A symbolic framework for multi-faceted security protocol analysis

Verification of software systems, and security protocol analysis as a particular case, requires frameworks that are expressive, so as to properly capture the relevant aspects of the system and its properties, formal, so as to be provably correct, and with a computational counterpart, so as to support the (semi-) automated certification of properties. Additionally, security protocols also present hidden assumptions about the context, specific subtleties due to the nature of the problem and sources of complexity that tend to make verification incomplete. We introduce a verification framework that is expressive enough to capture a few relevant aspects of the problem, like symmetric and asymmetric cryptography and multi-session analysis, and to make assumptions explicit, e.g., the hypotheses about the initial sharing of secret keys among honest (and malicious) participants. It features a clear separation between the modeling of the protocol functioning and the properties it is expected to enforce, the former in terms of a calculus, the latter in terms of a logic. This framework is grounded on a formal theory that allows us to prove the correctness of the verification carried out within the fully fledged model. It overcomes incompleteness by performing the analysis at a symbolic level of abstraction, which, moreover, transforms into executable verification tools.     

A security evaluation framework for cloud security auditing

Cloud computing is clearly one of today’s most enticing technologies due to its scalable, flexible, and cost-efficient access to infrastructure and application services. Despite these benefits, cloud service users (CSUs) have serious concerns about the data security and privacy. Currently, there are several cloud service providers (CSPs) offering a wide range of services to their customers with varying levels of security strengths. Due to the vast diversity in the available cloud services, from the customer’s perspective, it has become difficult to decide which CSP they should use and what should be the selection criteria. Presently, there is no framework that can allow CSUs to evaluate CSPs based on their ability to meet the customer’s security requirements. We propose a framework and a mechanism that evaluate the security strength of CSPs based on the customer’s security preferences. We have shown the applicability of our security evaluation framework using a case study.     

Vulnerability impact analysis framework for network security

Monitoring and quantifying component behavior is key to make network systems security and robust. This paper proposes an online monitoring and analysis framework based on agents for monitoring, analyzing and quantifying network vulnerability in real time. It proposes an algorithm for valuation of network components to populate an asset list with ＂＇criticality＂ values for impact analysis, and presents impact factors calculating methods to quantify how attacks and faults impact network performance and services. System administrators can use the framework to analyze and proactively manage the effects of complex network faults and attacks and recover accordingly.     

A temporal logic-based planning and execution monitoring framework for unmanned aircraft systems

Research with autonomous unmanned aircraft systems is reaching a new degree of sophistication where targeted missions require complex types of deliberative capability integrated in a practical manner in such systems. Due to these pragmatic constraints, integration is just as important as theoretical and applied work in developing the actual deliberative functionalities. In this article, we present a temporal logic-based task planning and execution monitoring framework and its integration into a fully deployed rotor-based unmanned aircraft system developed in our laboratory. We use a very challenging emergency services application involving body identification and supply delivery as a vehicle for showing the potential use of such a framework in real-world applications. TALplanner, a temporal logic-based task planner, is used to generate mission plans. Building further on the use of TAL (Temporal Action Logic), we show how knowledge gathered from the appropriate sensors during plan execution can be used to create state structures, incrementally building a partial logical model representing the actual development of the system and its environment over time. We then show how formulas in the same logic can be used to specify the desired behavior of the system and its environment and how violations of such formulas can be detected in a timely manner in an execution monitor subsystem. The pervasive use of logic throughout the higher level deliberative layers of the system architecture provides a solid shared declarative semantics that facilitates the transfer of knowledge between different modules.     

A framework for the governance of information security

This paper highlights the importance of protecting an organization's vital business information assets by investigating several fundamental considerations that should be taken into account in this regard. Based on this, it is illustrated that information security should be a priority of executive management, including the Board and CEO and should therefore commence as a corporate governance responsibility. This paper, therefore, motivates that there is a need to integrate information security into corporate governance through the development of an information security governance (ISG) framework. This paper further proposes such a framework to aid an organization in its ISG efforts.     

