behavior based reliable and resilient system development
play

Behavior based Reliable and Resilient System Development Dr. - PowerPoint PPT Presentation

Oct 09, 2022 •46 likes •246 views

Behavior based Reliable and Resilient System Development Dr. Muhammad Taimoor Khan Informatics System Institute Alpen-Adria University, Klagenfurt, Austria DeepSec 2017, Vienna Recent developments (since > 2014 ) 1. Socioeconomic 2.

  1. Behavior based Reliable and Resilient System Development Dr. Muhammad Taimoor Khan Informatics System Institute Alpen-Adria University, Klagenfurt, Austria DeepSec 2017, Vienna

  2. Recent developments (since > 2014 ) 1. Socioeconomic 2. Technological ◮ Insider attacks ◮ CompCert: Commercial ◮ Stealthy attacks (APT) certified C compiler ◮ Snowden revelations ◮ DeepSpec: End-to-end ◮ US policy for browsing certified software ◮ Automotive vehicles development (MIT, UPenn, insurance Yale, Princeton, Intel, MS, FB, Google, Amazon, . . . ) 3. Legislative 4. Business ◮ > 42 US states has passed > 240 cybersecurity related ◮ Rubica - first ever cyber bills ( ≥ 2017) crime insurance company ◮ No more blackbox computer offers upto 1 Million $ cyber fraud coverage systems in US Govt. sector ◮ CompCert

  3. Technological developments CompCert: Certified C Compiler May 2015 is a first formally verified optimizing C commercial compiler ◮ uses machine-checked mathematical proofs (i.e. certified) ◮ preserves semantics of source language - no extra behavior ◮ absence of miscompilation issues DeepSpec: NSF Project 2016–2021 ◮ academia - MIT, Penn, Yale, Princeton ◮ industry - Microsoft, Facebook, Amazon, Google, Intel, . . .

  4. DeepSpec - End Products

  5. Legislative developments NY and Colorado States CyberSecurity Regulations 2017 already effective since March and June of this year ◮ Penetration testing - Companies must provide annual proof of penetration tests, which use specialists to test weaknesses in company infrastructure ◮ Audit trails - The regulation requires covered entities to prove audit systems showing how they detect cybersecurity events ◮ Secure development - Regulated companies will have to prove that they use secure software development processes for in-house applications and they test the cybersecurity of external software ◮ Periodic risk assessments - Cybersecurity assessment is not a one-shot deal. February 2019 will also see companies submit their first reports, which demands periodic risk assessments to show that they are still compliant ◮ . . .

  6. Current system requirements Certified computing systems that ◮ support audit against regulations/laws/policies . . . among inter-disciplinary domains ◮ formally assure their reliability and security for operations ◮ are understandable by any machine or human ◮ can be verified by any machine ◮ are self-organized and resilient Application of program analysis and verification is key to challenges

  7. Challenges Modern computing systems involve ◮ Computation + Physics + Chemistry + Biology + . . . ◮ Algorithm + Logic + Control + . . . ◮ Inter-disciplinary domains (e.g., Economics, Energy, Medicine, Law, . . . ) Modern computing systems are integrating all operational domains ◮ systems have become hybrid and overly complex ◮ reliable and secure interaction among inter-disciplinary domains The systems must be self-aware and self-organized, i.e. they should know what they are trying to do.

  8. Context Given a system implementation/design/model C Show that C and its execution C e is correct/reliable and secure Existing solutions ◮ Testing and Simulation ◮ random or highly random - statistics based ◮ not rigorous ◮ not exhaustive ◮ no definition of a reliable test or a reliable simulation ◮ shows the presence of bugs/threats and not the absence of bugs/threats. Dijkstra ◮ no formal assurance/guarantee ◮ Standardization Organizations, e.g. ISO ◮ manual based on testing and simulations ◮ mostly emperical ◮ no formal assurance The solutions are quantitative and does not offer formal assurances

