be of independent interest. Our work lays down the foundations for extending composable secure-emulation of Canetti et al. [Ran Canetti et al., 2007] to dynamic settings, an important tool towards the formal verification of protocols combining probabilistic distributed systems and cryptography in dynamic settings (e.g. blockchains, secure distributed computation, cybersecure distributed protocols, etc)

Cryptographic security of quantum key distribution

This work is intended as an introduction to cryptographic security and a motivation for the widely used Quantum Key Distribution (QKD) security definition. We review the notion of security necessary for a protocol to be usable in a larger cryptographic context, i.e., for it to remain secure when composed with other secure protocols. We then derive the corresponding security criterion for QKD. We provide several examples of QKD composed in sequence and parallel with different cryptographic schemes to illustrate how the error of a composed protocol is the sum of the errors of the individual protocols. We also discuss the operational interpretations of the distance metric used to quantify these errors.Comment: 31+23 pages. 28 figures. Comments and questions welcom