企业级工控实时数据库研究与实现

在工控领域中,企业实时数据的管理和共享是企业在提高自动化程度过程中面临的重要课题。该文在着重分析了工控领域中实时数据库的应用需求之后,详细介绍了实时数据库系统Ａｇｉｌｏｒ开放式的系统结构及其数据处理中所采用的关键技术。     

开放式工业自动化控制系统的软件框架

提出了一种用于工业自动化领域的开放式控制系统软件框架,简称OCSIA软件框架。OCSIA软件框架具有层次化结构,从低到高依次是基础驱动层、核心控制层和监管应用层。基础驱动层负责直接驱动包括串口、并口、现场总线等各种接口类型的物理设备,并作为数据服务器,以通道的形式向上层提供硬件无关接口。核心控制层通过通道与基础驱动层通信,实现对物理设备的间接控制;并实时监测系统状态,在系统状态发生异常时,向监管应用层发送报警信息。监管应用层提供系统监管人员与系统的交互接口,方便系统监管人员对系统运行环境的实时监视和控制。通过设计和实现一个传输控制系统的实例模型验证了OCSIA软件框架的正确性和可行性。     

A novel logic-based automatic approach to constructing compliant security policies

It is significant to automatically detect and resolve the incompliance in security policy.Most existing works in this field focus on compliance verification,and few of them provide approaches to automatically correct the incompliant security policies.This paper proposes a novel approach to automatically transform a given security policy into a compliant one.Given security policy Π and delegation policy M declared by logic programs,the approach automatically rewrites Π into a new one ΠM which is compliant with M and is readable by the humans.We prove that the algorithm is sound and complete under noninterference assumption.Formally,we show that the security policy query evaluation algorithm with conflict and unsettlement resolution still works very well on ΠM.The approach is automatic,so it doesn’t require a administrator with excess abilities.In this sense,our proposal can help us to save much manpower resource in security management and improves the security assurance abilities.     

Adaptive fuzzy logic-based framework for software development effort prediction

Algorithmic effort prediction models are limited by their inability to cope with uncertainties and imprecision present in software projects early in the development life cycle. In this paper, we present an adaptive fuzzy logic framework for software effort prediction. The training and adaptation algorithms implemented in the framework tolerates imprecision, explains prediction rationale through rules, incorporates experts knowledge, offers transparency in the prediction system, and could adapt to new environments as new data becomes available. Our validation experiment was carried out on artificial datasets as well as the COCOMO public database. We also present an experimental validation of the training procedure employed in the framework.     

A UML-based static verification framework for security

Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language.     

A security framework for reflective Java applications

The advent of component‐based reflective applications raises the issue of protecting baselevel components from the actions performed by metalevel components. However, by their very nature, reflective applications are far more difficult to secure than non‐reflective applications, which certainly explains why the problem has received very little attention so far. In this paper we present a security framework for enforcing access control between metalevel components and the baselevel components they reflect on. Rather than designing a new security architecture from scratch, we extend the standard security architecture of Java to provide security for a fully‐functional proxy‐based MOP for Java. We implement a number of well‐known meta‐level behaviors and study their security requirements, the results of which support our design choices. Copyright © 2003 John Wiley & Sons, Ltd.     

工业串联系统的广义预测控制

针对由一系列环节串联而成的工业对象，提出一种利用过程中间可测变量进行预测和反馈，并能对这些变量的变化率加以限制的预测控制算法。仿真结果表明该算法具有良好的抗干扰性和鲁棒性。     

工业控制系统入侵检测技术综述

随着工业控制系统(industrial control systems, ICS)的逐渐开放,暴露出严重的脆弱性问题.入侵检测作为重要的安全防御措施,根据误用和行为检测,可及时发现可能或潜在的入侵行为.首先,介绍了ICS的系统架构及特性,并对ICS的安全理念进行阐释;其次,依据ICS的特性,给出了对工业控制入侵检测系统(intrusion detection system, IDS)(简写为ICS IDS)的需求和解释;再次,基于检测对象角度,从流量检测、协议检测、设备状态检测3个方面,对现有的ICS IDS技术、算法进行了分类及详细的分析;最后,从检测性能指标、检测技术、检测架构3个方面,对整个ICS IDS的研究趋势进行了展望.     

