WP6: Static Analysis Presented by Flemming Nielson Informatics and Mathematical Modelling Technical University of Denmark at the 3nd review of DEGAS in.

Slides:



Advertisements
Similar presentations
Single Sign-On (SSO) Single Sign-On (SSO) Strong Authentication.
Advertisements

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
LONG: Laboratories Over Next Generation Networks. Project Description & WP1: Management.
Honolulu, 23 rd of May 2011PESOS Evaluating the Compatibility of Conversational Service Interactions Sam Guinea and Paola Spoletini.
Lecture # 2 : Process Models
SEBGIS 2005, Agia Napa, Cyprus, October 31 - November 4, 2005 MECOSIG Adapted to the Design of Distributed GIS F. Pasquasy, F. Laplanche, J-C. Sainte &
ISBN Chapter 3 Describing Syntax and Semantics.
Computer ScienceSoftware Engineering Slide 1 SOFTWARE ENGINEERING INTRO l Learn by doing l Two projects Galaxy Sleuth Graduate Program Application l Goals:
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Chapter 6 Methodology Conceptual Databases Design Transparencies © Pearson Education Limited 1995, 2005.
ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
Lecture Fourteen Methodology - Conceptual Database Design
Systems Analysis and Design in a Changing World, Tuesday, Jan 30.
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.
Systems Analysis and Design in a Changing World, Fourth Edition
Describing Syntax and Semantics
Chapter 4: Beginning the Analysis: Investigating System Requirements
Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.
Methodology Conceptual Database Design
SE 112 Slide 1 SE 112 l
Static Validation of a Voting ProtocolSlide 1 Static Validation of a Voting Protocol Christoffer Rosenkilde Nielsen with Esben Heltoft Andersen and Hanne.
Sudoku Project: SDS Taryn, Jin, Jehsang, Phil and Matt.
Chapter 4: Beginning the Analysis: Investigating System Requirements
Copyright © 2001 by The Psychological Corporation 1 The Academic Competence Evaluation Scales (ACES) Rating scale technology for identifying students with.
Digital signature in automatic analyses for confidentiality against active adversaries Ilja Tšahhirov, Peeter Laud.
Overview of the Database Development Process
1 IBM Software Group ® Mastering Object-Oriented Analysis and Design with UML 2.0 Module 1: Best Practices of Software Engineering.
Methodology - Conceptual Database Design Transparencies
Methodology Conceptual Databases Design
9/14/2012ISC329 Isabelle Bichindaritz1 Database System Life Cycle.
CSCI 3140 Module 2 – Conceptual Database Design Theodore Chiasson Dalhousie University.
Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.
1 Chapter 15 Methodology Conceptual Databases Design Transparencies Last Updated: April 2011 By M. Arief
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
ASG - Towards the Adaptive Semantic Services Enterprise Harald Meyer WWW Service Composition with Semantic Web Services
Requirements Determining the requirements of software involves determining the needs of the users of the software. Determining the requirements of software.
Framework for the Development and Testing of Dependable and Safety-Critical Systems IKTA 065/ Supported by the Information and Communication.
Methodology - Conceptual Database Design. 2 Design Methodology u Structured approach that uses procedures, techniques, tools, and documentation aids to.
Methodology: Conceptual Databases Design
Proof-Carrying Code & Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005.
An Introduction to Software Engineering. Communication Systems.
1 ISA&D29-Oct ISA&D29-Oct-13 Systems Analyst: problem solver IT and Strategic Planning.
Methodology - Conceptual Database Design
Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.
1 Software Engineering Ian Sommerville th edition Instructor: Mrs. Eman ElAjrami University Of Palestine.
Chapter 3 Object Oriented Systems and Open GIS. Objectives of the Chapter Establish place of O-O in OpenGIS cover basics of O-O emphasise design issues.
Toulouse, September 2003 Page 1 JOURNEE ALTARICA Airbus ESACS  ISAAC.
Requirement Engineering. Recap Elaboration Behavioral Modeling State Diagram Sequence Diagram Negotiation.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
26/05/2005 Research Infrastructures - 'eInfrastructure: Grid initiatives‘ FP INFRASTRUCTURES-71 DIMMI Project a DI gital M ulti M edia I nfrastructure.
HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.
Calendar Agent System Under the guidance of Dilip Maripuri B.Sc. (Hons) CSE Final Year Project Presentation June 12, 2006 Yannick Lew Yaw Fung Dilraj Mathoora.
Chapter 5 System Modeling. What is System modeling? System modeling is the process of developing abstract models of a system, with each model presenting.
International Telecommunication Union © ITU-T Study Group 17 Integrated Application of SDL Amardeo Sarma NEC Europe Ltd.
What is IT? IT represents the technical perspective and includes telecommunications, computers and automatic technologies. More formally, it is the enabling.
ANALYSIS PHASE OF BUSINESS SYSTEM DEVELOPMENT METHODOLOGY.
WP5: Dynamic Analysis Presented by Pierpaolo Degano Dipartimento di Informatica Università di Pisa at the Final review of DEGAS, 6 April 2005.
Class Diagrams. Terms and Concepts A class diagram is a diagram that shows a set of classes, interfaces, and collaborations and their relationships.
Virtual Collaborative Social Living Community for Elderly Kick Off Event WP2 Overview Instituto Pedro Nunes Co-Living 12/3/ Paulo Freitas - Instituto.
 The processes used for RE vary widely depending on the application domain, the people involved and the organisation developing the requirements.  However,
Modeling Formalism Modeling Language Foundations System Modeling & Assessment Roadmap WG SE DSIG Working Group Orlando – June 2016.
CSCE 548 Secure Software Development Risk-Based Security Testing
Methodology Conceptual Databases Design
Security Issues Formalization
Object-Oriented Analysis and Design
Methodology Conceptual Database Design
Internet-based monitoring and control of embedded systems
Methodology Conceptual Databases Design
UML Design for an Automated Registration System
Presentation transcript:

WP6: Static Analysis Presented by Flemming Nielson Informatics and Mathematical Modelling Technical University of Denmark at the 3nd review of DEGAS in April 2005

fully automatic and hidden from the user The DEGAS view: WP5, WP6 sequence diagrams class diagrams activity diagrams UML design security features stochastic features Markov model static analysis model in process calculus extraction reflection

Objectives of WP6 Comparing and finding new language abstractions to design global applications (D9 month 12) Enhancing understanding and applicability of static analysis for global computing systems (D11 month 24, D14 month 33) New models and techniques for integrated qualitative and security analysis statically Proof-of-concepts implementations to validate the above treatment (D19 month 24).

Language Abstractions Within DEGAS we have considered analysis of ambient calculi (for access control) π-calculi (for access control and performance) LySa (network security and performance) An overview of language abstractions are in D9: Basic Static Mechanisms of Process Algebras for Global Applications

Basics of Static Analysis Characterising the behaviour: Actual behaviour Static analysis (over-approximation) Model checking / Theorem Proving (under-approximation)

Enhancing Static Analysis Network security LySa and its static analysis Access control π-calculus and Enhanced Operational Semantics Discussed in D11 Models and Techniques for Static Analysis D14 Final Report on Static Analysis

Analysis of LySa Protoco l Actual behaviour Over-approximation Attacker + Static analysis Hardest attacker

Prototype: the LySatool LySaSolutionConstraints Constraint solving Constraint generation Annotated with authentication properties In Alternation Free Least Fixed-point logic Includes violations of authentication properties Details are in D19 Static Analysers The LySatool in integrated in Choreographer The LySatool is available on the internet:

LySa Durring the Thrid Year Developed a technique for tracking replay attacks Implemented analysis of infinite scenarios Improved efficiency of the LySatool to cater for industrial size protocols Improved usability (input/output capabilities of the LySatool) Discovered unknow security issues in Classical security protocols (Beller-Chang-Yacobi ’93, Bauer-Bereson-Feiertag ’83) Modern protocol standards (OASIS) Case studies (D26)

Enhanced Static Analysis Corrado, Pierpaolo, or Chiara: Please provide a slide (or two) with information about your contribution in D14

Integrating Security and Performance Analysis Supported by performance analysis using: PEPA – for timing attacks (facilitated by Choreographer) EOS for protocol performance / effort spent on attacks Performance analysis Not OK OK Design and analysis process Static security analysis Redesign protocol Protocol in LySa

Self-evaluation of WP6 Positioning with respect to state of the art S1: Strong indicator for discovery of a new class of flaw in a protocol published in the literature W1: Weak indicator for application to key exchange protocol for DEGAS case study Comparison with competing approaches S2: Strong indicator for clarifying the fundamentally different behaviours of model checking and static analysis as regards protocol validation W2: Weak indicator for termination properties of our analysis approach W2: Weak indicator for allowing to use model checking to validate the flaws reported by static analysis.

Self-evaluation of WP6 Usability and explotation perspectives S3: Strong indicator for hardening the design of the analysis tool so that also educated users outside of the research group (mainly MSc-students) are able to use the analysis tool. W4: Weak indicator on the ability to analyse the OASIS protocol for Single Sign On. W5: good progress towards weak indicator based on the UML to LySa extractor S6: Strong indicator for the ability to teach the analysis method to advanced MSc-students and PhD-students that subsequently can use it for projects.