This article shows how the method LARES+ (Language for Reconfigurable Systems) is used to model a realistic fault-tolerant computer system comprising 60 components by step-wise refinement. The system under consideration has a highly irregular redundancy structure. Components are not assumed to be independent. In contrast, it is assumed that dormant components fail with a reduced failure rate, and that failure detection and reconfiguration is imperfect.
{"title":"Stepwise Refinement of Complex Dependability Models Using LARES+","authors":"M. Walter","doi":"10.1109/ARES.2011.92","DOIUrl":"https://doi.org/10.1109/ARES.2011.92","url":null,"abstract":"This article shows how the method LARES+ (Language for Reconfigurable Systems) is used to model a realistic fault-tolerant computer system comprising 60 components by step-wise refinement. The system under consideration has a highly irregular redundancy structure. Components are not assumed to be independent. In contrast, it is assumed that dormant components fail with a reduced failure rate, and that failure detection and reconfiguration is imperfect.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133373180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Åsmund Ahlmann Nyre, K. Bernsmed, Solvar Bo, Stian Pedersen
With the increasing use of online services that require sharing of information there is a need for Privacy Enhancing Technology tailored for personal information control. Commonly, web privacy is handled through matching of privacy policies and user preferences using software agents on the client side. In this paper, we propose a new approach to privacy policy matching we denote server-side matching. By moving the matching logic from the client to the server, the client is alleviated from the resource consuming process of obtaining and matching policies and the service provider is able to adapt services to users' privacy preferences. We describe the architecture of a general solution and a prototype implementation of selected parts. The solution has only been subject to rudimentary testing, but our initial evaluation is promising.
{"title":"A Server-side Approach to Privacy Policy Matching","authors":"Åsmund Ahlmann Nyre, K. Bernsmed, Solvar Bo, Stian Pedersen","doi":"10.1109/ARES.2011.95","DOIUrl":"https://doi.org/10.1109/ARES.2011.95","url":null,"abstract":"With the increasing use of online services that require sharing of information there is a need for Privacy Enhancing Technology tailored for personal information control. Commonly, web privacy is handled through matching of privacy policies and user preferences using software agents on the client side. In this paper, we propose a new approach to privacy policy matching we denote server-side matching. By moving the matching logic from the client to the server, the client is alleviated from the resource consuming process of obtaining and matching policies and the service provider is able to adapt services to users' privacy preferences. We describe the architecture of a general solution and a prototype implementation of selected parts. The solution has only been subject to rudimentary testing, but our initial evaluation is promising.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116247976","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Elizabeta Fourneret, Martín Ochoa, F. Bouquet, Julien Botella, J. Jürjens, Parvaneh Yousefi
Model-Based Testing (MBT) is a widely used methodology for generating tests aiming to ensure that the system behaviour conforms to its specification. Recently, it has been successfully applied for testing certain security properties. However, for the success of this approach, it is an important prerequisite to consider the correctness of test models with respect to the given security property. In this paper we present an approach for smart-card specific security properties that permits to validate the system with MBT from test schemas. We combine this MBT approach with UMLsec security verification technique, by using UMLsec stereotypes to verify the model w.r.t. given security properties and gain more confidence in the model. We then define an automatic procedure to generate security test from the UMLsec model via so-called "test schemas". We validate this approach on a fragment of the Global Platform specification and report on available tool support.
{"title":"Model-Based Security Verification and Testing for Smart-cards","authors":"Elizabeta Fourneret, Martín Ochoa, F. Bouquet, Julien Botella, J. Jürjens, Parvaneh Yousefi","doi":"10.1109/ARES.2011.46","DOIUrl":"https://doi.org/10.1109/ARES.2011.46","url":null,"abstract":"Model-Based Testing (MBT) is a widely used methodology for generating tests aiming to ensure that the system behaviour conforms to its specification. Recently, it has been successfully applied for testing certain security properties. However, for the success of this approach, it is an important prerequisite to consider the correctness of test models with respect to the given security property. In this paper we present an approach for smart-card specific security properties that permits to validate the system with MBT from test schemas. We combine this MBT approach with UMLsec security verification technique, by using UMLsec stereotypes to verify the model w.r.t. given security properties and gain more confidence in the model. We then define an automatic procedure to generate security test from the UMLsec model via so-called \"test schemas\". We validate this approach on a fragment of the Global Platform specification and report on available tool support.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116785447","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The sophistication of malicious software (malware) used to break the computer security has increased exponentially in the last years. Frequently, malware is hidden into a computer by software components called root kits. Therefore, early detection of root kits is of primary importance to avoid the uncontrolled operation of malware. Most of current techniques for root kit detection only allow a late detection after the malware has already been hidden by a root kit. In this paper, a new technique is presented that enables the proactive detection of root kits while they are hiding malware, and therefore, allowing that hiding can be avoided. The technique has been designed for root kits that operate in kernel-mode. This root kits are particularly difficult to detect because both the detector and the root kit are executed with the same privileges. This technique can be used to improve the detection capabilities of intrusion detection and prevention systems.
