Presentation is loading. Please wait.

Presentation is loading. Please wait.

Luigi Logrippo SITE Logic and implementation issues in VoIP and security

Published byAshley Morton Modified over 9 years ago

Similar presentations

Presentation on theme: "Luigi Logrippo SITE Logic and implementation issues in VoIP and security"— Presentation transcript:

1 Luigi Logrippo SITE Logic and implementation issues in VoIP and security luigi@site.uottawa.ca

2 Two main ideas Many software flaws can be discovered by making the logic precise and thoroughly examining it by the use of logic tools Feature interactions are the result of logic flaws Application areas: Security New VoIP and Web based systems Many others

3 Feature Interaction in Automotive Electronic Stability Program (ESP) and Cruise Control (CC) ESP: Break if wheels slip on wet road CC: Increase speed until cruise speed is reached FI detectable by the fact that the two features have contradicting requirements

4 Feature interaction in security Bell-LaPadula information protection system prevents individuals from accessing information at a higher clearance level than they have By using delegation, individuals can confer their information access authority to other individuals

5 Research directions Implementation of VoIP and Web-based services with complex functionalities Development of logic-based methods to discover flaws in these functionalities

6 Already done Implementation of two open-source SIP VoIP systems Vocal, Asterix Implementation study of new complex functionalities, mainly presence-based features

7 Forthcoming Implementation of presence features in our SIP telephony systems Study of security aspects related to these functionalities

8 Already done In-depth study of the Feature Interaction problem in telecom systems (over 12 years of experience) Feature Interactions can lead to security flaws

9 Forthcoming Study of feature interactions in new complex VoIP functionalities Such as presence

10 Already done Study of access control methods: Firewalls Access control languages such as XACML Development of new access control paradigms: Process-based access control Shown that logic flaws in the specifications of such systems can lead to security flaws

11 Forthcoming Generalizing this research, by applying our method to other access control systems Extension to business control languages such as BPEL and variations Extensions to SLAs (Service-Level Agreements)

Download ppt "Luigi Logrippo SITE Logic and implementation issues in VoIP and security"

Similar presentations

MOHAMMAD QAHIR WARDAK LEGAL & LICENSING MANAGER AFGHANISTAN TELECOM REGULATORY AUTHORITY (ATRA) Introduction to Voice over Internet Protocol (VoIP)

MOHAMMAD QAHIR WARDAK LEGAL & LICENSING MANAGER AFGHANISTAN TELECOM REGULATORY AUTHORITY (ATRA) Introduction to Voice over Internet Protocol (VoIP)
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
1 Luigi Logrippo SITE Feature Interactions as Inconsistencies

1 Luigi Logrippo SITE Feature Interactions as Inconsistencies
Chapter 9: Basic Information Systems Concepts. Definitions u A system is a set of interrelated components that must work together to achieve some common.

Chapter 9: Basic Information Systems Concepts. Definitions u A system is a set of interrelated components that must work together to achieve some common.
Software Security Lecture 6 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.

Software Security Lecture 6 Fang Yu Dept. of MIS, National Chengchi University Spring 2011.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Information Technology Center 2006 Projects Unveiling.

Information Technology Center 2006 Projects Unveiling.
Curious Facts about PowerPoint 97. Did you know that… F PowerPoint 97 now includes Visual Basic for Applications as a macro language?

Curious Facts about PowerPoint 97. Did you know that… F PowerPoint 97 now includes Visual Basic for Applications as a macro language?
Progress Report 11/1/01 Matt Bridges. Overview Data collection and analysis tool for web site traffic Lets website administrators know who is on their.

Progress Report 11/1/01 Matt Bridges. Overview Data collection and analysis tool for web site traffic Lets website administrators know who is on their.
Security in IP telephony (VoIP) David Andersson Erik Martinsson.

Security in IP telephony (VoIP) David Andersson Erik Martinsson.
THE BASICS OF THE WEB Davison Web Design. Introduction to the Web Main Ideas The Internet is a worldwide network of hardware. The World Wide Web is part.

THE BASICS OF THE WEB Davison Web Design. Introduction to the Web Main Ideas The Internet is a worldwide network of hardware. The World Wide Web is part.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Stefan Kreckwitz Senior System Engineer across Systems GmbH „Future Web-Based Translation Environments“ Localisation Research Forum 28 September 2007,

Stefan Kreckwitz Senior System Engineer across Systems GmbH „Future Web-Based Translation Environments“ Localisation Research Forum 28 September 2007,
Georgia Utilities Permitting System - GUPS

Georgia Utilities Permitting System - GUPS
COMP313A Programming Languages Introduction. More Housekeeping Stuff Reading Material Textbook –Programming Languages: Principles and Practice by Kenneth.

COMP313A Programming Languages Introduction. More Housekeeping Stuff Reading Material Textbook –Programming Languages: Principles and Practice by Kenneth.
© 2014 Avaya Inc. All rights reserved. 11 What We Hear from Organizations Like Yours… “We are paying more for communications, but customer calls and messages.

© 2014 Avaya Inc. All rights reserved. 11 What We Hear from Organizations Like Yours… “We are paying more for communications, but customer calls and messages.
Maintaining Information Systems Modern Systems Analysis and Design.

Maintaining Information Systems Modern Systems Analysis and Design.
September 2006 1 Security policy systems and their consistency problems Luigi Logrippo, Kamel Adi Université du Québec en Outaouais

September Security policy systems and their consistency problems Luigi Logrippo, Kamel Adi Université du Québec en Outaouais
1 Luigi Logrippo Kamel Adi Inconsistency and incompleteness in security policies

1 Luigi Logrippo Kamel Adi Inconsistency and incompleteness in security policies

Similar presentations

Ads by Google