Automated Verification of UMLsec Models for Security Requirements
|
|
- Elinor Anderson
- 5 years ago
- Views:
Transcription
1 Automated Verification of UMLsec Models for Security Requirements Jan Jürjens and Pasha Shabalin Software & Systems Engineering TU Munich, Germany
2 Secure Systems Development High quality development of securitycritical systems is difficult. Many systems developed, deployed, used that do not satisfy their criticality requirements, sometimes with spectacular attacks. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 2
3 Quality vs. Cost Correctness in conflict with cost. Thorough methods of system design not used if too expensive. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 3
4 Towards Solution Increase quality with bounded investment in time, costs. Idea: Extract models from artefacts arising in industrial development and use of critical systems (UML models, source code, configuration data). Tool-supported theoretically sound efficient automated critical analysis. Model-based Security Engineering Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 4
5 Model-based Development Combined strategy: Verify models against requirements Generate code from models where reasonable Write code and generate testsequences otherwise. Requirements Verify Models Codegen. Testgen. Code Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 5
6 The UMLsec Profile [Jur02] Recurring security requirements, adversary scenarios, concepts offered as stereotypes with tags on component-level. Use associated constraints to evaluate specifications and indicate possible weaknesses. Ensures that UML specification provides desired level of critical requirements. Link to code via test-sequence generation. Challenge: Automated verification! Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 6
7 Tool-support: Pragmatics Commercial modelling tools: so far mainly syntactic checks and code-generation. Goal: sophisticated analysis. Solution: Draw UML models with editor. Save UML models as XMI (XML dialect). Connect to verification tools (automated theorem prover, model-checker ), e.g. using XMI Data Binding. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 7
8 UML Processing M y A p p J M I M O F D R 3: generate [U M L.4 ] U M L.4 2 : in s ta n tia te M y U m l 4: M yu m l.xm i : xm l (U M L.4 M etam o del) Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 8
9 CSDUML Framework: Features Framework for analysis plug-ins to access UML models on conceptual level over various UI s. Exposes a set of commands. Has internal state (preserved between command calls). Framework and analysis tools accessible and available at Upload UML model (as.xmi file) on website. Analyse model for included critical requirements. Download report and UML model with highlighted weaknesses. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 9
10 Usage Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 0
11 Tool Interfaces Jan Jürjens, TU Munich: Automated Verification of UMLsec Models
12 Exposing Commands collect parameters call Initialise call getcommands Framework call executecommand Tool can create the command list system change Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 2
13 Formal semantics for UML Diagrams in context (using subsystems). Model actions and internal activities explicitly. Message exchange between objects or components (incl. event dispatching). For UMLsec: include adversary model arising from threat scenario in deployment diagram. Use Abstract State Machines (pseudo-code; extending [BorCavRic00]). Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 3
14 Automated Security Analysis Following Dolev, Yao (982): To analyze system, verify against attacker model from threat scenarios in deployment diagrams who may participate in some protocol runs, knows some data in advance, may intercept messages on some links, injects messages that it can produce in some links may access certain nodes. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 4
15 Cryptographic Expressions Exp: term algebra generated by Var U Keys U Data and _ :: _ (concatenation) and empty expression ℇ, { _ } _ (encryption) Dec ( ) (decryption) Sign ( ) (signing) Ext_( ) (extracting from signature) Hash( _ ) (hashing) by factoring out the equations and (for K Keys). Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 5
16 Adversary: Example Scenario A Adversary m(x) m(x) return({y::x} z ) return({z} k ) B [arg b,, = x] Adversary knowledge: k -, y, x {z} k, z Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 6