Temporal logic-based deadlock analysis for Ada

A temporal logic-based specification language and deadlock analyzer for Ada is described. The deadlock analyzer is intended for use within Timebench, a concurrent system-design environment with support for Ada. The specification language, COL, uses linear-time temporal logic to provide a formal basis for axiomatic reasoning. The deadlock analysis tool uses the reasoning power of COL to demonstrate that Ada designs specified in COL are systemwide deadlock-free: in essence, it uses a specialized theorem prover to deduce the absence of deadlock. The deadlock algorithm is shown to be decidable for finite systems and acceptable otherwise. It is also shown to have a worst-case computational complexity that is exponential with the number of tasks. The analyzer has been implemented in Prolog. Numerous examples are evaluated using the analyzer, including readers and writers, gas station, five dining philosophers, and a layered communications system. The results indicate that analysis time is reasonable for moderate designs in spite of the worst-case complexity of the algorithm     

A framework for automatic generation of security controller

This paper concerns the study, the development and the synthesis of mechanisms for guaranteeing the security of complex systems, i.e. systems composed of several interacting components. A complex system under analysis is described as an open system, i.e. a system in which an unspecified component (a component whose behaviour is not fixed in advance) interacts with the known part of the system. Within this formal approach, we propose techniques that aim at synthesize controller programs able to guarantee that, for all possible behaviours of the unspecified component, the system should work properly, e.g. it should be able to satisfy a certain property. For performing this task, we first need to identify the set of necessary and sufficient conditions that the unspecified component has to satisfy in order to ensure that the whole system is secure. Hence, by exploiting the satisfiability procedures for temporal logic, we automatically synthesize an appropriate controller program that forces the unspecified component to meet these conditions. This will ensure the security of the whole system. In particular, we contribute within the area of the enforcement of security properties by proposing a flexible and automated framework that goes beyond the definition of how a system should behave to work properly. Indeed, while the majority of the related work focuses on the definition of monitoring mechanisms, we also address the synthesis problem. Moreover, we describe a tool for the synthesis of secure systems which is able to generate appropriate controller programs. This tool is also able to translate the synthesized controller programs into the ConSpec language. ConSpec programs can be actually deployed for enforcing security policies on mobile Java applications by using the run‐time framework developed in the ambit of the European Project S3MS. Copyright © 2010 John Wiley & Sons, Ltd.     

A logic-based approach to program flow analysis

A formalism is presented for tracking assertions which hold universally, i.e., at the end of all the execution paths to a given program point, and assertions which hold existentially, i.e., at the end of some execution paths. In the formalism, the assertions which hold at a given execution path are uniformly defined by an entry environment which contains the assertions which hold when the execution of the program begins and an environment transformer for every program construct. The novel aspect of our formalism is that Horn clauses are used to specify the consistent environments and the meaning of program constructs. The best iterative algorithm (a notion defined by P. Cousot and R. Cousot) for tracking universal and existential assertions simultaneously is given. Conditions are presented under which the best iterative algorithm can be efficiently implemented. The formalism is applied to the pointer equality problem in Pascal. It is shown that universal pointer equalities may be used to reduce the number of superfluous existential equalities, and that existential equalities may be used to obtain more universal equalities. Recent empirical results indicate that tracking the combination of may and must equalities leads to substantial improvements in the result of the analysis. For programs without recursively defined records, the best iterative algorithm can be effectively implemented. These results apply to multiple levels of pointers and can be extended to handle possibly recursive procedures. However, for programs with recursively defined data types further approximations are necessary, e.g., by using a finite graph to model all the possible pointer equalities. For simplicity, this paper does not present an analysis algorithm for this case. Received: 2 September 1991 / 25 June 1997     

Finite-tree analysis for constraint logic-based languages

Logic languages based on the theory of rational, possibly infinite, trees have much appeal in that rational trees allow for faster unification (due to the safe omission of the occurs-check) and increased expressivity (cyclic terms can provide very efficient representations of grammars and other useful objects). Unfortunately, the use of infinite rational trees has problems. For instance, many of the built-in and library predicates are ill-defined for such trees and need to be supplemented by run-time checks whose cost may be significant. Moreover, some widely used program analysis and manipulation techniques are correct only for those parts of programs working over finite trees. It is thus important to obtain, automatically, a knowledge of the program variables (the finite variables) that, at the program points of interest, will always be bound to finite terms. For these reasons, we propose here a new data-flow analysis, based on abstract interpretation, that captures such information. We present a parametric domain where a simple component for recording finite variables is coupled, in the style of the open product construction of Cortesi et al., with a generic domain (the parameter of the construction) providing sharing information. The sharing domain is abstractly specified so as to guarantee the correctness of the combined domain and the generality of the approach. This finite-tree analysis domain is further enhanced by coupling it with a domain of Boolean functions, called finite-tree dependencies, that precisely captures how the finiteness of some variables influences the finiteness of other variables. We also summarize our experimental results showing how finite-tree analysis, enhanced with finite-tree dependencies, is a practical means of obtaining precise finiteness information.