References of "Ouchani, Samir 50002798"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailAnalysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical Systems
Lenzini, Gabriele UL; Mauw, Sjouke UL; Ouchani, Samir UL

in Barthe, Gilles; Markatos, Evangelos (Eds.) Security and Trust Management - STM 2016 (2016)

A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question ... [more ▼]

A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow defined by what the organization's employees do (copy, move, and destroy information) and propose an algorithm that enforces a policy on the model, before checking against an adversary if a security requirement holds. [less ▲]

Detailed reference viewed: 183 (19 UL)
Full Text
Peer Reviewed
See detailSecurity analysis of socio-technical physical systems
Lenzini, Gabriele UL; Mauw, Sjouke UL; Ouchani, Samir UL

in Computers electrical engineering (2015)

Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too ... [more ▼]

Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too simple, they just estimate feasibility and not the likelihood of attacks, or they do estimate likelihood but on explicitly provided attacks only. We propose a model that can detect and quantify attacks. It has a rich set of agent actions with associated probability and cost. We also propose a threat model, an intruder that can misbehave and that competes with honest agents. The intruder’s actions have an associated cost and are constrained to be realistic. We map our model to a probabilistic symbolic model checker and we express templates of security properties in the Probabilistic Computation Tree Logic, thus supporting automatic analysis of security properties. A use case shows the effectiveness of our approach. [less ▲]

Detailed reference viewed: 173 (13 UL)
Full Text
Peer Reviewed
See detailOn the Probabilistic Verification of Time Constrained SysML State Machines
Baouya, Abdelhakim; Bennouar, Djamal; Mohamed, Otmane Ait et al

in Intelligent Software Methodologies, Tools and Techniques (2015)

Detailed reference viewed: 69 (0 UL)
Full Text
Peer Reviewed
See detailA Quantitative Verification Framework of SysML Activity Diagrams under Time Constraints
Baouya, Abdelhakim; Bennouar, Djamal; Mohamed, Otmane Ait et al

in Expert Systems with Applications (2015)

Detailed reference viewed: 73 (2 UL)
Full Text
Peer Reviewed
See detailGenerating attacks in SysML activity diagrams by detecting attack surfaces
Ouchani, Samir UL; Lenzini, Gabriele UL

in Journal of Ambient Intelligence and Humanized Computing (2015), 6(3), 361-373

In the development process of a secure system is essential to detect as early as possible the system’s vulnerable points, the so called attack surfaces, and to estimate how feasible it would be that known ... [more ▼]

In the development process of a secure system is essential to detect as early as possible the system’s vulnerable points, the so called attack surfaces, and to estimate how feasible it would be that known attacks breach through them. Even if attack surfaces can be sometimes detected automatically, mapping them against known attacks still is a step apart. Systems and attacks are not usually modelled in compatible formalisms. We develop a practical framework that automates the whole process. We formalize a system as SysML activity diagrams and in the same formalism we model libraries of patterns taken from standard catalogues of social engineering and technical attacks. An algorithm that we define, navigates the system’s diagrams in search for its attack surfaces; then it evaluates the possibility and the probability that the detected weak points host attacks among those in the modelled library. We prove the correctness and the completeness of our approach and we show how it works on a use case scenario. It represents a very common situation in the domain of communication and data security for corporations. [less ▲]

Detailed reference viewed: 107 (4 UL)
Full Text
Peer Reviewed
See detailSpecification, verification, and quantification of security in model-based systems
Ouchani, Samir UL; Debbabi, Mourad

in Computing (2015), 97

Modern systems are more and more complex and security has become a key component in the success of software and systems development. The main challenge encountered in industry as well as in academia is to ... [more ▼]

Modern systems are more and more complex and security has become a key component in the success of software and systems development. The main challenge encountered in industry as well as in academia is to develop secure products, prove their security correctness, measure their resilience to attacks, and check if vulnerabilities exist. In this paper, we review the state-of-the-art related to security specification, verification, and quantification for software and systems that are modeled by using UML or SysML language. The reviewed work fall into the field of secure software and systems engineering that aims at fulfilling the security as an afterthought in the development of secure systems. [less ▲]

Detailed reference viewed: 160 (3 UL)
Full Text
Peer Reviewed
See detailA probabilistic and timed verification approach of SysML state machine diagram
Baouya, Abdelhakim; Bennouar, Djamal; Mohamed, Otmane Ait et al

in A probabilistic and timed verification approach of SysML state machine diagram (2015)

Detailed reference viewed: 56 (2 UL)
Full Text
Peer Reviewed
See detailAttacks Generation by Detecting Attack Surfaces
Ouchani, Samir UL; Lenzini, Gabriele

Scientific Conference (2014)

Detailed reference viewed: 101 (15 UL)