{"title":"Proactive Detection of Kernel-Mode Rootkits","authors":"Pablo Bravo, D. García","doi":"10.1109/ARES.2011.78","DOIUrl":"https://doi.org/10.1109/ARES.2011.78","url":null,"abstract":"The sophistication of malicious software (malware) used to break the computer security has increased exponentially in the last years. Frequently, malware is hidden into a computer by software components called root kits. Therefore, early detection of root kits is of primary importance to avoid the uncontrolled operation of malware. Most of current techniques for root kit detection only allow a late detection after the malware has already been hidden by a root kit. In this paper, a new technique is presented that enables the proactive detection of root kits while they are hiding malware, and therefore, allowing that hiding can be avoided. The technique has been designed for root kits that operate in kernel-mode. This root kits are particularly difficult to detect because both the detector and the root kit are executed with the same privileges. This technique can be used to improve the detection capabilities of intrusion detection and prevention systems.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126451629","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In the business world, the protection of information and data objects and their well-directed flow is essential for the success of enterprises. The Chinese Wall Security Policy model (CWSP model), defined by Brewer and Nash in, provides access control based on the definition of conflict of interest classes. This model addresses in particular the commercial business sector. In their model Brewer and Nash made the implicit assumption that a conflict of interest is an equivalence relation. Lin presented a modified version of the model called the Aggressive Chinese Wall Security Policy model (ACWSP model). He showed in that the "conflict of interest" is a binary relation, but not, in general, an equivalence relation like Brewer and Nash assumed. Lin observed that the Conflict of Interest relation is symmetric but non-reflexive and non-transitive. In the world of business, symmetric conflict of interest classes are not the default. In this paper a new model is presented that is based on a non-symmetric, non-reflexive and non-transitive conflict of interest relation, where each object is allowed to define its own time dependent Conflict Function and Conflict Of Interest List. Before a subject is allowed to do a write access to an object, each object that has been read accessed by the same subject before has to acknowledge that it is free of conflict with the object the subject intends to write access currently. Otherwise the write access is denied.
{"title":"The Limes Security Model for Information Flow Control","authors":"Eckehard Hermann","doi":"10.1109/ARES.2011.88","DOIUrl":"https://doi.org/10.1109/ARES.2011.88","url":null,"abstract":"In the business world, the protection of information and data objects and their well-directed flow is essential for the success of enterprises. The Chinese Wall Security Policy model (CWSP model), defined by Brewer and Nash in, provides access control based on the definition of conflict of interest classes. This model addresses in particular the commercial business sector. In their model Brewer and Nash made the implicit assumption that a conflict of interest is an equivalence relation. Lin presented a modified version of the model called the Aggressive Chinese Wall Security Policy model (ACWSP model). He showed in that the \"conflict of interest\" is a binary relation, but not, in general, an equivalence relation like Brewer and Nash assumed. Lin observed that the Conflict of Interest relation is symmetric but non-reflexive and non-transitive. In the world of business, symmetric conflict of interest classes are not the default. In this paper a new model is presented that is based on a non-symmetric, non-reflexive and non-transitive conflict of interest relation, where each object is allowed to define its own time dependent Conflict Function and Conflict Of Interest List. Before a subject is allowed to do a write access to an object, each object that has been read accessed by the same subject before has to acknowledge that it is free of conflict with the object the subject intends to write access currently. Otherwise the write access is denied.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127564810","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In recent years, wireless sensor network technology has been frequently used in various fields, thereby making it increasingly important to ensure that the data being transferred remains confidential. Symmetric-key cryptography, which does not require high computing capacity, is a method that is generally used because the computing and memory requirements of sensor nodes are low. An implementation of symmetric-key cryptography is needed in order to achieve high-speed processing of sensor nodes. In this paper, we propose and evaluate a fast implementation scheme of the Advanced Encryption Standard using an inline-assembler that is suitable for the ATmega1281 microcontroller. This microcontroller is a part of the Atmel AVR series and is often equipped with sensor nodes for use in wireless sensor networks.
