An Automata Based Approach for Verifying Information Flow Properties

AbstractWe present an automated verification technique to verify trace based information flow properties for finite state systems. We show that the Basic Security Predicates (BSPs) defined by Mantel in [Mantel, H., Possibilistic Definitions of Security – An Assembly Kit, in: Proceedings of the 13th IEEE Computer Security Foundations Workshop (2000), pp. 185–199], which are shown to be the building blocks of known trace based information flow properties, can be characterised in terms of regularity preserving language theoretic operations. This leads to a decision procedure for checking whether a finite state system satisfies a given BSP. Verification techniques in the literature (e.g. unwinding) are based on the structure of the transition system and are incomplete in some cases. In contrast, our technique is language based and complete for all information flow properties that can be expressed in terms of BSPs

Towards unifying semantic constraints and security constraints in distributed information systems

Modern information systems must respect certain restrictions in order to guarantee the proper and desired functionality. Semantic constraints help to prevent inconsistencies in the stored data resulting from faulty updates. Security constraints are to maintain integrity, secrecy and availability over updates and over queries. This thesis designs a unifying framework for the specification of semantic constraints and security constraints in information systems in order to study interactions between them. We consider an information system as a distributed, reactive system in which each actor and each object acts autonomously and concurrently. Actors gain knowledge by performing read operations on objects and they may update the content of an object by performing update operations. To execute read or update operations, actors need execute rights that can be granted or revoked by other actors.This view of an information system is captured in a computational model.In this model, we consider each component of the information system, actors as well as objects, uniformly as a sequential agent that performs operations autonomously and jointly with other sequential agents. Each agent is alliated with a set of local propositions and a set of local operations as well as with relations that capture the agent's knowledge and belief. An agent's knowledge is determined completely by its local state. Change in knowledge of an agent is due to operations performed by the agent. Interaction between knowledge and operations is captured by the requirement that the enabling and the effect of an operation is completely determined by the knowledge of the acting agents. Knowledge of agents can be changed only byoperations in which they participate. We define a temporal and epistemic specification language with temporaland epistemic operators. The logic provides for each agent local next and until operators as temporal operators and local knowledge and belief operators as epistemic operators. We develop a modal tableau based proof system for a subset of the logic and show its soundness. Completeness can be shown only for a smaller, but still reasonable subset of the logic, decidability remains an open question. The main diffculty of the tableau system arises from the interaction requirement between knowledge and action.In a detailed example we demonstrate how the framework can be used for specifying semantic constraints and security constraints in information systems

Summarizing Industrial Log Data with Latent Dirichlet Allocation

Industrial systems and equipment produce large log files recording their activities and possible problems. This data is often used for troubleshooting and root cause analysis, but using the raw log data is poorly suited for direct human analysis. Existing approaches based on data mining and machine learning focus on troubleshooting and root cause analysis. However, if a good summary of industrial log files was available, the files could be used to monitor equipment and industrial processes and act more proactively on problems. This contribution shows how a topic modeling approach based on Latent Dirichlet Allocation (LDA) helps to understand, organize and summarize industrial log files. The approach was tested on a real-world industrial dataset and evaluated quantitatively by direct annotation

Towards Unifying Semantic Constraints and Security Constraints in Distributed Information Systems

Modern information systems must respect certain restrictions in order to guarantee the proper and desired functionality. Semantic constraints help to prevent inconsistencies in the stored data resulting from faulty updates. Security constraints are to maintain integrity, secrecy and availability over updates and over queries. In this paper we design an unifying framework for both kinds of constraints in order to study interactions between them. We view a distributed information system as a multi-agent system in which all components of the system are seen as agents. We present a temporal and epistemic logic for the defined framework and show in an example how security constraints and semantic constraints can be expressed in this framework

Service Automata

We propose a novel framework for reliably enforcing security in distributed systems. Service automata monitor the execution of a distributed program and enforce countermeasures before a violation of a security policy can occur. A key novelty of our proposal is that security is enforced in a decentralized though coordinated fashion. This provides the basis for reliably enforcing global security requirements without introducing unnecessary latencies or communication overhead. The novel contributions of this article include the concept of service automata and a generic formalization of service automata in CSP. We also illustrate how the generic model can be tailored to given security requirements by instantiating its parameters in a stepwise and modular manner