19 research outputs found
Partially-Observable Security Games for Automating Attack-Defense Analysis
Network systems often contain vulnerabilities that remain unfixed in a
network for various reasons, such as the lack of a patch or knowledge to fix
them. With the presence of such residual vulnerabilities, the network
administrator should properly react to the malicious activities or proactively
prevent them, by applying suitable countermeasures that minimize the likelihood
of an attack by the attacker. In this paper, we propose a stochastic
game-theoretic approach for analyzing network security and synthesizing defense
strategies to protect a network. To support analysis under partial observation,
where some of the attacker's activities are unobservable or undetectable by the
defender, we construct a one-sided partially observable security game and
transform it into a perfect game for further analysis. We prove that this
transformation is sound for a sub-class of security games and a subset of
properties specified in the logic rPATL. We implement a prototype that fully
automates our approach, and evaluate it by conducting experiments on a
real-life network
Symbolic Abstract Heaps for Polymorphic Information-flow Guard Inference (Extended Version)
In the realm of sound object-oriented program analyses for information-flow
control, very few approaches adopt flow-sensitive abstractions of the heap that
enable a precise modeling of implicit flows. To tackle this challenge, we
advance a new symbolic abstraction approach for modeling the heap in Java-like
programs. We use a store-less representation that is parameterized with a
family of relations among references to offer various levels of precision based
on user preferences. This enables us to automatically infer polymorphic
information-flow guards for methods via a co-reachability analysis of a
symbolic finite-state system. We instantiate the heap abstraction with three
different families of relations. We prove the soundness of our approach and
compare the precision and scalability obtained with each instantiated heap
domain by using the IFSpec benchmarks and real-life applications
Notions of Conformance Testing for Cyber-Physical Systems: Overview and Roadmap (Invited Paper)
We review and compare three notions of conformance testing for cyber-physical systems. We begin with a review of their underlying semantic models and present conformance-preserving translations between them. We identify the differences in the underlying semantic models and the various design decisions that lead to these substantially different notions of conformance testing. Learning from this exercise, we reflect upon the challenges in designing an "ideal" notion of conformance for cyber-physical systems and sketch a roadmap of future research in this domain
Supervisory Controller Synthesis for Safe Software Adaptation
International audienc
Supervisory Controller Synthesis for Safe Software Adaptation
International audienc
AT-DIFC + : Toward Adaptive and Trust-Aware Decentralized Information Flow Control
Modern software systems and their corresponding architectures are increasingly decentralized, distributed, and dynamic. As a consequence, decentralized mechanisms are required to ensure security in such architectures. Decentralized Information Flow Control (DIFC) is a mechanism to control information flow in distributed systems. This article presents and discusses several improvements to an adaptive decentralized information flow approach that incorporates trust for decentralized systems to provide security. Adaptive Trust-Aware Decentralized Information Flow (AT-DIFC+) combines decentralized information flow control mechanisms, trust-based methods, and decentralized control architectures to control and enforce information flow in an open, decentralized system. We strengthen our approach against newly discovered attacks and provide additional information about its reconfiguration, decentralized control architectures, and reference implementation. We evaluate the effectiveness and performance of AT-DIFC+ on two case studies and perform additional experiments and to gauge the mitigations’ effectiveness against the identified attacks.PROSSESERE
Self-Adaptive Trust-aware Decentralized Information Flow Control, extended version
Modern software systems and their corresponding architectures are decentralized, distributed, and dynamic. As a consequence, decentralized mechanisms are also required to ensure security in such architectures. Decentralized Information Flow Control (DIFC) is a mechanism to control information flow in distributed systems. However, DIFC mechanisms require the resolution of specific centralized control and trust issues.In this paper, we propose an adaptive, trust-aware, decentralized information flow approach that incorporates trust in DIFC for decentralized systems. We employ decentralized feedback loops to enable decentralized control and adaptive trust assignments. In our approach, adaptivity mitigates two aspects of systems dynamics that cause uncertainty:Â the ever-changing nature of trust and the system openness. We formalize our trust-aware DIFC model and instantiate two decentralized feedback loop architectures to implement it
Self-Adaptive Trust-aware Decentralized Information Flow Control, extended version
Modern software systems and their corresponding architectures are decentralized, distributed, and dynamic. As a consequence, decentralized mechanisms are also required to ensure security in such architectures. Decentralized Information Flow Control (DIFC) is a mechanism to control information flow in distributed systems. However, DIFC mechanisms require the resolution of specific centralized control and trust issues.In this paper, we propose an adaptive, trust-aware, decentralized information flow approach that incorporates trust in DIFC for decentralized systems. We employ decentralized feedback loops to enable decentralized control and adaptive trust assignments. In our approach, adaptivity mitigates two aspects of systems dynamics that cause uncertainty:Â the ever-changing nature of trust and the system openness. We formalize our trust-aware DIFC model and instantiate two decentralized feedback loop architectures to implement it
Synthesizing structural and behavioral control for reconfigurations in component-based systems
International audienceCorrectness of the behavior of an adaptive system during dynamic adaptation is an important challengeto realize correct adaptive systems. Dynamic adaptation refers to changes to both the functionality ofthe computational entities that comprise a composite system, as well as the structure of their interconnections,in response to variations in the environment, e.g., the load of requests on a server system. In this research,we view the problem of correct structural adaptation as a supervisory control problem and synthesizea reconfiguration controller that guides the behavior of a system during adaptation. The reconfigurationcontroller observes the system behavior during an adaptation and controls the system behavior by allowing/disallowing actions in a way to ensure that a given property is satisfied and a deadlock is avoided. Thesystem during adaptation is modeled using a graph transition system and properties to be enforced are specifiedusing a graph automaton. We adapt a classical theory of supervisory control for synthesizing a controllerfor controlling the behavior of a system modeled using graph transition systems. This theory is used to synthesizea controller that can impose both behavioral and structural constraints on the system during an adaptation.We apply a tool that we have implemented to support our approach on a case study involving httpsservers