Nice to know

The byproduct of today’s massive interconnectivity is that basically nothing and no-one is immune to cyber attacks any longer. Sadly, this can be demonstrated rather trivially. It is therefore not surprising that there is no other research area in computer science with as much social and\ud political impact as computer security. We all know that ‘perfect security’ does not exist. However, when it comes to our IT security research agenda we forget this and dedicate our energies to delivering ‘provably secure’\ud technology. This a limiting factor: including insecurity in our security research is a great challenge which will open new application areas.\ud Taking advantage of this multidisciplinary terrain, ‘Nice to Know’ talks about old lessons we have not learned in the past and a few crucial challenges we have to tackle in the future, both in research and in education

Transforming acyclic programs

An unfold/fold transformation system is a source-to-source rewriting methodology devised to improve the efficiency of a program. Any such transformation should preserve the main properties of the initial program: among them, termination. In the field of logic programming, the class of acyclic programs plays an important role in this respect, since it is closely related to the one of terminating programs. The two classes coincide when negation is not allowed in the bodies of the clauses. We prove that the Unfold/Fold transformation system defined by Tamaki and Sato preserves the acyclicity of the initial program. From this result, it follows that when the transformation is applied to an acyclic program, then the finite failure set for definite programs is preserved; in the case of normal programs, all major declarative and operational semantics are preserved as well. These results cannot be extended to the class of left-terminating programs without modifying the definition of the transformation

A Simple procedure for finding guessing attacks (extended abstract)

A novel procedure for finding guessing attacks in security protocols is presented. The procedure enjoys a simple and intuitive definition, and is easily implementable

Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions

Current threat models typically consider all possible ways an attacker can penetrate a system and assign probabilities to each path according to some metric (e.g. time-to-compromise). In this paper we discuss how this view hinders the realness of both technical (e.g. attack graphs) and strategic (e.g. game theory) approaches of current threat modeling, and propose to steer away by looking more carefully at attack characteristics and attacker environment. We use a toy threat model for ICS attacks to show how a realistic view of attack instances can emerge from a simple analysis of attack phases and attacker limitations.Comment: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defens

An Improved Constraint-based system for the verification of security protocols

We propose a constraint-based system for the verification of security protocols that improves upon the one developed by Millen and Shmatikov. Our system features (1) a significantly more efficient implementation, (2) a monotonic behavior, which also allows to detect aws associated to partial runs and (3) a more expressive syntax, in which a principal may also perform explicit checks. We also show why these improvements yield a more effective and practical system

More on Unfold/Fold Transformations of Normal Programs: Preservation of Fitting's Semantics

The unfold/fold transformation system defined by Tamaki and Sato was meant for definite programs. It transforms a program into an equivalent one in the sense of both the least Herbrand model semantics and the Computed Answer Substitution semantics. Seki extended the method to normal programs and specialized it in order to preserve also the finite failure set. The resulting system is correct wrt nearly all the declarative semantics for normal programs. An exception is Fitting's model semantics. In this paper we consider a slight variation of Seki's method and we study its correctness wrt Fitting's semantics. We define an applicability condition for the fold operation and we show that it ensures the preservation of the considered semantics through the transformation

APHRODITE: an Anomaly-based Architecture for False Positive Reduction

We present APHRODITE, an architecture designed to reduce false positives in network intrusion detection systems. APHRODITE works by detecting anomalies in the output traffic, and by correlating them with the alerts raised by the NIDS working on the input traffic. Benchmarks show a substantial reduction of false positives and that APHRODITE is effective also after a "quick setup", i.e. in the realistic case in which it has not been "trained" and set up optimall

Core TuLiP

We propose CoreTuLiP - the core of a trust management language based on Logic Programming. CoreTuLiP is based on a subset of moded logic programming, but enjoys the features of TM languages such as RT; in particular clauses are issued by different authorities and stored in a distributed manner. We present a lookup and inference algorithm which we prove to be correct and complete w.r.t. the declarative semantics. CoreTuLiP enjoys uniform syntax and the well-established semantics and is expressive enough to model scenarios which are hard to deal with in RT

Innovatie en R&D – Een inleiding

De redactiecommissie heeft mij verzocht een bijdrage te schrijven ter inleiding van het onderwerp Innovatie. Toen ik de uitnodiging aannam, realiseerde ik me dat ik hooguit mijn persoonlijke - dus vooringenomen - visie kon geven. Ik hoop dat de lezers me dat niet kwalijk nemen. Veiligheid is een buitengewoon ruim begrip: het is dan ook geen wonder dat het niet met één woord in het Engels vertaald kan worden. Veiligheid omvat namelijk zowel safety als security. De meeste lezers zullen doordrongen zijn van het verschil. Preventie en management van incidenten, zoals overstromingen, zijn een kwestie van safety, maar in het geval van bewuste aanvallen (bijvoorbeeld spionage)komen we op het terrein van security. In dit artikel beperk ik me tot security

Integrity Constraints in Trust Management

We introduce the use, monitoring, and enforcement of integrity constraints in trust management-style authorization systems. We consider what portions of the policy state must be monitored to detect violations of integrity constraints. Then we address the fact that not all participants in a trust management system can be trusted to assist in such monitoring, and show how many integrity constraints can be monitored in a conservative manner so that trusted participants detect and report if the system enters a policy state from which evolution in unmonitored portions of the policy could lead to a constraint violation.Comment: An extended abstract appears in the proc. of the 10th ACM Symp. on Access Control Models and Technologies (SACMAT). 200