Authors: Amira RADHOUANI Akram IDANI Yves LEDRU Narjes BEN RAJEB Laboratoire d’Informatique de Grenoble.

Slides:

Advertisements

Similar presentations

Validating the Evaluation of Adaptive Systems by User Profile Simulation Javier Bravo and Alvaro Ortigosa {javier.bravo, Universidad.

Advertisements

Introducing Formal Methods, Module 1, Version 1.1, Oct., Formal Specification and Analytical Verification L 5.

Automated Refinement Checking of Concurrent Systems Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University.

A tool to generate optimal schedules for complex real-time systems : Petri Net Scheduling, Modeling and Analysis of Real-Time Systems LISI-ENSMA Laboratoire.

Efficient Reachability Analysis for Verification of Asynchronous Systems Nishant Sinha.

Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

Goal and Scenario Validation: a Fluent Combination Chin-Yi Tsai.

CHESS: A Systematic Testing Tool for Concurrent Software CSCI6900 George.

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

Practical Business Modeling in the Unified Process Tom Morgan Software Architect, Fidelity National Information Services

Systems Analysis and Design 9th Edition

The Design and Implementation of a Certifying Compiler [Necula, Lee] A Certifying Compiler for Java [Necula, Lee et al] David W. Hill CSCI

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

Impeding Malware Analysis Using Conditional Code Obfuscation Paper by: Monirul Sharif, Andrea Lanzi, Jonathon Giffin, and Wenke Lee Conference: Network.

Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Knowledge and Systems Research Group, University of Huddersfield B vs OCL: Comparing Specification Languages for Planning Domains Diane Kitchin, Lee McCluskey,

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

10/09/2006CIS Dept., UMass Dartmouth1 A Petri Net Based XML Firewall Security Model for Web Services Invocation Prof. Haiping Xu Concurrent Software Systems.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Info1409 De Montfort University1 Requirements Modelling Systems Analysis & Design Academic Year 2008/9 Info 1409 Lecture 7.

1 Scenario-based Analysis of UML Design Class Models Lijun Yu October 4th, 2010 Oslo, Norway.

Using Use Case Scenarios and Operational Variables for Generating Test Objectives Javier J. Gutiérrez María José Escalona Manuel Mejías Arturo H. Torres.

ESA PetriNet: Petri Net Tool for Reliability Analysis Romaric Guillerm, Nabil Sadou, Hamid Demmou 14 Oct LAAS-CNRS.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

The Study of Security and Privacy in Mobile Applications Name: Liang Wei

Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.

Manage Engine: Q Engine. What is it?  Tool developed by Manage Engine that allows one to test web applications using a variety of different tests to.

CUTE: A Concolic Unit Testing Engine for C Technical Report Koushik SenDarko MarinovGul Agha University of Illinois Urbana-Champaign.

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Using Mathematica for modeling, simulation and property checking of hardware systems Ghiath AL SAMMANE VDS group : Verification & Modeling of Digital systems.

UNIVERSITI TENAGA NASIONAL “Generates Professionals” CHAPTER 4 : Part 1 INTRODUCTION TO SOFTWARE DEVELOPMENT: SYSTEM ANALYSIS & DESIGN.

Modeling Dynamic Role- based Access Constraints using UML Khaled Alghathbar George Mason University, USA and King Saud University, Riyadh, Saudi Arabia.

Requirements Determining the requirements of software involves determining the needs of the users of the software. Determining the requirements of software.

Author: Graham Hughes, Tevfik Bultan Computer Science Department, University of California, Santa Barbara, CA 93106, USA Source: International Journal.

Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )

Software Engineering Research paper presentation Ali Ahmad Formal Approaches to Software Testing Hierarchal GUI Test Case Generation Using Automated Planning.

Microsoft Research, Foundations of Software EngineeringW. Grieskamp et. al: Behavioral Compositions in Symbolic Domains Behavioral Composition in Symbolic.

Lecture 7: Requirements Engineering

Winter 2007, rev. 2008SEG Chapter 21 Chapter 2 Basic Principles.

The Sixth NASA Langley Formal Methods Workshop (LFM 2008) 1/15.

Institut Mines-Télécom Symbolic Passive Testing - Application to an industrial case study (Diamonds project) Pramila Mouttappa, Stephane Maag and Ana Cavalli.

Universidade do Minho Escola de Engenharia Techniques for Modeling Discrete Controllers for the Optimization of Hybrid Plants: a Case Study Universidade.

UML-1 8. Capturing Requirements and Use Case Model.

Dr. Darius Silingas | No Magic, Inc. Domain-Specific Profiles for Your UML Tool Building DSL Environments with MagicDraw UML.

Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.

1 Checking Interaction Consistency in MARMOT Component Refinements Yunja Choi School of Electrical Engineering and Computer Science Kyungpook National.

From Hoare Logic to Matching Logic Reachability Grigore Rosu and Andrei Stefanescu University of Illinois, USA.

1 Technical & Business Writing (ENG-715) Muhammad Bilal Bashir UIIT, Rawalpindi.

1 Access Control Policies: Modeling and Validation Luigi Logrippo & Mahdi Mankai Université du Québec en Outaouais.

Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.

CSCI1600: Embedded and Real Time Software Lecture 28: Verification I Steven Reiss, Fall 2015.

Systems Analysis and Design 8th Edition

Formal Refinement of Obfuscated Codes Hamidreza Ebtehaj 1.

1 Contractual Consistency Between BON Static and Dynamic Diagrams Ali Taleghani July 30, 2004.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

21/1/ Analysis - Model of real-world situation - What ? System Design - Overall architecture (sub-systems) Object Design - Refinement of Design.

Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.

Lecture 15 Page 1 CS 236 Online Evaluating Running Systems Evaluating system security requires knowing what’s going on Many steps are necessary for a full.

Application Development in Engineering Optimization with Matlab and External Solvers Aalto University School of Engineering.

1 Model Driven Health Tools Design and Implementation of CDA Templates Dave Carlson Contractor to CHIO

Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai.

Visualization in Process Mining

Institute for Cyber Security

Presented by Xiaohui (Amy) Lin

Lecture 4: Activity Diagrams

Programming Languages 2nd edition Tucker and Noonan

Programming Languages 2nd edition Tucker and Noonan

Presentation transcript:

Authors: Amira RADHOUANI Akram IDANI Yves LEDRU Narjes BEN RAJEB Laboratoire d’Informatique de Grenoble

 Information System security includes = Protection against external intruders + Insider attacks. Great!!! thanks to my access, i’ll transfer all to my account They are not smart enough these IT!

1. Introduction 1. Introduction  Illustration example  Dynamic analysis 2. Malicious behavior 2. Malicious behavior 3. Extraction of malicious behaviors 3. Extraction of malicious behaviors  Extraction of malicious behaviors from B Specification  Proof based approach  Constraint solving based approach  GenISIS tool 4. Conclusion 4. Conclusion

1. Illustration example 2. Dynamic analysis 4

5

 Dynamic analysis searches for sequences of actions modifying the state and breaking the authorization constraint. 6 Bob Paul cpt1 cpt3 cpt2

7

[A. Radhouani et al., Trans. Petri Nets and Other Models of Concurrency 10: (2015)]

9 1. Extraction of malicious behaviors from B Specification 2. Proof based approach 3. Constraint solving based approach 4. GenISIS Tool

 Symbolic transition system 10

 Symbolic proof  Proof obligations on reachability properties:  Having E and F, 2 disjoint state predicates  And op(x 1,x 2,...,x n ) is an operation of the IS. Enabledness: Reachability: 11 EF

op m oioi 12

op m oioi 13

op m oioi o i-1 14

op m oioi o i-1 15

op m oioi o i-1 o i-2 16

op m o i-2 o i-1 oioi 17

 First step: Use of a prover (AtelierB) to extract symbolic operations.  Second step: Use a model-checker (ProB) to find operation valuations after eliminating operations which don’t appear in the first step. AtelierB fails to discharge automatically PO when the proof becomes huge. In our example: First iteration: 3 extra operations are kept. Second iteration: automatic proof fails for all operations. Unable to extract scenarios that involve the same operation several times. [A. Radhouani, A. Idani, Y. Ledru and N. Ben Rajeb. TopNoc10: (2015)] 18

 Constraint solving problem:  Allows to valuate operation parameters.  Simplifies the proof.  Allows to extract scenarios which involves the same operation several times (the same operation with different valuations). 19

-Generator of Insider Scenarios from an Information System- InGenISIS ProcessOut

21

 GenISIS was able to extract 9 scenarios. 2 real attacks: allowed in the security model. 7 fake attacks: not allowed in the security model.  A model-checker (i.e ProB) extracted the same attacks after exploring more than 1500 states and transitions.  GenISIS was Was successfully tested on 5 case studies. 22 Try it, it is available on open source in:

Thanks for your attention 23

Functional Formal Model readMedicalRecord joinHospital … Analyst Security Formal Model SecReadMedicalRecord SecJoinHospital … V&V Functional Model (e.g. Class diagram) Security Model (e.g. SecureUML)  UML (class diagram) to model functional behavior.  SecureUML to model security rules (RBAC model).  Models translated into B in order to validate them separately.  Proof and model-checking techniques are used to validate both of them. Model transformation into B Analyst Proof Tests modelchecking 24

 Also called «authorization constraints» in SecureUML, or «programmatic access control».  Associated to permission rules.  Refer to elements of both models, then their validation must take both models into account!  For example :  The current user must be the owner of the object  current user refers to the security model  owner is an association defined in the functional model  a change of ownership leads to changes in permissions [Yves LEDRU, Overture Workshop, Aarhus, August 2013] 25

 Advantages of the proposed approach: Automated approach. An alternative to the combinatorial explosion problem. Was successfully tested on 5 case studies. Takes into account the possibility of users collusion.  Disadvantages of the approach Fails when operations have not precondition. Explore the actions of the operations rather than their preconditions Depends on the constraint solver performance: fails when the sets are infinite. Combine the proof based approach and the constraint solving based approach 26