  9. Our strategy and approach Our strategy ◮ Build it right and continuously monitor We certify that ◮ the design of C is reliable and secure ◮ and its execution C e is also reliable and secure Our approach ◮ Specify the behavior of a system S as its 1. functional properties, e.g. pre- and post-conditions, invariant 2. non-functional properties, e.g. security, performance, energy ◮ Certify that the design C meets its specification S ◮ through step-wise but sound refinements of the design ◮ Monitor the execution C e through a middleware ◮ ARMET: comparing the executions of specification S and implementation C e

  10. The system behavior The behavior characterizes computations operating on input data Can we assure that ◮ the computations are reliable and secure, e.g ◮ behave as expected ◮ terminate ◮ are free of bugs/errors ◮ cannot be compromised by any insider or external adversary ◮ the external-input data is reliable, e.g. ◮ do we believe that we see is real? ◮ data can be legal but not real - data integrity threat

  11. Our assurance We certify that ◮ the computations design is reliable and secure ◮ through stepwise refinement of the system specification ◮ the external-input data is free of integrity threats ◮ through non-linear verification based vulnerability analysis of the system specification ◮ the computations execution is reliable and secure ◮ through monitoring the consistency between expected and execution behaviors ◮ optionally, through monitoring the identified integrity vulnerabilities We design the computations in known environment and execute the computations in unknown environment

  12. Program derivation through stepwise refinement Abstract data type based declarative specification Proof constructed and checked with Coq , a general-purpose logic platform

  13. Example specification Specification with a set of behaviors

  14. Example code Single program with one behavior

  15. ARMET - monitoring and resilience

  16. Demo

  17. ARMET - reliable, secure and resilient software ◮ Self-aware system ◮ through specification and dependency-directed reasoning ◮ System is allowed to only behave legally ◮ specify legal behavior of the system (predictions) ◮ observe runtime behavior of the system (observations) ◮ continuous monitoring of prediction/observation consistency ◮ IF inconsistency, THEN diagnosis ◮ recovery (safe state from alternate, reliable resources) ◮ Detection of known and unknown errors and attacks ◮ as inconsistency between observations and predictions ◮ System adaptability to evolving constraints, standards ◮ specify policies as legal behavior and monitor behavioral consistency ◮ ARMET is sound and complete ◮ whenever there is an attack or error, it alarms ◮ whenever it alarms, there is an attack or error

  18. Automated vulnerability analysis for data integrity Vulnerability analysis in non-linear domain is NP hard ◮ requires solving logical combination of non-linear constraints ◮ non-convex and non-smooth optimization ◮ multiple feasible regions ◮ multiple locally optimal points within each region δ -complete decision procedure solves the problem, e.g. dReal Given: a model of system (may include non-linear constraints) and a set of properties with an error δ Ask : are there any values that satisfy the model but are not real? 1. No (unsat) ◮ there are no such values ◮ you are safe 2. Yes ( δ -sat) ◮ there are such values (returns set of values) ◮ values are vulnerabilities/attack vectors for the model ◮ remove such vulnerabilities from the design ◮ refinine/strengthen the model/constraints ◮ until unsat

  19. Team ◮ Muhammad Taimoor Khan ◮ Informatics System Institute, Alepn-Adria University, Austria ◮ Dimitrios Serpanos ◮ Director, Industrial Systems Institute, Uni. of Patras, Greece ◮ Howard Shrobe ◮ Director CyberSecurityInitiative, MIT CSAIL, USA ◮ and all collaborators

  20. Thanks

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Behavior Based Saf ety Behavior Based Saf ety PCL INDUSTRIAL CONSTRUCTORS INC. Objectives Upon

Behavior Based Saf ety Behavior Based Saf ety PCL INDUSTRIAL CONSTRUCTORS INC. Objectives Upon

Behavior Based Saf ety Behavior Based Saf ety PCL INDUSTRIAL CONSTRUCTORS INC. Objectives Upon completion of this presentation the participants will: Define activator, behavior, and consequence. Classify consequences to determine their

738 views • 71 slides
Hindalco Industries Ltd. A Sustainable Business Model Transforming towards a Resilient, Reliable

Hindalco Industries Ltd. A Sustainable Business Model Transforming towards a Resilient, Reliable

Hindalco Industries Ltd. A Sustainable Business Model Transforming towards a Resilient, Reliable and Responsible future Motilal Oswal Annual Investor Conference 2019 20 th August, 2019 Presented by : Satish Pai, Managing Director Hindalcos -

