Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757468
T. Hartog, G. Kleinhuis
Introducing security and security functionality in a large scale communication and information system will increase the complexity of these systems. Complexity in general is seen as an important aspect of possible insecure systems. In this paper we describe the threats that need to be addressed if a specific security solution like the DESEREC (dependability and security by enhanced reconfigurability) framework is deployed in a large scale communication and information system. Also the necessary minimal countermeasures and corresponding security requirements are described. This work reflects our experiences within the DESEREC project, partly funded by the European Union.
{"title":"Security analysis of the Dependability, Security Reconfigurability framework","authors":"T. Hartog, G. Kleinhuis","doi":"10.1109/CRISIS.2008.4757468","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757468","url":null,"abstract":"Introducing security and security functionality in a large scale communication and information system will increase the complexity of these systems. Complexity in general is seen as an important aspect of possible insecure systems. In this paper we describe the threats that need to be addressed if a specific security solution like the DESEREC (dependability and security by enhanced reconfigurability) framework is deployed in a large scale communication and information system. Also the necessary minimal countermeasures and corresponding security requirements are described. This work reflects our experiences within the DESEREC project, partly funded by the European Union.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115977125","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757459
Slim Kallel, A. Charfi, M. Mezini, M. Jmaiel
Delegation is a powerful concept in access control systems, which allows users to assign all or part of their permissions to other users. Several types of delegation models for role-based access control have been proposed so far. However, most existing works focus on the specification of delegation policies and there is very little work on the monitoring and enforcement of such policies at runtime. In this paper, we use a security approach combining formal methods and aspect-oriented programming for specifying and enforcing delegation policies. In our approach, delegation models and their characteristics are specified formally using TemporalZ, which is a combination of Z notation and temporal logic. Then, we verify the formal specification to ensure consistency using theorem proving. Finally, we generate automatically a set of aspects in the aspect-oriented language ALPHA from the TemporalZ specifications. These aspects enforce the specified delegation policies at runtime.
{"title":"Aspect-based enforcement of formal delegation policies","authors":"Slim Kallel, A. Charfi, M. Mezini, M. Jmaiel","doi":"10.1109/CRISIS.2008.4757459","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757459","url":null,"abstract":"Delegation is a powerful concept in access control systems, which allows users to assign all or part of their permissions to other users. Several types of delegation models for role-based access control have been proposed so far. However, most existing works focus on the specification of delegation policies and there is very little work on the monitoring and enforcement of such policies at runtime. In this paper, we use a security approach combining formal methods and aspect-oriented programming for specifying and enforcing delegation policies. In our approach, delegation models and their characteristics are specified formally using TemporalZ, which is a combination of Z notation and temporal logic. Then, we verify the formal specification to ensure consistency using theorem proving. Finally, we generate automatically a set of aspects in the aspect-oriented language ALPHA from the TemporalZ specifications. These aspects enforce the specified delegation policies at runtime.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121481820","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757476
M. Mostafa, A. A. E. Kalam, C. Fraboul
In order to effectively manage network resources and to serve different traffic needs, several works have been done in the QoS area. Basically, ldquomulti-field (MF) packet classifiersrdquo classify a packet by looking for multiple fields of the IP/TCP headers, recognize which flow the packet belongs to, and according to this information, provide service differentiation in IP networks. However, for security purposes, existing security protocols (such as the IPSec Encapsulating Security Payload (ESP) algorithm) hides much of this information in their encrypted payloads, preventing network control devices such as routers and switches from utilizing this information in performing classification appropriately. The ESPQ (ESP considered QoS) protocol deals with this problem but unfortunately, it has some security weaknesses. In this paper we present the ESPQ vulnerabilities and we propose EESP (Enhanced encapsulated security payload) as a security protocol that provides both security and QoS.
{"title":"EESP: A Security protocol that supports QoS management","authors":"M. Mostafa, A. A. E. Kalam, C. Fraboul","doi":"10.1109/CRISIS.2008.4757476","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757476","url":null,"abstract":"In order to effectively manage network resources and to serve different traffic needs, several works have been done in the QoS area. Basically, ldquomulti-field (MF) packet classifiersrdquo classify a packet by looking for multiple fields of the IP/TCP headers, recognize which flow the packet belongs to, and according to this information, provide service differentiation in IP networks. However, for security purposes, existing security protocols (such as the IPSec Encapsulating Security Payload (ESP) algorithm) hides much of this information in their encrypted payloads, preventing network control devices such as routers and switches from utilizing this information in performing classification appropriately. The ESPQ (ESP considered QoS) protocol deals with this problem but unfortunately, it has some security weaknesses. In this paper we present the ESPQ vulnerabilities and we propose EESP (Enhanced encapsulated security payload) as a security protocol that provides both security and QoS.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127385280","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1504/IJICS.2009.031041
N. Cuppens-Boulahia, F. Cuppens, J. D. Vergara, Enrique Vázquez, Javier Guerra, Hervé Debar
To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.
{"title":"An ontology-based approach to react to network attacks","authors":"N. Cuppens-Boulahia, F. Cuppens, J. D. Vergara, Enrique Vázquez, Javier Guerra, Hervé Debar","doi":"10.1504/IJICS.2009.031041","DOIUrl":"https://doi.org/10.1504/IJICS.2009.031041","url":null,"abstract":"To address the evolution of security incidents in current communication networks it is important to react quickly and efficiently to an attack. The RED (Reaction after Detection) project is defining and designing solutions to enhance the detection/reaction process, improving the overall resilience of IP networks to attacks and help telecommunication and service providers to maintain sufficient quality of service and respect service level agreements. Within this project, a main component is in charge of instantiating new security policies that counteract the network attacks. This paper proposes an ontology-based approach to instantiate these security policies. This technology provides a way to map alerts into attack contexts, which are used to identify the policies to be applied in the network to solve the threat. For this, ontologies to describe alerts and policies are defined, using inference rules to perform such mappings.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121623870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757482
Philippe Andouard, Olivier Ly, Davy Rouillard
Reading and understanding the structure of assembly code is often a tedious and difficult task. It becomes much more difficult when exact timing analysis on control flow paths is required to detect timing attacks. We describe our semi-automated tool VisAA used for visualization of control flow information and timing analysis of execution paths to detect portions of code vulnerable to timing attacks on 8-bit AVR microchip assembly code. Our system provides a great aid by saving much human effort in unravelling and analyzing assembly code.
{"title":"VisAA: Visual analyzer for assembler","authors":"Philippe Andouard, Olivier Ly, Davy Rouillard","doi":"10.1109/CRISIS.2008.4757482","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757482","url":null,"abstract":"Reading and understanding the structure of assembly code is often a tedious and difficult task. It becomes much more difficult when exact timing analysis on control flow paths is required to detect timing attacks. We describe our semi-automated tool VisAA used for visualization of control flow information and timing analysis of execution paths to detect portions of code vulnerable to timing attacks on 8-bit AVR microchip assembly code. Our system provides a great aid by saving much human effort in unravelling and analyzing assembly code.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129178008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757470
Khaled Barbaria, Belhassen Zouari
The quality and the timeliness of the detection of massive attacks significantly limit their great danger. In this paper, we describe an existing solution based on a centralized treatment of threat reports generated by probes deployed at the edges of a national Cyber-space. We also propose a more reliable architecture based on a consensus algorithm that solves the interactive consistency problem under the Byzantine assumptions. We prove the correctness of our algorithm and show its contribution to the early detection of massive attacks.
{"title":"A Byzantine solution to early detect massive attacks","authors":"Khaled Barbaria, Belhassen Zouari","doi":"10.1109/CRISIS.2008.4757470","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757470","url":null,"abstract":"The quality and the timeliness of the detection of massive attacks significantly limit their great danger. In this paper, we describe an existing solution based on a centralized treatment of threat reports generated by probes deployed at the edges of a national Cyber-space. We also propose a more reliable architecture based on a consensus algorithm that solves the interactive consistency problem under the Byzantine assumptions. We prove the correctness of our algorithm and show its contribution to the early detection of massive attacks.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126531053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757466
Kamel Barkaoui, R. Ayed, H. Boucheneb, A. Hicheur
Traditional modelling and analysis of workflow aims at verifying the correctness of its control flow. When dealing with workflow security, the compliance of information flow with the adopted security policies needs also to be analyzed. In this paper, we propose a two-steps verification approach. While the first step is concerned by soundness of the workflow, the second one is concerned by the data consistency with respect to a multilevel security policy where the granting of access rights to objects by the workflow system is done according to information flow rules of Bell-LaPadula model. Our approach is based on the ECATNet formalism. It offers means to incorporate the security constraints on information flow into an initial WF net modeling the control flow of a workflow specification. We then show how to analyze the impact of the security rules on the whole Workflow through the model checker of the MAUDE environment and how to relax them before producing the correct specification and submitting it to the workflow system.
{"title":"Verification of Workflow processes under multilevel security considerations","authors":"Kamel Barkaoui, R. Ayed, H. Boucheneb, A. Hicheur","doi":"10.1109/CRISIS.2008.4757466","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757466","url":null,"abstract":"Traditional modelling and analysis of workflow aims at verifying the correctness of its control flow. When dealing with workflow security, the compliance of information flow with the adopted security policies needs also to be analyzed. In this paper, we propose a two-steps verification approach. While the first step is concerned by soundness of the workflow, the second one is concerned by the data consistency with respect to a multilevel security policy where the granting of access rights to objects by the workflow system is done according to information flow rules of Bell-LaPadula model. Our approach is based on the ECATNet formalism. It offers means to incorporate the security constraints on information flow into an initial WF net modeling the control flow of a workflow specification. We then show how to analyze the impact of the security rules on the whole Workflow through the model checker of the MAUDE environment and how to relax them before producing the correct specification and submitting it to the workflow system.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126842433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757477
F. Mili, S. Ghanekar, Nancy Alrajei
Protecting computer networks from accidental and malicious harm is a critical issue. Researchers have sought a variety of solutions ranging from the purely statistical approach to approaches inspired from a variety of fields such as economics and biology. In this paper, we focus on the issue of intruder detection and propose two complementary approaches, one economics-based, the other biology-inspired. We discuss the effectiveness of these two approaches put together as compared to each one alone based on Matlab simulations.
{"title":"Economic-based vs. nature-inspired intruder detection in sensor networks","authors":"F. Mili, S. Ghanekar, Nancy Alrajei","doi":"10.1109/CRISIS.2008.4757477","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757477","url":null,"abstract":"Protecting computer networks from accidental and malicious harm is a critical issue. Researchers have sought a variety of solutions ranging from the purely statistical approach to approaches inspired from a variety of fields such as economics and biology. In this paper, we focus on the issue of intruder detection and propose two complementary approaches, one economics-based, the other biology-inspired. We discuss the effectiveness of these two approaches put together as compared to each one alone based on Matlab simulations.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127317230","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757483
Naoyuki Nagatou
We algebraically characterize a class of enforceable security policies by execution monitoring using a modal logic. We regard monitors as processes in Milnerpsilas CCS and security policies as formulas in the modal logic. We show that a set of processes occurring in a monitor must be within the greatest fixed point for the formula, following Schneiderpsilas definition on execution monitors. We also consider monitors that can derive some sequences from a single captured action sequence. To discuss such monitors, we introduce variables ranging over sets of processes in CCS. We then show that there is fixed points under the extension. This work may help us to understand such monitors to detect covert channels at run time and to analyze safety properties for multithreads, which need to examine multiple paths.
{"title":"Revisiting enforceable security policies","authors":"Naoyuki Nagatou","doi":"10.1109/CRISIS.2008.4757483","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757483","url":null,"abstract":"We algebraically characterize a class of enforceable security policies by execution monitoring using a modal logic. We regard monitors as processes in Milnerpsilas CCS and security policies as formulas in the modal logic. We show that a set of processes occurring in a monitor must be within the greatest fixed point for the formula, following Schneiderpsilas definition on execution monitors. We also consider monitors that can derive some sequences from a single captured action sequence. To discuss such monitors, we introduce variables ranging over sets of processes in CCS. We then show that there is fixed points under the extension. This work may help us to understand such monitors to detect covert channels at run time and to analyze safety properties for multithreads, which need to examine multiple paths.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115305282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2008-10-01DOI: 10.1109/CRISIS.2008.4757486
Komminist Weldemariam, Adolfo Villafiorita
We are involved in a project related to the evaluation and possible introduction of e-voting for elections held in the Autonomous Province of Trento. One of the goals of the project is defining the laws and the procedures that will regulate e-voting and guarantee the same or an higher level of security than the traditional, paper-based, elections. To do so, we are tackling the problem (also) at the procedural level, namely, we are trying to understand weaknesses and strengths of the procedures regulating elections in Italy, in order to analyze possible attacks and their effects. The analyzes are based on formal specifications of the procedures and on model checkers to help us derive possible attacks. We believe the approach to be useful to help us systematically identifying the limits of the current procedures (i.e. under what hypotheses attacks are undetectable) and, consequently, to state more precisely under what hypotheses and conditions we can guarantee reasonably secure elections.
{"title":"Formal procedural security modeling and analysis","authors":"Komminist Weldemariam, Adolfo Villafiorita","doi":"10.1109/CRISIS.2008.4757486","DOIUrl":"https://doi.org/10.1109/CRISIS.2008.4757486","url":null,"abstract":"We are involved in a project related to the evaluation and possible introduction of e-voting for elections held in the Autonomous Province of Trento. One of the goals of the project is defining the laws and the procedures that will regulate e-voting and guarantee the same or an higher level of security than the traditional, paper-based, elections. To do so, we are tackling the problem (also) at the procedural level, namely, we are trying to understand weaknesses and strengths of the procedures regulating elections in Italy, in order to analyze possible attacks and their effects. The analyzes are based on formal specifications of the procedures and on model checkers to help us derive possible attacks. We believe the approach to be useful to help us systematically identifying the limits of the current procedures (i.e. under what hypotheses attacks are undetectable) and, consequently, to state more precisely under what hypotheses and conditions we can guarantee reasonably secure elections.","PeriodicalId":346123,"journal":{"name":"2008 Third International Conference on Risks and Security of Internet and Systems","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2008-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123305434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: