41,265 research outputs found
Translating proprietary protection setting data into standardized IEC 61850 format for protection setting validation
For smart grid development, one of the key expectations is that the data should be accessible to and readily interpreted by different applications. Presently, protection settings are represented using proprietary parameters and stored in various file formats. This makes it very difficult for computer applications to manipulate such data directly. This paper introduces a process that translates the proprietary protection setting data into IEC 61850 standardised format and saves the data as System Configuration description Language (SCL) files. A code generation process that allows rapid implementation of the translation process is proposed. Among various applications, the paper demonstrates how such a translation process and generated SCL files can facilitate the development of an intelligent system for protection setting error detection and validation
myTrustedCloud: Trusted cloud infrastructure for security-critical computation and data managment
Copyright @ 2012 IEEECloud Computing provides an optimal infrastructure to utilise and share both computational and data resources whilst allowing a pay-per-use model, useful to cost-effectively manage hardware investment or to maximise its utilisation. Cloud Computing also offers transitory access to scalable amounts of computational resources, something that is particularly important due to the time and financial constraints of many user communities. The growing number of communities that are adopting large public cloud resources such as Amazon Web Services [1] or Microsoft Azure [2] proves the success and hence usefulness of the Cloud Computing paradigm. Nonetheless, the typical use cases for public clouds involve non-business critical applications, particularly where issues around security of utilization of applications or deposited data within shared public services are binding requisites. In this paper, a use case is presented illustrating how the integration of Trusted Computing technologies into an available cloud infrastructure - Eucalyptus - allows the security-critical energy industry to exploit the flexibility and potential economical benefits of the Cloud Computing paradigm for their business-critical applications
Are IEEE 1500 compliant cores really compliant to the standard?
Functional verification of complex SoC designs is a challenging task, which fortunately is increasingly supported by automation. This article proposes a verification component for IEEE Std 1500, to be plugged into a commercial verification tool suit
Model Driven Mutation Applied to Adaptative Systems Testing
Dynamically Adaptive Systems modify their behav- ior and structure in
response to changes in their surrounding environment and according to an
adaptation logic. Critical sys- tems increasingly incorporate dynamic
adaptation capabilities; examples include disaster relief and space exploration
systems. In this paper, we focus on mutation testing of the adaptation logic.
We propose a fault model for adaptation logics that classifies faults into
environmental completeness and adaptation correct- ness. Since there are
several adaptation logic languages relying on the same underlying concepts, the
fault model is expressed independently from specific adaptation languages.
Taking benefit from model-driven engineering technology, we express these
common concepts in a metamodel and define the operational semantics of mutation
operators at this level. Mutation is applied on model elements and model
transformations are used to propagate these changes to a given adaptation
policy in the chosen formalism. Preliminary results on an adaptive web server
highlight the difficulty of killing mutants for adaptive systems, and thus the
difficulty of generating efficient tests.Comment: IEEE International Conference on Software Testing, Verification and
Validation, Mutation Analysis Workshop (Mutation 2011), Berlin : Allemagne
(2011
Rehearsal: A Configuration Verification Tool for Puppet
Large-scale data centers and cloud computing have turned system configuration
into a challenging problem. Several widely-publicized outages have been blamed
not on software bugs, but on configuration bugs. To cope, thousands of
organizations use system configuration languages to manage their computing
infrastructure. Of these, Puppet is the most widely used with thousands of
paying customers and many more open-source users. The heart of Puppet is a
domain-specific language that describes the state of a system. Puppet already
performs some basic static checks, but they only prevent a narrow range of
errors. Furthermore, testing is ineffective because many errors are only
triggered under specific machine states that are difficult to predict and
reproduce. With several examples, we show that a key problem with Puppet is
that configurations can be non-deterministic.
This paper presents Rehearsal, a verification tool for Puppet configurations.
Rehearsal implements a sound, complete, and scalable determinacy analysis for
Puppet. To develop it, we (1) present a formal semantics for Puppet, (2) use
several analyses to shrink our models to a tractable size, and (3) frame
determinism-checking as decidable formulas for an SMT solver. Rehearsal then
leverages the determinacy analysis to check other important properties, such as
idempotency. Finally, we apply Rehearsal to several real-world Puppet
configurations.Comment: In proceedings of ACM SIGPLAN Conference on Programming Language
Design and Implementation (PLDI) 201
Directed Security Policies: A Stateful Network Implementation
Large systems are commonly internetworked. A security policy describes the
communication relationship between the networked entities. The security policy
defines rules, for example that A can connect to B, which results in a directed
graph. However, this policy is often implemented in the network, for example by
firewalls, such that A can establish a connection to B and all packets
belonging to established connections are allowed. This stateful implementation
is usually required for the network's functionality, but it introduces the
backflow from B to A, which might contradict the security policy. We derive
compliance criteria for a policy and its stateful implementation. In
particular, we provide a criterion to verify the lack of side effects in linear
time. Algorithms to automatically construct a stateful implementation of
security policy rules are presented, which narrows the gap between
formalization and real-world implementation. The solution scales to large
networks, which is confirmed by a large real-world case study. Its correctness
is guaranteed by the Isabelle/HOL theorem prover.Comment: In Proceedings ESSS 2014, arXiv:1405.055
XML Rewriting Attacks: Existing Solutions and their Limitations
Web Services are web-based applications made available for web users or
remote Web-based programs. In order to promote interoperability, they publish
their interfaces in the so-called WSDL file and allow remote call over the
network. Although Web Services can be used in different ways, the industry
standard is the Service Oriented Architecture Web Services that doesn't rely on
the implementation details. In this architecture, communication is performed
through XML-based messages called SOAP messages. However, those messages are
prone to attacks that can lead to code injection, unauthorized accesses,
identity theft, etc. This type of attacks, called XML Rewriting Attacks, are
all based on unauthorized, yet possible, modifications of SOAP messages. We
present in this paper an explanation of this kind of attack, review the
existing solutions, and show their limitations. We also propose some ideas to
secure SOAP messages, as well as implementation ideas
- …