Browse ORBilu by Open Access
- What it is and what it isn't
- Green Road / Gold Road?
- Ready to Publish. Now What?
- How can I support the OA movement?
- Where can I learn more?
ORBilu is a project developed by
   Analysing the Efficacy of Security Policies in Cyber-Physical Socio-Technical SystemsLenzini, Gabriele  ; Mauw, Sjouke ; Ouchani, Samir in Barthe, Gilles; Markatos, Evangelos (Eds.) Security and Trust Management - STM 2016 (2016) A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question ... [more ▼] A crucial question for an ICT organization wishing to improve its security is whether a security policy together with physical access controls protects from socio-technical threats. We study this question formally. We model the information flow defined by what the organization's employees do (copy, move, and destroy information) and propose an algorithm that enforces a policy on the model, before checking against an adversary if a security requirement holds. [less ▲] Detailed reference viewed: 269 (20 UL) Security analysis of socio-technical physical systemsLenzini, Gabriele ; Mauw, Sjouke ; Ouchani, Samir in Computers electrical engineering (2015) Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too ... [more ▼] Recent initiatives that evaluate the security of physical systems with objects as assets and people as agents – here called socio-technical physical systems – have limitations: their agent behavior is too simple, they just estimate feasibility and not the likelihood of attacks, or they do estimate likelihood but on explicitly provided attacks only. We propose a model that can detect and quantify attacks. It has a rich set of agent actions with associated probability and cost. We also propose a threat model, an intruder that can misbehave and that competes with honest agents. The intruder’s actions have an associated cost and are constrained to be realistic. We map our model to a probabilistic symbolic model checker and we express templates of security properties in the Probabilistic Computation Tree Logic, thus supporting automatic analysis of security properties. A use case shows the effectiveness of our approach. [less ▲] Detailed reference viewed: 247 (16 UL)A Quantitative Verification Framework of SysML Activity Diagrams under Time Constraints; ; et al in Expert Systems with Applications (2015) Detailed reference viewed: 133 (2 UL)On the Probabilistic Verification of Time Constrained SysML State Machines; ; et al in Intelligent Software Methodologies, Tools and Techniques (2015) Detailed reference viewed: 117 (0 UL)A probabilistic and timed verification approach of SysML state machine diagram; ; et al in A probabilistic and timed verification approach of SysML state machine diagram (2015) Detailed reference viewed: 122 (2 UL)Specification, verification, and quantification of security in model-based systemsOuchani, Samir ; in Computing (2015), 97 Modern systems are more and more complex and security has become a key component in the success of software and systems development. The main challenge encountered in industry as well as in academia is to ... [more ▼] Modern systems are more and more complex and security has become a key component in the success of software and systems development. The main challenge encountered in industry as well as in academia is to develop secure products, prove their security correctness, measure their resilience to attacks, and check if vulnerabilities exist. In this paper, we review the state-of-the-art related to security specification, verification, and quantification for software and systems that are modeled by using UML or SysML language. The reviewed work fall into the field of secure software and systems engineering that aims at fulfilling the security as an afterthought in the development of secure systems. [less ▲] Detailed reference viewed: 234 (4 UL)Generating attacks in SysML activity diagrams by detecting attack surfacesOuchani, Samir ; Lenzini, Gabriele in Journal of Ambient Intelligence and Humanized Computing (2015), 6(3), 361-373 In the development process of a secure system is essential to detect as early as possible the system’s vulnerable points, the so called attack surfaces, and to estimate how feasible it would be that known ... [more ▼] In the development process of a secure system is essential to detect as early as possible the system’s vulnerable points, the so called attack surfaces, and to estimate how feasible it would be that known attacks breach through them. Even if attack surfaces can be sometimes detected automatically, mapping them against known attacks still is a step apart. Systems and attacks are not usually modelled in compatible formalisms. We develop a practical framework that automates the whole process. We formalize a system as SysML activity diagrams and in the same formalism we model libraries of patterns taken from standard catalogues of social engineering and technical attacks. An algorithm that we define, navigates the system’s diagrams in search for its attack surfaces; then it evaluates the possibility and the probability that the detected weak points host attacks among those in the modelled library. We prove the correctness and the completeness of our approach and we show how it works on a use case scenario. It represents a very common situation in the domain of communication and data security for corporations. [less ▲] Detailed reference viewed: 184 (5 UL)Attacks Generation by Detecting Attack SurfacesOuchani, Samir ; Scientific Conference (2014) Detailed reference viewed: 158 (15 UL) |
||
