Globecom 2004 —————— 1st December 2004

Slides:



Advertisements
Similar presentations
INTERNATIONAL INSTITUTE FOR GEO-INFORMATION SCIENCE AND EARTH OBSERVATION Towards quality-aware Infrastructures for Geographic Information Services Richard.
Advertisements

ARCHITECTURES FOR ARTIFICIAL INTELLIGENCE SYSTEMS
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Secure Component Composition for Personal Ubiquitous Computing Project Summary —————— 21 st April 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi.
Automatically Extracting and Verifying Design Patterns in Java Code James Norris Ruchika Agrawal Computer Science Department Stanford University {jcn,
Computers: Tools for an Information Age
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
SDLC. Information Systems Development Terms SDLC - the development method used by most organizations today for large, complex systems Systems Analysts.
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.
Copyright © 2003 by Prentice Hall Computers: Tools for an Information Age Chapter 14 Systems Analysis and Design: The Big Picture.
Chapter 2 The process Process, Methods, and Tools
Pushing the Security Boundaries of Ubiquitous Computing ACSF 2006 —————— 13 th July 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi Shi, Bob Askwith.
Analysis and Detection of Access Violations in Componentised Systems David Llewellyn-Jones, Madjid Merabti, Qi Shi, Bob Askwith Advances in Computer Security.
Improving Capacity and Flexibility of Wireless Mesh Networks by Interface Switching Yunxia Feng, Minglu Li and Min-You Wu Presented by: Yunxia Feng Dept.
(Business) Process Centric Exchanges
Secure Component Composition for Personal Ubiquitous Computing ProgNet Workshop December 2003 —————— 16 th December 2003 —————— Dr. David Llewellyn-Jones,
Cascading Payment Content Exchange (CasPaCE) Framework for P2P Networks Gurleen Arora Supervisors: Dr. M. Hanneghan & Prof. M. Merabti Networked Appliances.
The roots of innovation Future and Emerging Technologies (FET) Future and Emerging Technologies (FET) The roots of innovation Proactive initiative on:
Trust Propagation using Cellular Automata for UbiComp 28 th May 2004 —————— Dr. David Llewellyn-Jones, Prof. Madjid Merabti, Dr. Qi Shi, Dr. Bob Askwith.
Secure Component Composition for Personal Ubiquitous Computing Project Overview and Potential Techniques —————— 16 th May 2003 —————— David Llewellyn-Jones.
An Axiomatic Basis for Computer Programming Robert Stewart.
Verification vs. Validation Verification: "Are we building the product right?" The software should conform to its specification.The software should conform.
1 Team Skill 3 Defining the System Part 1: Use Case Modeling Noureddine Abbadeni Al-Ain University of Science and Technology College of Engineering and.
1 Week 3 Software Engineering Spring Term 2016 Marymount University School of Business Administration Professor Suydam.
Information ITIL Technology Infrastructure Library ITIL.
Information Systems Development
to Help Meet Interoperability Standards for the
Information Systems Development
Software Testing.
SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.
Chapter3:Software Processes
OPERATING SYSTEMS CS 3502 Fall 2017
Algorithms and Problem Solving
Chapter 4 – Requirements Engineering
School of Business Administration
GWE Core Grid Wizard Enterprise (
Walter Binder Giovanna Di Marzo Serugendo Jarle Hulaas
Module 4 Remote Login.
Michael Langberg: Open University of Israel
System Design.
Web Ontology Language for Service (OWL-S)
Software Life Cycle Models
Frequently asked questions about software engineering
HCI in the software process
The design process Software engineering and the design process for interactive systems Standards and guidelines as design rules Usability engineering.
The design process Software engineering and the design process for interactive systems Standards and guidelines as design rules Usability engineering.
Chapter 10: Process Implementation with Executable Models
Service-centric Software Engineering
Lecture 09:Software Testing
Testing and Test-Driven Development CSC 4700 Software Engineering
Software testing.
Analysis models and design models
AES The Alliance's name for the proposal is OCA 1.4.
How to Mitigate the Consequences What are the Countermeasures?
HCI in the software process
An Introduction to Software Architecture
Test Case Test case Describes an input Description and an expected output Description. Test case ID Section 1: Before execution Section 2: After execution.
Utility-Function based Resource Allocation for Adaptable Applications in Dynamic, Distributed Real-Time Systems Presenter: David Fleeman {
COMP60621 Fundamentals of Parallel and Distributed Systems
SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691
Software Engineering I
Information Security CS 526
Topic 5: Communication and the Internet
Department of Computer Science Abdul Wali Khan University Mardan
Chapter 17 - Component-based software engineering
Chapter 5 Architectural Design.
Human Computer Interaction Lecture 14 HCI in Software Process
SOFTWARE DEVELOPMENT LIFE CYCLE
Chapter 7 Software Testing.
COMP60611 Fundamentals of Parallel and Distributed Systems
Presentation transcript:

A Security Framework for Executables in a Ubiquitous Computing Environment Globecom 2004 —————— 1st December 2004 Dr. David Llewellyn-Jones, Prof. Madjid Merabti, Dr. Qi Shi, Dr. Bob Askwith School of Computing and Mathematical Sciences Liverpool John Moores University James Parsons Building Byrom Street Liverpool L3 3AF {D.Llewellyn-Jones, M.Merabti, Q.Shi, R.Askwith}@livjm.ac.uk http://www.cms.livjm.ac.uk/PUCsec/

Ubiquitous computing security Ubiquitous computing properties Computers form an integral part of the environment Devices are networked Data flow is highly fluid Code is also likely to move between devices Security in such an environment is paramount

Focus on executables Current security paradigm relies on a ‘safe area’ Perimeter model prevents incoming threats Only certain programs can be used Safe area is administered by trained professionals This model no longer applies in a Ubicomp environment There is no perimeter Users cannot be expected to have the same expertise as administrators Nonetheless, users will demand a safe environment Adoption of Ubicomp technology is dependent on overcoming these problems We focus on safe code execution as the bedrock of all other security requirements

Existing security solutions A number of solutions exist to facilitate safe code execution Sandboxing Certification Proof Carrying Code Direct Code Analysis Each has benefits and drawbacks To achieve a universal and automated solution a hybrid approach is required

Hybrid solution In this presentation we will present our prototype hybrid solution Our aim has been to produce an automated system Properties of code are tested against a security policy code conforming to the policy can be executed without restriction where possible, sandbox techniques can be used to force code conformance otherwise the code is prevented from execution In order to achieve this, we aim to utilise all four of the described methods, in conjunction with component composition Component composition establishes the properties of a composed application based on the properties of the constituent components

Hybrid solution We propose a 3 stage solution Stage 1: Component analysis Stage 2: Component composition Stage 3: Dynamic sandboxed execution The implementation will be considered in detail

Stage 1: Component analysis The following techniques have been discussed Certification Proof Carrying Code Direct Code Analysis

Extended executables Encodes additional data with the executable Allows all of the techniques to be used in a transparent way Plain ‘vanilla’ code must also be useable extended executable = code | header, block block = code | {block [, X-properties [, X-proof]]}KX | block, X-properties, X-proof code = the “vanilla” executable code header = description of the structure of the data X-properties = description of the properties established of the code by actor X X-proof = PCC style property proof of the properties established by actor X

Direct Code Analysis When plain code is received we require a method of establishing its properties We employ Direct Code Analysis for this task Based on method developed by Floyd and Hoare Code is converted into logic based on pre and post conditions Reasoning establishes whether these conditions hold or not Combines PCC process into a single task

DCA benefits and drawbacks Based on an a priori process Fully automated process Any property representable in propositional logic can be tested Drawbacks Resource intensive Exponential complexity Only properties representable in propositional logic can be tested

DCA Experimental results Analysis of linear code is efficient Branching code is more complex depends on branch direction depends on internal loop length Success establishing buffer overruns Implemented as an automated process ;---------------------------------- ; Initialise MOV *0 0 ; Main loop ADD *0 *0 1 ADD *2 *0 3 ; End of program .End Post condition (ind(M, 0) < 50) 600MHz Intel XScale 80321 ARM compatible processor

Stage 2: Component composition Having established the properties of individual components we must establish the properties of the composed application

Component composition Individual components make up the complete application Components may be composed across a network We know the properties of each component; must establish the properties of the composed application Non-trivial process Many theoretical results exist Aim to implement a practical solution Why not just analyse the entire application? Definition: An interface E of a component is said to satisfy non-interference iff for any trace t  TE there exists a trace t´  TE such that t´HIE =  and t´(LIE  LOE) = t(LIE  LOE).

Component composition Implementation Based on an extensible, scriptable technique Analyse the properties of individual components combined with the component topology Use PROLOG-like XML <compose> <sandbox id="s1" config="c1">A sandbox method</sandbox> <property id="Any">Defined to be any property</property> <property id="id1">A particular property</property> <property id="id2">A particular property</property> <configuration id="c1"> <component> <input format="id1" config="c1" cycle="disallow"/> <output format="Any Any" config="c1" cycle="disallow"/> </component> <input format="id2" config="c1" cycle="disallow"/> </configuration> </compose>

Component composition experimental results So far our engine has been found to be flexible enough to cope with all the theoretical composition results tested from the literature These include Hierarchical results such as Composable Assurance Restrictive results such as Non-Interference Practical buffer overrun results Analysis time depends on complexity of system being analysed In general, scripting ensures that the time required is negligible

Example: buffer overruns Simple component topology Component B suffers a buffer overrun vulnerability if more than 64 non-terminated bytes are sent on channel 0 May establish A sends no more than 64 bytes Component composition indicates no buffer overrun vulnerability exists for the composed application May establish A potentially sends more than 64 bytes Component composition indicate a buffer overrun vulnerability exists under certain circumstances

Summary Have developed a framework for ensuring executable security appropriate for a Ubiquitous Computing environment Our framework utilises Sandboxing Certification Proof Carrying Code Direct Code Analysis Component composition Current prototype utilises Fully automated framework

Future work Investigate dynamic sandboxing techniques Combine all of the methods into a fully automated framework Design using a simple agent-based component composition model Build sensible security policies around the system Introduce distributed analysis

A Security Framework for Executables in a Ubiquitous Computing Environment Globecom 2004 —————— 1st December 2004 Dr. David Llewellyn-Jones, Prof. Madjid Merabti, Dr. Qi Shi, Dr. Bob Askwith School of Computing and Mathematical Statistics Liverpool John Moores University James Parsons Building Byrom Street Liverpool L3 3AF {D.Llewellyn-Jones, M.Merabti, Q.Shi, R.Askwith}@livjm.ac.uk http://www.cms.livjm.ac.uk/PUCsec/