Multi-representational security analysis

@article{Kang2016MultirepresentationalSA,
  title={Multi-representational security analysis},
  author={Eunsuk Kang and Aleksandar Milicevic and Daniel Jackson},
  journal={Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering},
  year={2016}
}
Security attacks often exploit flaws that are not anticipated in an abstract design, but are introduced inadvertently when high-level interactions in the design are mapped to low-level behaviors in the supporting platform. This paper proposes a multi-representational approach to security analysis, where models capturing distinct (but possibly overlapping) views of a system are automatically composed in order to enable an end-to-end analysis. This approach allows the designer to incrementally… 

Figures from this paper

Automated Synthesis of Secure Platform Mappings
TLDR
This paper provides a formalization of the synthesis problem and proposes a technique for synthesizing a mapping based on symbolic constraint search, and describes the prototype implementation and a real-world case study demonstrating the application of the technique to synthesizing secure mappings for the popular web authorization protocols OAuth 1.0 and 2.0.
Synthesis of Property-Preserving Mappings
TLDR
This paper provides a formalization of the synthesis problem and proposes a technique for synthesizing a mapping based on symbolic constraint search, and describes the prototype implementation and a case study demonstrating the application of the technique to synthesizing secure mappings for OAuth.
Design Space Exploration for Security
  • Eunsuk Kang
  • Computer Science
    2016 IEEE Cybersecurity Development (SecDev)
  • 2016
TLDR
It is argued that design space exploration should be an essential part of any secure development process and outlined the key elements of a framework intended to support this activity, and the potential benefits and challenges associated with building such a framework.
Synthesis of Property-Preserving Platform Mappings
TLDR
This paper provides a formalization of the synthesis problem, and proposes a technique for synthesizing a mapping based on symbolic constraint search, and describes the prototype implementation and a case study demonstrating the application of the technique to synthesizing secure platform mappings for OAuth.
Synthesis and Quantitative Verification of Tradeoff Spaces for Families of Software Systems
TLDR
A formal framework for specification-driven synthesis and analysis of design spaces that provides formal guarantees about the correctness of system behaviors and satisfies quantitative properties subject to uncertainty is proposed, which is factored as a first-class entity.
Decoupled-IFTTT: Constraining Privilege in Trigger-Action Platforms for the Internet of Things
TLDR
dIFTTT is designed and evaluated, the first trigger-action platform where users do not have to give it highly-privileged access to their online services, and its design pushes the notion of fine-grained OAuth tokens to its extreme and ensures that even if the cloud service is controlled by the attacker, it cannot misuse the OAuth token to invoke unauthorized actions.
Decentralized Action Integrity for Trigger-Action IoT Platforms
TLDR
This work introduces Decentralized Action Integrity, a security principle that prevents an untrusted trigger-action platform from misusing compromised OAuth tokens in ways that are inconsistent with any given user’s set of trigger- action rules.
HaiQ: Synthesis of Software Design Spaces with Structural and Probabilistic Guarantees
TLDR
A method that enhances structural modeling/synthesis with quantitative guarantees in the style provided by quantitative verification and includes a language for describing structure and (stochastic) behavior of systems, and a temporal logic that allows checking probability and reward-based properties over sets of feasible design alternatives implicitly described by the relational constraints in a HaiQ model.
Synthesis of Winning Attacks on Communication Protocols using Supervisory Control Theory
TLDR
This paper proposes a common methodology for formal synthesis of successful attacks against two well-known protocols, the Alternating Bit Protocol (ABP) and the Transmission Control Protocol (TCP), where the attacker can always eventually win, called For-all attacks.
AlloyMax: bringing maximum satisfaction to relational specifications
TLDR
AlloyMax is the first approach to enable analysis with optimality in a relational modeling language, and it is believed that AlloyMax has the potential to bring a wide range of new applications to Alloy.
...
1
2
3
...

References

SHOWING 1-10 OF 43 REFERENCES
Multi-representational security modeling and analysis
TLDR
This thesis proposes a multi-representational approach to security modeling and analysis, where models capturing distinct (but possibly overlapping) views of a system are automatically composed in order to enable an end-to-end analysis.
ASPIRE: Iterative Specification Synthesis for Security
TLDR
This work is the first to design a general framework that leverages program synthesis techniques for security applications, and uses it in three case studies to demonstrate the discovery of complex vulnerabilities in implementations of real world web applications.
An aspect-oriented methodology for designing secure applications
Common Attack Pattern Enumeration and Classification — CAPEC TM A Community Knowledge Resource for Building Secure Software
  • Computer Science
  • 2013
TLDR
To respond effectively, the community needs to think outside of the box and have a firm grasp of the attacker’s perspective and the approaches used to exploit software systems.
Compositional System Security with Interface-Confined Adversaries
The modelling and analysis of security protocols: the csp approach
TLDR
This book provides a thorough and detailed understanding of one of the most effective approaches to the design and evaluation of security critical systems, describing the role of security protocols in distributed secure systems and the vulnerabilities to which they are prey.
AUTHSCAN: Automatic Extraction of Web Authentication Protocols from Implementations
TLDR
This paper proposes AUTHSCAN, an end-to-end platform to automatically recover authentication protocol specifications from their implementations, and finds a total of 7 security vulnerabilities using off-the-shelf verification tools in specifications it recovers.
Hyperproperties
TLDR
Hyperproperties can express security policies, such as secure information flow, that properties cannot, and every hyperproperty is shown to be the intersection of a safety hyperproperty and a liveness hyperproperty.
Casper: a compiler for the analysis of security protocols
  • G. Lowe
  • Computer Science, Biology
    Proceedings 10th Computer Security Foundations Workshop
  • 1997
TLDR
Casper is described, a program that automatically produces the CSP description from a more abstract description, thus greatly simplifying the modelling and analysis process.
On the composition of secure systems
  • H. Mantel
  • Computer Science, Mathematics
    Proceedings 2002 IEEE Symposium on Security and Privacy
  • 2002
TLDR
A novel security property is introduced and it is shown that this property is, in general, composable although it is weaker than forward correctability, and a classification of known compositionality results for security properties is obtained.
...
1
2
3
4
5
...