69,818 research outputs found
Doctor of Philosophy
dissertationTrusted computing base (TCB) of a computer system comprises components that must be trusted in order to support its security policy. Research communities have identified the well-known minimal TCB principle, namely, the TCB of a system should be as small as possible, so that it can be thoroughly examined and verified. This dissertation is an experiment showing how small the TCB for an isolation service is based on software fault isolation (SFI) for small multitasking embedded systems. The TCB achieved by this dissertation includes just the formal definitions of isolation properties, instruction semantics, program logic, and a proof assistant, besides hardware. There is not a compiler, an assembler, a verifier, a rewriter, or an operating system in the TCB. To the best of my knowledge, this is the smallest TCB that has ever been shown for guaranteeing nontrivial properties of real binary programs on real hardware. This is accomplished by combining SFI techniques and high-confidence formal verification. An SFI implementation inserts dynamic checks before dangerous operations, and these checks provide necessary invariants needed by the formal verification to prove theorems about the isolation properties of ARM binary programs. The high-confidence assurance of the formal verification comes from two facts. First, the verification is based on an existing realistic semantics of the ARM ISA that is independently developed by Cambridge researchers. Second, the verification is conducted in a higher-order proof assistant-the HOL theorem prover, which mechanically checks every verification step by rigorous logic. In addition, the entire verification process, including both specification generation and verification, is automatic. To support proof automation, a novel program logic has been designed, and an automatic reasoning framework for verifying shallow safety properties has been developed. The program logic integrates Hoare-style reasoning and Floyd's inductive assertion reasoning together in a small set of definitions, which overcomes shortcomings of Hoare logic and facilitates proof automation. All inference rules of the logic are proven based on the instruction semantics and the logic definitions. The framework leverages abstract interpretation to automatically find function specifications required by the program logic. The results of the abstract interpretation are used to construct the function specifications automatically, and the specifications are proven without human interaction by utilizing intermediate theorems generated during the abstract interpretation. All these work in concert to create the very small TCB
Developing a distributed electronic health-record store for India
The DIGHT project is addressing the problem of building a scalable and highly available information store for the Electronic Health Records (EHRs) of the over one billion citizens of India
Can Component/Service-Based Systems Be Proved Correct?
Component-oriented and service-oriented approaches have gained a strong
enthusiasm in industries and academia with a particular interest for
service-oriented approaches. A component is a software entity with given
functionalities, made available by a provider, and used to build other
application within which it is integrated. The service concept and its use in
web-based application development have a huge impact on reuse practices.
Accordingly a considerable part of software architectures is influenced; these
architectures are moving towards service-oriented architectures. Therefore
applications (re)use services that are available elsewhere and many
applications interact, without knowing each other, using services available via
service servers and their published interfaces and functionalities. Industries
propose, through various consortium, languages, technologies and standards.
More academic works are also undertaken concerning semantics and formalisation
of components and service-based systems. We consider here both streams of works
in order to raise research concerns that will help in building quality
software. Are there new challenging problems with respect to service-based
software construction? Besides, what are the links and the advances compared to
distributed systems?Comment: 16 page
A Security Pattern for Cloud service certification
Cloud computing is interesting from the economic, operational and even energy consumption perspectives but it still raises concerns regarding
the security, privacy, governance and compliance of the data and software services offered through it. However, the task of verifying security
properties in services running on cloud is not trivial. We notice the provision and security of a cloud service is sensitive. Because of the
potential interference between the features and behavior of all the inter-dependent services in all layers of the cloud stack (as well as dynamic
changes in them). Besides current cloud models do not include support for trust-focused communication between layers. We present a
mechanism to implement cloud service certification process based on the usage of Trusted Computing technology, by means of its Trusted Computing Platform (TPM) implementation of its architecture. Among many security security features it is a tamper proof resistance built in device and provides a root of trust to affix our certification mechanism. We present as a security pattern the approach for service certification based on the use TPM.Universidad de Málaga. Campus de Excelencia Internacional AndalucĂa Tec
Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems
We introduce SysML-Sec, a SysML-based Model-Driven Engineering environment
aimed at fostering the collaboration between system designers and security
experts at all methodological stages of the development of an embedded system.
A central issue in the design of an embedded system is the definition of the
hardware/software partitioning of the architecture of the system, which should
take place as early as possible. SysML-Sec aims to extend the relevance of this
analysis through the integration of security requirements and threats. In
particular, we propose an agile methodology whose aim is to assess early on the
impact of the security requirements and of the security mechanisms designed to
satisfy them over the safety of the system. Security concerns are captured in a
component-centric manner through existing SysML diagrams with only minimal
extensions. After the requirements captured are derived into security and
cryptographic mechanisms, security properties can be formally verified over
this design. To perform the latter, model transformation techniques are
implemented in the SysML-Sec toolchain in order to derive a ProVerif
specification from the SysML models. An automotive firmware flashing procedure
serves as a guiding example throughout our presentation.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Cyber-Virtual Systems: Simulation, Validation & Visualization
We describe our ongoing work and view on simulation, validation and
visualization of cyber-physical systems in industrial automation during
development, operation and maintenance. System models may represent an existing
physical part - for example an existing robot installation - and a software
simulated part - for example a possible future extension. We call such systems
cyber-virtual systems.
In this paper, we present the existing VITELab infrastructure for
visualization tasks in industrial automation. The new methodology for
simulation and validation motivated in this paper integrates this
infrastructure. We are targeting scenarios, where industrial sites which may be
in remote locations are modeled and visualized from different sites anywhere in
the world.
Complementing the visualization work, here, we are also concentrating on
software modeling challenges related to cyber-virtual systems and simulation,
testing, validation and verification techniques for them. Software models of
industrial sites require behavioural models of the components of the industrial
sites such as models for tools, robots, workpieces and other machinery as well
as communication and sensor facilities. Furthermore, collaboration between
sites is an important goal of our work.Comment: Preprint, 9th International Conference on Evaluation of Novel
Approaches to Software Engineering (ENASE 2014
- …