{"title":"Fast Implementation of the Advanced Encryption Standard Using Atmega1281","authors":"Kasumi Toriumi, Yoshio Kakizaki, Keiichi Iwamura","doi":"10.1109/ARES.2011.57","DOIUrl":"https://doi.org/10.1109/ARES.2011.57","url":null,"abstract":"In recent years, wireless sensor network technology has been frequently used in various fields, thereby making it increasingly important to ensure that the data being transferred remains confidential. Symmetric-key cryptography, which does not require high computing capacity, is a method that is generally used because the computing and memory requirements of sensor nodes are low. An implementation of symmetric-key cryptography is needed in order to achieve high-speed processing of sensor nodes. In this paper, we propose and evaluate a fast implementation scheme of the Advanced Encryption Standard using an inline-assembler that is suitable for the ATmega1281 microcontroller. This microcontroller is a part of the Atmel AVR series and is often equipped with sensor nodes for use in wireless sensor networks.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121159340","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Service-oriented software architectures promise enhanced interoperability, reusability, and flexibility for the implementation of business processes. However, assuring the quality of SOA software is challenging due to the distributed, inhomogeneous, and often non-transparent nature of service building blocks. Especially security, which is an overarching quality concern of a system, poses a hard problem for quality assurance in a SOA context. We have developed SiSOA, a method for static security analysis of SOA systems based on reverse-engineering techniques to recover the software architecture and to extract security-related information from available system artifacts. In SiSOA, the extraction and aggregation of security facts is controlled by security rules stored in an extensible knowledge base. In this paper, we describe the structure of the SiSOA knowledge base, its underlying principles, and its role within the SiSOA methodology. We briefly survey our SiSOA prototype tool, and we illustrate the application of knowledge base rules with exemplary security scenarios.
{"title":"Security Evaluation of Service-oriented Systems with an Extensible Knowledge Base","authors":"Christian Jung, M. Rudolph, R. Schwarz","doi":"10.1109/ARES.2011.109","DOIUrl":"https://doi.org/10.1109/ARES.2011.109","url":null,"abstract":"Service-oriented software architectures promise enhanced interoperability, reusability, and flexibility for the implementation of business processes. However, assuring the quality of SOA software is challenging due to the distributed, inhomogeneous, and often non-transparent nature of service building blocks. Especially security, which is an overarching quality concern of a system, poses a hard problem for quality assurance in a SOA context. We have developed SiSOA, a method for static security analysis of SOA systems based on reverse-engineering techniques to recover the software architecture and to extract security-related information from available system artifacts. In SiSOA, the extraction and aggregation of security facts is controlled by security rules stored in an extensible knowledge base. In this paper, we describe the structure of the SiSOA knowledge base, its underlying principles, and its role within the SiSOA methodology. We briefly survey our SiSOA prototype tool, and we illustrate the application of knowledge base rules with exemplary security scenarios.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"160 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124472315","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The enforcement of security policies in outsourced environments is still an open challenge for policy-based systems. On the one hand, taking the appropriate security decision requires access to the policies. However, if such access is allowed in an untrusted environment then confidential information might be leaked by the policies. Current solutions are based on cryptographic operations that embed security policies with the security mechanism. Therefore, the enforcement of such policies is performed by allowing the authorised parties to access the appropriate keys. We believe that such solutions are far too rigid because they strictly intertwine authorisation policies with the enforcing mechanism. In this paper, we want to address the issue of enforcing security policies in an untrusted environment while protecting the policy confidentiality. Our solution ESPOON is aiming at providing a clear separation between security policies and the enforcement mechanism. However, the enforcement mechanism should learn as less as possible about both the policies and the requester attributes.
