31 research outputs found
Secrecy for Mobile Implementations of Security Protocols
Mobile code technology offers interesting possibilities to
the practitioner, but also raises strong concerns about security. One
aspect of security is secrecy, the preservation of confidential
information. This thesis investigates the modelling, specification and
verification of secrecy in mobile applications which access and
transmit confidential information through a possibly compromised
medium (e.g. the Internet). These applications can be expected to
communicate secret information using a security protocol, a mechanism
to guarantee that the transmitted data does not reach unauthorized
entities.
The central idea is therefore to relate the secrecy properties of the
application to those of the protocol it implements, through the
definition of a ``confidential protocol implementation'' relation.
The argument takes an indirect form, showing that a confidential
implementation transmits secret data only in the ways indicated by the
protocol.
We define the implementation relation using labelled transition
semantics, bisimulations and relabelling functions. To justify its
technical definition, we relate this property to a notion of
noninterference for nondeterministic systems derived from Cohen's
definition of Selective Independency. We also provide simple and
local conditions that greatly simplify its verification, and report on
our experiments on an architecture showing how the proposed
formulations could be used in practice to enforce secrecy of mobile
code
Towards goal-based autonomic networking
The ability to quickly deploy and efficiently manage services is critical to the telecommunications industry. Currently, services are designed and managed by different teams with expertise over a wide range of concerns, from high-level business to low level network aspects. Not only is this approach expensive in terms
of time and resources, but it also has problems to scale up to new outsourcing and/or multi-vendor models, where subsystems and teams belong to different organizations. We endorse the idea, upheld among others in the autonomic computing community, that the network and system components involved in the provision of a service must be crafted to facilitate their management. Furthermore, they should help bridge the gap between network and business concerns. In this paper, we sketch an approach based on
early work on the hierarchical organization of autonomic entities that possibly belong to different organizations. An autonomic entity governs over other autonomic entities by defining their goals. Thus, it is up to each autonomic entity to decide its line of actions in order to fulfill its goals, and the governing entity needs not know about the internals of its subordinates. We illustrate the approach with a simple but still rich example of a telecom service
Secrecy for mobile implementations of security protocols
Mobile code technology offers interesting possibilities tothe practitioner, but also raises strong concerns aboutsecurity. One aspect of security is secrecy, the preservationof confidential information. This thesis investigates themodelling, specification and verification of secrecy in mobileapplications which access and transmit confidential informationthrough a possibly compromised medium (e.g. the Internet).These applications can be expected to communicate secretinformation using a security protocol, a mechanism to guaranteethat the transmitted data does not reach unauthorizedentities. The central idea is therefore to relate the secrecyproperties of the application to those of the protocol itimplements, through the definition of a "confidential protocolimplementation" relation. The argument takes an indirect form,showing that a confidential implementation transmits secretdata only in the ways indicated by the protocol. We define theimplementation relation using labelled transition semantics,bisimulations and relabelling functions. To justify itstechnical definition, we relate this property to a notion ofnoninterference for nondeterministic systems derived fromCohen\u92s definition of Selective Independency. We alsoprovide simple and local conditions that greatly simplify itsverification, and report on our experiments on an architectureshowing how the proposed formulations could be used in practiceto enforce secrecy of mobile code.NR 2014080
Memory Consumption Analysis of Java Smart Cards
Memory is a scarce resource in Java smart cards. Developers and card suppliers alike would want to make sure, at compile- or load-time, that a Java Card applet will not overflow memory when performing dynamic class instantiations. Although there are good solutions to the general problem, the challenge is still out to produce a static analyser that is certified and could execute on-card. We provide a constraint-based algorithm which determines potential loops and (mutually) recursive methods. The algorithm operates on the bytecode of an applet and is written as a set of rules associating one or more constraints to each bytecode instruction. The rules are designed so that a certified analyser could be extracted from their proof of correctness. By keeping a clear separation between the rules dealing with the inter- and intra-procedural aspects of the analysis we are able to reduce the space-complexity of a previous algorithm
Memory consumption analysis of Java smart cards
Memory is a scarce resource in Java smart cards. Developers and card suppliers alike would want to make sure, at compile- or load-time, that a Java Card applet will not overflow memory when performing dynamic class instantiations. Although there are good solutions to the general problem, the challenge is still out to produce a static analyser that is certified and could execute on-card. We provide a constraint-based algorithm which determines potential loops and (mutually) recursive methods. The algorithm operates on the bytecode of an applet and is written as a set of rules associating one or more constraints to each bytecode instruction. The rules are designed so that a certified analyser could be extracted from their proof of correctness. By keeping a clear separation between the rules dealing with the inter- and intra-procedural aspects of the analysis we are able to reduce the space-complexity of a previous algorithm.
Confidentiality for mobile code: the case of a simple payment protocol
We propose an approach to support confidentiality for mobile implementations of security-sensitive protocols us-ing Java/JVM. An applet which receives and passes on con-fidential information onto a public network has a rich set of direct and indirect channels available to it. The problem is to constrain applet behaviour to prevent those leakages that are unintended while preserving those that are specified in the protocol. We use an approach based on the idea of cor-relating changes in observable behaviour with changes in input. In the special case where no changes in (low) be-haviour are possible we retrieve a version of noninterfer-ence. Mapping our approach to JVM a number of particular concerns need to be addressed, including the use of object libraries for IO, the use of labelling to track input/output of secrets, and the choice of proof strategy. We use the bisimu-lation proof technique. To provide user feedback we employ a variant of proof-carrying code to instrument a security assistant which will let users of an applet inquire about its security properties such as the destination of data input into different fields. 1
Quality of Service Evaluation in Virtual Organizations Using SLAs
Cooperating in Virtual organizations requires trust between the constituting organizations. SLA contracts are put in place in order to specify the quality of service of services
offered. For these contracts to be effective they also need to be monitored effectively. In a Service Oriented Architecture this often means monitoring Web service invocations and evaluating if the service fulfills the obligations in its SLA. In this paper we present an implementation of a rule engine based SLA Evaluator specifically designed for the needs of a virtual organization. The evaluator fits in the context of a virtual organization through the use of open XML-based standards and a loosely coupled, event-driven architecture