17 Translation to Model-Checker Spin (Holzmann): automated verification of finite-state reactive systems given as state transition systems (Promela code) against properties in Linear Time Logic (LTL). For complex cryptographic data types: use dynamic types (defined by building type graph from diagram). Behavioral specification, adversary model translated to Promela, security requirement to Never-claim. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 7
18 Example {adversary= default} {secrecy=s} Variant of TLS (SSL) proposed at IEEE Infocom 999. Goal: send secret protected by session key using fewer server resources. data security Internet Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 8
19 Man-in-the-Middle Attack Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 9
20 Applications Common Electronic Purse Specification Security architecture for German bank Biometric authentication protocol for German Telekom Analysis of SAP access control configurations for German bank Telematic automobile emergency application of German car company Electronic signature architecture of German insurance company Electronic purse for Oktoberfest Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 20
21 Conclusions Tool-supported Model-based Security Engineering using UML: formally based approach to secure software engineering automated tool support integrated approach (source-code, configuration data) increase quality with bounded costs, timeto-market. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 2
22 Resources Jan Jürjens, Secure Systems Development with UML, Springer 04 Tutorials: Nov.: SISBD (Malaga), ISSRE (Rennes). Spring School: May 2005, Carlos IV Univ. Madrid Workshops: CSDUML05 More information (papers, slides, tool etc.): Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 22
23 Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 23
24 Challenge Advanced tool support. For example: consistency checks mechanical analysis of complicated requirements on model level (bindings to model-checkers, constraint solvers, automated theorem provers, ) code generation test-sequence generation configuration data analysis against UML. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 24
25 Implementing Tools Define the set of commands have parameters Tool State preserved between commands Commands are not interactive receive parameters execute deliver output Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 25
26 Tool-support: Concepts Meaning of diagrams stated informally in (OMG 2003). Ambiguities problem for tool support establishing behavioral properties (safety, security) Need precise semantics for used part of UML, especially to ensure security requirements. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 26
27 Using UML UML: unprecedented opportunity for high-quality and cost- and time-efficient critical systems development: De-facto standard in industrial modeling: large number of developers trained in UML. Relatively precisely defined (given the user community). Many tools (drawing specifications, simulation, ). Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 27
28 Tool-support: Tool Binding Several possibilities: General purpose language with integrated XML parser (Perl, ) Special purpose XML parsing language (XSLT, ) Data Binding (Castor; XMI: e.g. MDR) Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 28
29 Default Wrappers Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 29
30 Command Parameters Media-independent functionality But each mode can have own list of commands Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 30
31 The Class Diagram -attributes Attribute -stereotypes Stereotype * name : string initialvalue : string * name : string Class -operations Operation -parameters OperationParameter name : string * name : string * name : string -class AssociationEnd Association -associationends name : string -associationend * -associationend2 Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 3
32 The Statechart Diagram initialstate states InitialState SimpleState 0.. outgoing source outgoing Transition effect 0.. Effect expression : string StateMachine * * guard Guard target incoming 0.. expression : string finalstate FinalState * incoming * trigger 0.. Trigger name : string * * parameters State name : string TriggerParameter name : string Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 32
33 The Deployment Diagram LinkEnd Link N odeinstance * linkend nodeinstance linkends linkend * Com ponentinstance Stereotype * nam e : string -stereotypes * A ssociationend A ssociation O bject nam e : string identifier : int ob ject associationends * associationend «instance» associationend2 C lassdiagram ::C lass nam e : string Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 33
34 Relevant UMLsec Fragment Class Diagrams Classes with Attributes and Operations Logical Associations between Classes Statechart Diagrams Dynamic behaviour of each class Deployment Diagram Objects as Class instances Connections and their physical properties Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 34
35 Cryptography primitives Cover Guards Effects Expressions, including Initial Values Use only plain ASCII text Keep complexity down where possible Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 35
36 Message parameters How to represent various data types? Without additional work for the model developer Avoiding the type flaw attacks Dynamic types Each message carries its type Message processing based on runtime type, no on static type specified in the UML model Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 36
37 Encoding UML Model Class Diagram Variables, messages, logical links Statechart Diagram Promela procedure proctype construction following UMLsec semantics Deployment Diagram Instantiate Class procedures Create communication channels Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 37
38 Encoding Adversary Additional Promela procedure Accesses all communication channels Generic functionality in a loop Read Delete Write Restrict accordingly to the model Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 38
39 Encoding security requirement <<secrecy>> marked variable The initial value shall not be recovered by the intruder Promela never claim construction Invariant for the whole execution time Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 39
40 Example: TLS Variant Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 40
41 Vision Simple independent tools Media-independent Easy to use Simple developer interface Easy to maintain Simple architecture [joint work with TUM UMLsec group, in part. Pasha Shabalin] Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 4
42 Concept Set of plug-in tools Tool exposes predefined interfaces Tool can use framework interfaces Tool implements a set of commands Each command has parameters Framework = common code UML model management Other services Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 42
43 viki Tool Works in GUI and/or Text mode Implements interfaces IVikiToolCommandLine Text output only IVikiToolGui Output to JPanel + menu, buttons, etc Exposes set of commands Automatically imported by the framework Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 43
44 Framework Interfaces IMdrContainer use and control the MDR repository ITextOutput, ILogOutput render textual information IAppSettings store / retrieve tool settings Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 44
45 Adversaries Model classes of adversaries. May attack different parts of the system according to threat scenarios. Example: insider attacker may intercept communication links in LAN. To evaluate security of specification, simulate jointly with adversary model. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 45
46 Cryptography Keys are symbols, crypto-algorithms are abstract operations. Can only decrypt with right keys. Can only compose with available messages. Cannot perform statistical attacks. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 46
47 Execution Semantics Behavioral interpretation of a UML subsystem: () Takes input events. (2) Events distributed from input and link queues between subcomponents to intended recipients where they are processed. (3) Output distributed to link or output queues. (4) Apply adversary model. Jan Jürjens, TU Munich: Automated Verification of UMLsec Models 47
Model-based Security with UMLsec
Model-based Security with UMLsec Jan Jürjens Software & Systems Engineering Informatics, Munich University of Technology Germany jan@jurjens.de http://www.jurjens.de/jan A Need for Security Society and
More informationSecurity Modeling with UMLsec Jan Jürjens Competence Center for IT Security Software & Systems Engineering TU Munich, Germany
Security Modeling with UMLsec Jan Jürjens Competence Center for IT Security Software & Systems Engineering TU Munich, Germany juerjens@in.tum.de http://www.jurjens.de/jan Personal Introduction Leading
More informationTowards Developing Secure Systems using UML
Towards Developing Secure Systems using UML Jan Jürjens Computing Laboratory, University of Oxford jan@comlab.ox.ac.uk http://www.jurjens.de/jan 1 Motivation Security important (business transactions over
More informationSecurity protocols, properties, and their monitoring Andreas Bauer, Jan Jürjens
Security protocols, properties, and their monitoring Andreas Bauer, Jan Jürjens Computer Sciences Lab Computing Department The Open University, GB The Australian National University http://www.umlsec.org
More informationAutomated Verification of UMLsec Models for Security Requirements
Automated Verification of UMLsec Models for Security Requirements Jan Jürjens and Pasha Shabalin Software & Systems Engineering, TU Munich, Germany http://www4.in.tum.de/ juerjens, http://www4.in.tum.de/
More informationVorlesung Methodische Grundlagen des Software-Engineering im Sommersemester 2013
Vorlesung des Software-Engineering im Sommersemester 2013 Prof. Dr. Jan Jürjens TU Dortmund, Fakultät Informatik, Lehrstuhl XIV 3.3: UMLsec v. 26.06.2013 1 Literatur: [Jür05] Jan Jürjens: Secure systems
More informationTransforming UML Collaborating Statecharts for Verification and Simulation
Transforming UML Collaborating Statecharts for Verification and Simulation Patrick O. Bobbie, Yiming Ji, and Lusheng Liang School of Computing and Software Engineering Southern Polytechnic State University
More information3 Modell basierte Sicherheit mit UML. Jan Jürjens: Modellbasierte Softwaretechniken für sichere Systeme 1
3 Modell basierte Sicherheit mit UML Jan Jürjens: Modellbasierte Softwaretechniken für sichere Systeme 1 UML Unified Modeling Language (UML): visual modelling for OO systems different views on a system
More informationModel-based Security Testing using UMLsec
Model-based Security Testing using UMLsec Jan Jürjens Computing Department The Open University, GB http://www.jurjens.de/jan Crypto-Protocol Analysis State of the affairs: A lot of very successful work
More informationVerifying Real-World Security Protocols from finding attacks to proving security theorems
Verifying Real-World Security Protocols from finding attacks to proving security theorems Karthik Bhargavan http://prosecco.inria.fr + many co-authors at INRIA, Microsoft Research, Formal security analysis
More informationChecking General Safety Criteria on UML Statecharts
Checking General Safety Criteria on UML Statecharts Zsigmond Pap, István Majzik 1 and András Pataricza Dept. of Measurement and Information Systems Budapest University of Technology and Economics H-1521
More informationVerfying the SSH TLP with ProVerif
A Demo Alfredo Pironti Riccardo Sisto Politecnico di Torino, Italy {alfredo.pironti,riccardo.sisto}@polito.it CryptoForma Bristol, 7-8 April, 2010 Outline Introduction 1 Introduction 2 3 4 Introduction
More informationFormal Methods and Cryptography
Formal Methods and Cryptography Michael Backes 1, Birgit Pfitzmann 2, and Michael Waidner 3 1 Saarland University, Saarbrücken, Germany, backes@cs.uni-sb.de 2 IBM Research, Rueschlikon, Switzerland, bpf@zurich.ibm.com
More informationCompositional Model Based Software Development
Compositional Model Based Software Development Prof. Dr. Bernhard Rumpe http://www.se-rwth.de/ Seite 2 Our Working Groups and Topics Automotive / Robotics Autonomous driving Functional architecture Variability
More informationModeling Security Protocols Using UML 2
Modeling Security Protocols Using UML 2 Sandra Smith, Alain Beaulieu and W. Greg Phillips Department of Electrical and Computer Engineering Royal Military College of Canada Kingston, Ontario, Canada, K7K
More informationThe SPIN Model Checker
The SPIN Model Checker Metodi di Verifica del Software Andrea Corradini Lezione 1 2013 Slides liberamente adattate da Logic Model Checking, per gentile concessione di Gerard J. Holzmann http://spinroot.com/spin/doc/course/
More informationPlaintext Awareness via Key Registration
Plaintext Awareness via Key Registration Jonathan Herzog CIS, TOC, CSAIL, MIT Plaintext Awareness via Key Registration p.1/38 Context of this work Originates from work on Dolev-Yao (DY) model Symbolic
More informationRuntime Verification of Cryptographic Protocols
Runtime Verification of Cryptographic Protocols Andreas Bauer a and Jan Jürjens b, a NICTA, and Australian National University b Department of Computer Science, TU Dortmund (Germany) Abstract There has
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationConstructing Tool-support for Sophisticated Analysis of UML Models
Constructing Tool-support for Sophisticated Analysis of UML Models Jan Jürjens Software & Systems Engineering TU Munich, Germany juerjens@in.tum.de http://www.jurjens.de/jan Personal Introduction + History
More informationCS 395T. Symbolic Constraint Solving
CS 395T Symbolic Constraint Solving Overview Strand space model Protocol analysis with unbounded attacker Parametric strands Symbolic attack traces Protocol analysis via constraint solving SRI constraint
More informationAuthenticated Encryption in TLS
Authenticated Encryption in TLS Same modelling & verification approach concrete security: each lossy step documented by a game and a reduction (or an assumption) on paper Standardized complications - multiple
More informationModule: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationImplementing Cryptography: Good Theory vs. Bad Practice
Implementing Cryptography: Good Theory vs. Bad Practice Viet Pham Information Security Group, Department of Mathematics Royal Holloway, University of London Outline News report What is cryptography? Why
More informationA Remote Biometric Authentication Protocol for Online Banking
International Journal of Electrical Energy, Vol. 1, No. 4, December 2013 A Remote Biometric Authentication Protocol for Online Banking Anongporn Salaiwarakul Department of Computer Science and Information
More informationOverview. Symbolic Protocol Analysis. Protocol Analysis Techniques. Obtaining a Finite Model. Decidable Protocol Analysis. Strand Space Model
CS 259 Overview Symbolic Protocol Analysis Vitaly Shmatikov Strand space model Protocol analysis with unbounded attacker Parametric strands Symbolic attack traces Protocol analysis via constraint solving
More informationCryptographically Sound Security Proofs for Basic and Public-key Kerberos
Cryptographically Sound Security Proofs for Basic and Public-key Kerberos ESORICS 2006 M. Backes 1, I. Cervesato 2, A. D. Jaggard 3, A. Scedrov 4, and J.-K. Tsay 4 1 Saarland University, 2 Carnegie Mellon
More informationINF672 Protocol Safety and Verification. Karthik Bhargavan Xavier Rival Thomas Clausen
INF672 Protocol Safety and Verication Karthik Bhargavan Xavier Rival Thomas Clausen 1 Course Outline Lecture 1 [Today, Sep 15] Introduction, Motivating Examples Lectures 2-4 [Sep 22,29, Oct 6] Network
More informationTools for Traceable Security Verification
Jan Jürjens and Yijun Yu Computing Department, The Open University, UK http://mcs.open.ac.uk/{jj2924,yy66} Andreas Bauer Computer Sciences Lab, Australian National University http://users.rsise.anu.edu.au/
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationHow Formal Analysis and Verification Add Security to Blockchain-based Systems
Verification Add Security to Blockchain-based Systems January 26, 2017 (MIT Media Lab) Pindar Wong (VeriFi Ltd.) 2 Outline of this talk Security Definition of Blockchain-based system Technology and Security
More informationExercise Unit 2: Modeling Paradigms - RT-UML. UML: The Unified Modeling Language. Statecharts. RT-UML in AnyLogic
Exercise Unit 2: Modeling Paradigms - RT-UML UML: The Unified Modeling Language Statecharts RT-UML in AnyLogic Simulation and Modeling I Modeling with RT-UML 1 RT-UML: UML Unified Modeling Language a mix
More informationAnalysis of an E-voting Protocol using the Inductive Method
Analysis of an E-voting Protocol using the Inductive Method Najmeh Miramirkhani 1, Hamid Reza Mahrooghi 1, Rasool Jalili 1 1 Sharif University of Technology,Tehran, Iran {miramirkhani@ce., mahrooghi@ce.,
More informationModel-based Security Analysis and Applications to Security Economics (Invited Talk) 1
Model-based Security Analysis and Applications to Security Economics (Invited Talk) 1 Jan Jürjens 1,2, Amir Shayan Ahmadian 1 1 Software Engineering, Dep. of Computer Science, TU Dortmund, Dortmund, Germany
More informationRobustness in Wireless Network Access Protocols PhD Defense
Robustness in Wireless Network Access Protocols PhD Defense Martin Eian Department of Telematics Supervisor: Professor Stig F. Mjølsnes Co-supervisor: Professor Steinar H. Andresen 21 September 2012 2
More informationCSC 5930/9010 Modern Cryptography: Public-Key Infrastructure
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure Professor Henry Carter Fall 2018 Recap Digital signatures provide message authenticity and integrity in the public-key setting As well as public
More informationTransport Layer Security
Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols
More informationMessage authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:
Message authentication and secure hashing Why message authentication To prevent against: Masquerade/impersonation Modification of message content Modification of message sequence Acceptance of replayed/delayed
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationThis chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest
1 2 3 This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest PKCS, Diffie- Hellman key exchange. This first published
More informationUML 2.0 UML 2.0. Scott Uk-Jin Lee. Division of Computer Science, College of Computing Hanyang University ERICA Campus
UML 2.0 Division of Computer Science, College of Computing Hanyang University ERICA Campus Introduction to UML 2.0 UML Unified Modeling Language Visual language for specifying, constructing and documenting
More informationCombined CPV-TLV Security Protocol Verifier
Combined CPV-TLV Security Protocol Verifier by Ariel Cohen Thesis submitted in partial fulfillment of the requirements for the degree of Master of Science Department of Computer Science Courant Institute
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationIntroduction to Formal Methods
2008 Spring Software Special Development 1 Introduction to Formal Methods Part I : Formal Specification i JUNBEOM YOO jbyoo@knokuk.ac.kr Reference AS Specifier s Introduction to Formal lmethods Jeannette
More informationCS5232 Formal Specification and Design Techniques. Using PAT to verify the Needham-Schroeder Public Key Protocol
CS5232 Formal Specification and Design Techniques Using PAT to verify the Needham-Schroeder Public Key Protocol Semester 2, AY 2008/2009 1/37 Table of Contents 1. Project Introduction 3 2. Building the
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationChapter 3 Research Method
Chapter 3 Research Method 3.1 A Ontology-Based Method As we mention in section 2.3.6, we need a common approach to build up our ontologies for different B2B standards. In this chapter, we present a ontology-based
More informationFormal methods for software security
Formal methods for software security Thomas Jensen, INRIA Forum "Méthodes formelles" Toulouse, 31 January 2017 Formal methods for software security Formal methods for software security Confidentiality
More informationDistributed Systems Programming (F21DS1) Formal Verification
Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Focus on
More informationCredit where Credit is Due. Goals for this Lecture. Introduction to Design
Credit where Credit is Due Lecture 17: Intro. to Design (Part 1) Kenneth M. Anderson Object-Oriented Analysis and Design CSCI 6448 - Spring Semester, 2002 Some material presented in this lecture is taken
More informationLesson 5 Web Service Interface Definition (Part II)
Lesson 5 Web Service Interface Definition (Part II) Service Oriented Architectures Security Module 1 - Basic technologies Unit 3 WSDL Ernesto Damiani Università di Milano Controlling the style (1) The
More informationSecureMDD: A Model-Driven Development Method for Secure Smartcard Applications. N. Moebius, H. Grandy, W. Reif, K. Stenzel.
à ÊÇÅÍÆ ËÀǼ Universität Augsburg SecureMDD: A Model-Driven Development Method for Secure Smartcard Applications N. Moebius, H. Grandy, W. Reif, K. Stenzel Report 10 2008 Institut für Informatik D-86135
More informationCryptographically Sound Implementations for Typed Information-Flow Security
FormaCrypt, Nov 30. 2007 Cryptographically Sound Implementations for Typed Information-Flow Security Cédric Fournet Tamara Rezk Microsoft Research INRIA Joint Centre http://msr-inria.inria.fr/projects/sec/cflow
More informationLesson 13 Securing Web Services (WS-Security, SAML)
Lesson 13 Securing Web Services (WS-Security, SAML) Service Oriented Architectures Module 2 - WS Security Unit 1 Auxiliary Protocols Ernesto Damiani Università di Milano element This element
More informationOverview of Cryptography
18739A: Foundations of Security and Privacy Overview of Cryptography Anupam Datta CMU Fall 2007-08 Is Cryptography A tremendous tool The basis for many security mechanisms Is not The solution to all security
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationFirmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
More informationComputer Networks & Security 2016/2017
Computer Networks & Security 2016/2017 Network Security Protocols (10) Dr. Tanir Ozcelebi Courtesy: Jerry den Hartog Courtesy: Kurose and Ross TU/e Computer Science Security and Embedded Networked Systems
More informationFormal Verification of the WireGuard Protocol
Formal Verification of the WireGuard Protocol www.wireguard.com Jason A. Donenfeld jason@zx2c4.com Kevin Milner Oxford University kevin.milner@cs.ox.ac.uk Draft Revision Abstract WireGuard, the secure
More informationCS Protocol Design. Prof. Clarkson Spring 2017
CS 5430 Protocol Design Prof. Clarkson Spring 2017 Review Cryptography: Encryption, block ciphers, block cipher modes, MACs, cryptographic hash functions, digital signatures, authenticated encryption,
More informationComputer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography
Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution
More informationConcrete cryptographic security in F*
Concrete cryptographic security in F* crypto hash (SHA3) INT-CMA encrypt then-mac Auth. encryption Secure RPC some some some adversary attack attack symmetric encryption (AES). IND-CMA, CCA2 secure channels
More information: Practical Cryptographic Systems March 25, Midterm
650.445: Practical Cryptographic Systems March 25, 2010 Instructor: Matthew Green Midterm Name: As with any exam, please do not collaborate or otherwise share information with any other person. You are
More informationS. Erfani, ECE Dept., University of Windsor Network Security
4.11 Data Integrity and Authentication It was mentioned earlier in this chapter that integrity and protection security services are needed to protect against active attacks, such as falsification of data
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationAdversary Models. CPEN 442 Introduction to Computer Security. Konstantin Beznosov
Adversary Models CPEN 442 Introduction to Computer Security Konstantin Beznosov why we need adversary models? attacks and countermeasures are meaningless without 2 elements of an adversary model objectives
More informationNetwork Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions
CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from
More informationPrototyping Navigation in Web-Based Information Systems Using WebML
Prototyping Navigation in Web-Based Information Systems Using WebML Jaroslav KURUC 1, Peter DOLOG 2 and Mária BIELIKOVÁ 1 1 Institute of Informatics and Software Engineering, Faculty of Informatics and
More informationVerification of security protocols introduction
Verification of security protocols introduction Stéphanie Delaune CNRS & IRISA, Rennes, France Tuesday, November 14th, 2017 Cryptographic protocols everywhere! they aim at securing communications over
More informationRefining Computationally Sound Mech. Proofs for Kerberos
Refining Computationally Sound Mechanized Proofs for Kerberos Bruno Blanchet Aaron D. Jaggard Jesse Rao Andre Scedrov Joe-Kai Tsay 07 October 2009 Protocol exchange Meeting Partially supported by ANR,
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationCRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK
CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK UNIT-1 1. Answer the following: a. What is Non-repudiation b. Distinguish between stream and block ciphers c. List out the problems of one time pad d. Define
More informationSource Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network
Source Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network 1 Ms.Anisha Viswan, 2 Ms.T.Poongodi, 3 Ms.Ranjima P, 4 Ms.Minimol Mathew 1,3,4 PG Scholar, 2 Assistant Professor,
More informationIntroduction to Security
Introduction to Security Avinanta Tarigan Universitas Gunadarma 1 Avinanta Tarigan Introduction to Security Layout Problems General Security Cryptography & Protocol reviewed 2 Avinanta Tarigan Introduction
More informationCryptography and Network Security Chapter 10. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture out of the
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationInformation Security CS526
Information Security CS 526 Topic 3 Cryptography: One-time Pad, Information Theoretic Security, and Stream CIphers 1 Announcements HW1 is out, due on Sept 11 Start early, late policy is 3 total late days
More informationCS Protocols. Prof. Clarkson Spring 2016
CS 5430 Protocols Prof. Clarkson Spring 2016 Review: Secure channel When we last left off, we were building a secure channel The channel does not reveal anything about messages except for their timing
More informationKey Management and Distribution
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 10 Key Management; Other Public Key Cryptosystems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan
More informationUNIT I. 3. Write a short notes on process view of 4+1 architecture. 4. Why is object-oriented approach superior to procedural approach?
Department: Information Technology Questions Bank Class: B.E. (I.T) Prof. Bhujbal Dnyaneshwar K. Subject: Object Oriented Modeling & Design dnyanesh.bhujbal11@gmail.com ------------------------------------------------------------------------------------------------------------
More informationModeling and Verification of Extensible Authentication Protocol for Transport Layer Security in Wireless LAN Environment
Modeling and Verification of Extensible Authentication Protocol for Transport Layer Security in Wireless LAN Environment Humayra Binte Ali School of CSEM, Flinders University ali0041@flinders.edu.au Manzur
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationFIPS Management. FIPS Management Overview. Configuration Changes in FIPS Mode
This chapter contains the following sections: Overview, on page 1 Configuration Changes in FIPS Mode, on page 1 Switching the Appliance to FIPS Mode, on page 2 Encrypting Sensitive Data in FIPS Mode, on
More informationRadius, LDAP, Radius, Kerberos used in Authenticating Users
CSCD 303 Lecture 5 Fall 2018 Radius, LDAP, Radius, Kerberos used in Authenticating Users Kerberos Authentication and Authorization Previously Said that identification, authentication and authorization
More informationIonuţ Buricea. Trying to extend this work to timed protocols, I studied the verification of timed systems
Ionut Buricea Ionuţ Buricea phone: (650) 967-6253 email: ionutb@cis.ksu.edu URL: http://www.cis.ksu.edu/ ionutb/ Research Interests Modular design and compositional verification of communication protocols,
More informationProofs for Key Establishment Protocols
Information Security Institute Queensland University of Technology December 2007 Outline Key Establishment 1 Key Establishment 2 3 4 Purpose of key establishment Two or more networked parties wish to establish
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationDistributed ID-based Signature Using Tamper-Resistant Module
, pp.13-18 http://dx.doi.org/10.14257/astl.2013.29.03 Distributed ID-based Signature Using Tamper-Resistant Module Shinsaku Kiyomoto, Tsukasa Ishiguro, and Yutaka Miyake KDDI R & D Laboratories Inc., 2-1-15,
More informationPresented by Jack G. Nestell. Topics for Discussion. I. Introduction. Discussion on the different logics and methods of reasonings of Formal Methods
A Discussion on Security Protocols over open networks and distributed Systems: Formal methods for their Analysis, Design, and Verification S. Gritzalis, D. Spinellis, and P. Georgiadis Presented by Jack
More informationThis project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement No
This project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement No 643921. TOOLS INTEGRATION UnCoVerCPS toolchain Goran Frehse, UGA Xavier
More informationProtocol Verification And Analysis Using Colored Petri Nets. Technical Report Submitted By
Protocol Verification And Analysis Using Colored Petri Nets Technical Report Submitted By Salah Aly DePaul University aly@cs.depaul.edu Khaled Mustafa Cairo University kelsayed@ntgclarity.com July, 2003
More informationCIS 4360 Secure Computer Systems Applied Cryptography
CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public
More informationComputationally Sound Mechanized Proof of PKINIT for Kerberos
Computationally Sound Mechanized Proof of PKINIT for Kerberos B. Blanchet 1, A. D. Jaggard 2, J. Rao 3, A. Scedrov 3, J.-K. Tsay 4 Protocol exchange Meeting 02 October 2008 1 ENS 2 Rutgers University 3
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationAcknowledgments... xix
CONTENTS IN DETAIL PREFACE xvii Acknowledgments... xix 1 SECURITY IN THE WORLD OF WEB APPLICATIONS 1 Information Security in a Nutshell... 1 Flirting with Formal Solutions... 2 Enter Risk Management...
More informationModel driven Engineering & Model driven Architecture
Model driven Engineering & Model driven Architecture Prof. Dr. Mark van den Brand Software Engineering and Technology Faculteit Wiskunde en Informatica Technische Universiteit Eindhoven Model driven software
More informationPooya Saadatpanah, Michalis Famelis, Jan Gorzny, Nathan Robinson, Marsha Chechik, Rick Salay. September 30th, University of Toronto.
Comparing the Pooya Michalis Jan Nathan Marsha Chechik, Rick Salay University of Toronto September 30th, 2012 MoDeVVa 12 1 / 32 in software modeling : pervasive in MDE Models with uncertainty: Represent
More informationStatic Analysis. Systems and Internet Infrastructure Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Static Analysis Trent
More informationISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :
ISACA CISA ISACA CISA ( Certified Information Systems Auditor ) Download Full Version : http://killexams.com/pass4sure/exam-detail/cisa QUESTION: 390 Applying a digital signature to data traveling in a
More information