{"title":"ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments","authors":"M. R. Asghar, Mihaela Ion, G. Russello, B. Crispo","doi":"10.1109/ARES.2011.23","DOIUrl":"https://doi.org/10.1109/ARES.2011.23","url":null,"abstract":"The enforcement of security policies in outsourced environments is still an open challenge for policy-based systems. On the one hand, taking the appropriate security decision requires access to the policies. However, if such access is allowed in an untrusted environment then confidential information might be leaked by the policies. Current solutions are based on cryptographic operations that embed security policies with the security mechanism. Therefore, the enforcement of such policies is performed by allowing the authorised parties to access the appropriate keys. We believe that such solutions are far too rigid because they strictly intertwine authorisation policies with the enforcing mechanism. In this paper, we want to address the issue of enforcing security policies in an untrusted environment while protecting the policy confidentiality. Our solution ESPOON is aiming at providing a clear separation between security policies and the enforcement mechanism. However, the enforcement mechanism should learn as less as possible about both the policies and the requester attributes.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123212540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In dynamic and uncertain environments such as healthcare, where the needs of security and information availability are difficult to balance, an access control approach based on a static policy will be suboptimal regardless of how comprehensive it is. The uncertainty stems from the unpredictability of users' operational needs as well as their private incentives to misuse permissions. In Role Based Access Control (RBAC), a user's legitimate access request may be denied because its need has not been anticipated by the security administrator. Alternatively, even when the policy is correctly specified an authorised user may accidentally or intentionally misuse the granted permission. This paper introduces a novel approach to access control under uncertainty and presents it in the context of RBAC. By taking insights from the field of economics, in particular the insurance literature, we propose a formal model where the value of resources are explicitly defined and an RBAC policy (entailing those predictable access needs) is only used as a reference point to determine the price each user has to pay for access, as opposed to representing hard and fast rules that are always rigidly applied.
{"title":"An Approach to Access Control under Uncertainty","authors":"Farzad Salim, Jason Reid, E. Dawson, U. Dulleck","doi":"10.1109/ARES.2011.11","DOIUrl":"https://doi.org/10.1109/ARES.2011.11","url":null,"abstract":"In dynamic and uncertain environments such as healthcare, where the needs of security and information availability are difficult to balance, an access control approach based on a static policy will be suboptimal regardless of how comprehensive it is. The uncertainty stems from the unpredictability of users' operational needs as well as their private incentives to misuse permissions. In Role Based Access Control (RBAC), a user's legitimate access request may be denied because its need has not been anticipated by the security administrator. Alternatively, even when the policy is correctly specified an authorised user may accidentally or intentionally misuse the granted permission. This paper introduces a novel approach to access control under uncertainty and presents it in the context of RBAC. By taking insights from the field of economics, in particular the insurance literature, we propose a formal model where the value of resources are explicitly defined and an RBAC policy (entailing those predictable access needs) is only used as a reference point to determine the price each user has to pay for access, as opposed to representing hard and fast rules that are always rigidly applied.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117161812","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Benchmarking the security of web applications is complex and, although there are many proposals of metrics, no consensual quantitative security metric has been proposed so far. Static analysis is an effective approach for detecting vulnerabilities, but the complexity of applications and the large variety of vulnerabilities prevent any single tool from being foolproof. In this application paper we investigate the hypothesis of combining the output of multiple static code analyzers to define metrics for comparing the trustworthiness of web applications. Various experiments, including a benchmarking campaign over seven distinct open source web forums, show that the raw number of vulnerabilities reported by a set of tools allows rough trustworthiness comparison. We also study the use of normalization and false positive rate estimation to calibrate the output of each tool. Results show that calibration allows computing a very accurate metric that can be used to easily and automatically compare different applications.
{"title":"Trustworthiness Benchmarking of Web Applications Using Static Code Analysis","authors":"Afonso Araújo Neto, M. Vieira","doi":"10.1109/ARES.2011.37","DOIUrl":"https://doi.org/10.1109/ARES.2011.37","url":null,"abstract":"Benchmarking the security of web applications is complex and, although there are many proposals of metrics, no consensual quantitative security metric has been proposed so far. Static analysis is an effective approach for detecting vulnerabilities, but the complexity of applications and the large variety of vulnerabilities prevent any single tool from being foolproof. In this application paper we investigate the hypothesis of combining the output of multiple static code analyzers to define metrics for comparing the trustworthiness of web applications. Various experiments, including a benchmarking campaign over seven distinct open source web forums, show that the raw number of vulnerabilities reported by a set of tools allows rough trustworthiness comparison. We also study the use of normalization and false positive rate estimation to calibrate the output of each tool. Results show that calibration allows computing a very accurate metric that can be used to easily and automatically compare different applications.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115354041","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: