A symbolic framework for multi-faceted security protocol analysis

Verification of software systems, and security protocol analysis as a particular case, requires frameworks that are expressive, so as to properly capture the relevant aspects of the system and its properties, formal, so as to be provably correct, and with a computational counterpart, so as to support the (semi-) automated certification of properties. Additionally, security protocols also present hidden assumptions about the context, specific subtleties due to the nature of the problem and sources of complexity that tend to make verification incomplete. We introduce a verification framework that is expressive enough to capture a few relevant aspects of the problem, like symmetric and asymmetric cryptography and multi-session analysis, and to make assumptions explicit, e.g., the hypotheses about the initial sharing of secret keys among honest (and malicious) participants. It features a clear separation between the modeling of the protocol functioning and the properties it is expected to enforce, the former in terms of a calculus, the latter in terms of a logic. This framework is grounded on a formal theory that allows us to prove the correctness of the verification carried out within the fully fledged model. It overcomes incompleteness by performing the analysis at a symbolic level of abstraction, which, moreover, transforms into executable verification tools.     

A security evaluation framework for cloud security auditing

Cloud computing is clearly one of today’s most enticing technologies due to its scalable, flexible, and cost-efficient access to infrastructure and application services. Despite these benefits, cloud service users (CSUs) have serious concerns about the data security and privacy. Currently, there are several cloud service providers (CSPs) offering a wide range of services to their customers with varying levels of security strengths. Due to the vast diversity in the available cloud services, from the customer’s perspective, it has become difficult to decide which CSP they should use and what should be the selection criteria. Presently, there is no framework that can allow CSUs to evaluate CSPs based on their ability to meet the customer’s security requirements. We propose a framework and a mechanism that evaluate the security strength of CSPs based on the customer’s security preferences. We have shown the applicability of our security evaluation framework using a case study.     

Vulnerability impact analysis framework for network security

Monitoring and quantifying component behavior is key to make network systems security and robust. This paper proposes an online monitoring and analysis framework based on agents for monitoring, analyzing and quantifying network vulnerability in real time. It proposes an algorithm for valuation of network components to populate an asset list with ＂＇criticality＂ values for impact analysis, and presents impact factors calculating methods to quantify how attacks and faults impact network performance and services. System administrators can use the framework to analyze and proactively manage the effects of complex network faults and attacks and recover accordingly.     

A framework for the governance of information security

This paper highlights the importance of protecting an organization's vital business information assets by investigating several fundamental considerations that should be taken into account in this regard. Based on this, it is illustrated that information security should be a priority of executive management, including the Board and CEO and should therefore commence as a corporate governance responsibility. This paper, therefore, motivates that there is a need to integrate information security into corporate governance through the development of an information security governance (ISG) framework. This paper further proposes such a framework to aid an organization in its ISG efforts.     

企业级工控实时数据库研究与实现

在工控领域中,企业实时数据的管理和共享是企业在提高自动化程度过程中面临的重要课题。该文在着重分析了工控领域中实时数据库的应用需求之后,详细介绍了实时数据库系统Ａｇｉｌｏｒ开放式的系统结构及其数据处理中所采用的关键技术。     

A temporal logic-based planning and execution monitoring framework for unmanned aircraft systems

Research with autonomous unmanned aircraft systems is reaching a new degree of sophistication where targeted missions require complex types of deliberative capability integrated in a practical manner in such systems. Due to these pragmatic constraints, integration is just as important as theoretical and applied work in developing the actual deliberative functionalities. In this article, we present a temporal logic-based task planning and execution monitoring framework and its integration into a fully deployed rotor-based unmanned aircraft system developed in our laboratory. We use a very challenging emergency services application involving body identification and supply delivery as a vehicle for showing the potential use of such a framework in real-world applications. TALplanner, a temporal logic-based task planner, is used to generate mission plans. Building further on the use of TAL (Temporal Action Logic), we show how knowledge gathered from the appropriate sensors during plan execution can be used to create state structures, incrementally building a partial logical model representing the actual development of the system and its environment over time. We then show how formulas in the same logic can be used to specify the desired behavior of the system and its environment and how violations of such formulas can be detected in a timely manner in an execution monitor subsystem. The pervasive use of logic throughout the higher level deliberative layers of the system architecture provides a solid shared declarative semantics that facilitates the transfer of knowledge between different modules.     

A novel logic-based automatic approach to constructing compliant security policies

It is significant to automatically detect and resolve the incompliance in security policy.Most existing works in this field focus on compliance verification,and few of them provide approaches to automatically correct the incompliant security policies.This paper proposes a novel approach to automatically transform a given security policy into a compliant one.Given security policy Π and delegation policy M declared by logic programs,the approach automatically rewrites Π into a new one ΠM which is compliant with M and is readable by the humans.We prove that the algorithm is sound and complete under noninterference assumption.Formally,we show that the security policy query evaluation algorithm with conflict and unsettlement resolution still works very well on ΠM.The approach is automatic,so it doesn’t require a administrator with excess abilities.In this sense,our proposal can help us to save much manpower resource in security management and improves the security assurance abilities.     

A UML-based static verification framework for security

Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language.     

Temporal logic-based deadlock analysis for Ada

A temporal logic-based specification language and deadlock analyzer for Ada is described. The deadlock analyzer is intended for use within Timebench, a concurrent system-design environment with support for Ada. The specification language, COL, uses linear-time temporal logic to provide a formal basis for axiomatic reasoning. The deadlock analysis tool uses the reasoning power of COL to demonstrate that Ada designs specified in COL are systemwide deadlock-free: in essence, it uses a specialized theorem prover to deduce the absence of deadlock. The deadlock algorithm is shown to be decidable for finite systems and acceptable otherwise. It is also shown to have a worst-case computational complexity that is exponential with the number of tasks. The analyzer has been implemented in Prolog. Numerous examples are evaluated using the analyzer, including readers and writers, gas station, five dining philosophers, and a layered communications system. The results indicate that analysis time is reasonable for moderate designs in spite of the worst-case complexity of the algorithm     

工业串联系统的广义预测控制

针对由一系列环节串联而成的工业对象，提出一种利用过程中间可测变量进行预测和反馈，并能对这些变量的变化率加以限制的预测控制算法。仿真结果表明该算法具有良好的抗干扰性和鲁棒性。     

A logic-based approach to program flow analysis

A formalism is presented for tracking assertions which hold universally, i.e., at the end of all the execution paths to a given program point, and assertions which hold existentially, i.e., at the end of some execution paths. In the formalism, the assertions which hold at a given execution path are uniformly defined by an entry environment which contains the assertions which hold when the execution of the program begins and an environment transformer for every program construct. The novel aspect of our formalism is that Horn clauses are used to specify the consistent environments and the meaning of program constructs. The best iterative algorithm (a notion defined by P. Cousot and R. Cousot) for tracking universal and existential assertions simultaneously is given. Conditions are presented under which the best iterative algorithm can be efficiently implemented. The formalism is applied to the pointer equality problem in Pascal. It is shown that universal pointer equalities may be used to reduce the number of superfluous existential equalities, and that existential equalities may be used to obtain more universal equalities. Recent empirical results indicate that tracking the combination of may and must equalities leads to substantial improvements in the result of the analysis. For programs without recursively defined records, the best iterative algorithm can be effectively implemented. These results apply to multiple levels of pointers and can be extended to handle possibly recursive procedures. However, for programs with recursively defined data types further approximations are necessary, e.g., by using a finite graph to model all the possible pointer equalities. For simplicity, this paper does not present an analysis algorithm for this case. Received: 2 September 1991 / 25 June 1997     

Finite-tree analysis for constraint logic-based languages

Logic languages based on the theory of rational, possibly infinite, trees have much appeal in that rational trees allow for faster unification (due to the safe omission of the occurs-check) and increased expressivity (cyclic terms can provide very efficient representations of grammars and other useful objects). Unfortunately, the use of infinite rational trees has problems. For instance, many of the built-in and library predicates are ill-defined for such trees and need to be supplemented by run-time checks whose cost may be significant. Moreover, some widely used program analysis and manipulation techniques are correct only for those parts of programs working over finite trees. It is thus important to obtain, automatically, a knowledge of the program variables (the finite variables) that, at the program points of interest, will always be bound to finite terms. For these reasons, we propose here a new data-flow analysis, based on abstract interpretation, that captures such information. We present a parametric domain where a simple component for recording finite variables is coupled, in the style of the open product construction of Cortesi et al., with a generic domain (the parameter of the construction) providing sharing information. The sharing domain is abstractly specified so as to guarantee the correctness of the combined domain and the generality of the approach. This finite-tree analysis domain is further enhanced by coupling it with a domain of Boolean functions, called finite-tree dependencies, that precisely captures how the finiteness of some variables influences the finiteness of other variables. We also summarize our experimental results showing how finite-tree analysis, enhanced with finite-tree dependencies, is a practical means of obtaining precise finiteness information.     

A security framework for cloud-based video surveillance system

Multimedia Tools and Applications - Utilizing cloud services in running large-scale video surveillance systems is not uncommon. However, special attention should be given to data security and...     

Internet-Based Control of Industrial Automation Systems

This paper presents a new method for Internet-based control of linear automation systems by combining the predictive control and the variable sampling period strategies. In this way, event driven sensors are implemented and the sensors are triggered to sample the outputs of the plant, when new control input signals are received by the actuators. Therefore, at each sampling instant, total control loop delay will be equal to the sampling period which is unknown. In order to deal with Internet effects, associated with a range of pre-specified time delays, appropriate zero-order hold discrete-time models of the Internet-based plant are calculated off-line, and based on them, some stabilizing control signals are constructed on-line. This control signals are then packed in the control-side packet, transmitted back to the plant-side and received by a time delay compensator module. According to the actually occurred time delay in the loop, this module selects a single entry of the received control vector for each actuator, and applies them to the plant, through zero-order hold elements. Simultaneously, the sensors are triggered to measure the new plant data, the plant-side packet is assembled and transmitted to the control-side. The above procedure is then repeated from start. A less conservative switched quadratic Lyapunov is used here for stabilizing controller design. Simulation studies on well-known benchmark problems demonstrate the effectiveness of the proposed method.     

A PK-SIM card based end-to-end security framework for SMS

Since the first SMS (Short Message Services) message was sent in the UK in 1992, the SMS has become a mass communication tool and has been broadly used in mobile business applications. But the security issue of the SMS has often been considered as a crucial barrier to its application in many fields that need strong authentication and confidentiality, such as mobile-commerce. The Subscriber Identity Module (SIM) inside mobile phones is a tamper resistant device which contains strong authentication mechanism and has been used in remote user authentication system, e.g. WIM¹ card in Wireless Application Protocol (WAP). In this contribution, we design and realize a secure SIM card, named PK-SIM card, which is a standard SIM card with additional PKI functionality; based on the PK-SIM card, we present a security framework offering solutions for the development of secure mobile business applications using SMS as bearer. The security framework consists of a client device, in which a PK-SIM card is used to store security credentials, a Secure Access Gateway (SAG) which is used to receive and send secure SMS messages, a trusted third-party, Certification Authority (CA), which provides a public-key certification service and a Mobile Operator which provides the communication infrastructure for the SMS. Then we propose an authentication and session key distribution protocol which provides end-to-end security between the PK-SIM card and the SAG, and give a formal security analysis to the proposed protocol based on BAN authentication logic². Lastly, we provide a typical application of the security framework in Mobile Police Information System. The evaluations of the system have proved that the security framework is suitable for actual needs both in speed and security.     

A security framework for protecting traffic between collaborative domains

In this paper, we propose a novel Secure Name Service (SNS) framework for enhancing the service availability between collaborative domains (e.g. extranets). The key idea is to enforce packet authentication through resource virtualization and utilize dynamic name binding to protect servers from unauthorized accesses, denial of service (DOS) and other attacks. Different from traditional static network security schemes such as VPN, the dynamic name binding of SNS allows us to actively protect critical resources through distributed filtering mechanisms built in collaborative domains. In this paper, we present the architecture of the SNS framework, the design of SNS naming scheme, and the design of authenticated packet forwarding. We have implemented the prototype of authenticated packet forwarding mechanism on Linux platforms. Our experimental results demonstrate that regular Linux platforms are sufficient to support the SNS authenticated packet forwarding for 100 Mbps and 1 Gbps Ethernet LANs. To further improve the performance and scalability, we have also designed and implemented unique two-layer fast name lookup schemes.