595 views • 23 slides
Phase 2 Data Launch 12/6/17 Whats the Problem? Fast, reliable and resilient internet

Phase 2 Data Launch 12/6/17 Whats the Problem? Fast, reliable and resilient internet

Fastershire Phase 2 Data Launch 12/6/17 Whats the Problem? Fast, reliable and resilient internet access increasingly important for business and society Growing number of commercial and service interactions delivered exclusively

405 views • 27 slides
Operating a Resilient & Reliable Network Edinburgh International Conference Centre, 5 th

Operating a Resilient & Reliable Network Edinburgh International Conference Centre, 5 th

Operating a Resilient & Reliable Network Edinburgh International Conference Centre, 5 th March 2019 Welcome & Housekeeping Name Badge Agenda Welcome and housekeeping Introduction Dave McKay, Director of Operations

422 views • 24 slides
Designing Reliable, High-Performance Networks . . . with the Nuprl Proof Development System

Designing Reliable, High-Performance Networks . . . with the Nuprl Proof Development System

Designing Reliable, High-Performance Networks . . . with the Nuprl Proof Development System Christoph Kreitz Department of Computer Science, Cornell University Ithaca, NY 14853 The Nuprl Project Computational Formal

338 views • 23 slides
SAQL : A Stream-based Query System for Real-Time SA Abnormal System Behavior Detection Peng Gao 1

SAQL : A Stream-based Query System for Real-Time SA Abnormal System Behavior Detection Peng Gao 1

SAQL : A Stream-based Query System for Real-Time SA Abnormal System Behavior Detection Peng Gao 1 , Xusheng Xiao 2 , Ding Li 3 , Zhichun Li 3 , Kangkook Jee 3 , Zhenyu Wu 3 , Chung Hwan Kim 3 , Sanjeev R. Kulkarni 1 , Prateek Mittal 1 1 Princeton

453 views • 24 slides
Co-processor-based Behavior Monitoring Application to the Detection of Attacks Against the System

Co-processor-based Behavior Monitoring Application to the Detection of Attacks Against the System

Co-processor-based Behavior Monitoring Application to the Detection of Attacks Against the System Management Mode ACSAC, December 7, 2017 Ronny Chevalier 1,2 Maugan Villatel 1 David Plaquin 1 Guillaume Hiet 2 1 HP Labs, United Kingdom (

875 views • 45 slides
Competency Based Workforce Development for a Resilient Rural Economy Corinne Finnie Director,

Competency Based Workforce Development for a Resilient Rural Economy Corinne Finnie Director,

Competency Based Workforce Development for a Resilient Rural Economy Corinne Finnie Director, Regional Stewardship Department Bow Valley College cfinnie@bowvalleycollege.ca 403-410-3424 Vision To be an innovative world-class college, rooted

226 views • 19 slides
LRR-DPUF: Learning Resilient and Reliable Digital Physical Unclonable Function Jin Miao 1 Meng Li

LRR-DPUF: Learning Resilient and Reliable Digital Physical Unclonable Function Jin Miao 1 Meng Li

LRR-DPUF: Learning Resilient and Reliable Digital Physical Unclonable Function Jin Miao 1 Meng Li 2 Subhendu Roy 1 Bei Yu 3 1 Cadence Design Systems 2 University of Texas at Austin 3 The Chinese University of Hong Kong 1 / 26 Outline

400 views • 26 slides
Resilient, reliable, and renewable: A new approach to designing the electric grid Josh Valentine

Resilient, reliable, and renewable: A new approach to designing the electric grid Josh Valentine

Resilient, reliable, and renewable: A new approach to designing the electric grid Josh Valentine Outreach & Communications Manager Clean Coalition www.clean-coalition.org May 10, 2016 Making Clean Local Energy Accessible Now Our mission

975 views • 31 slides
Future Electric Power Systems efficient, reliable, secure, resilient, adaptable, and economic 1

Future Electric Power Systems efficient, reliable, secure, resilient, adaptable, and economic 1

Future Electric Power Systems efficient, reliable, secure, resilient, adaptable, and economic 1 Sharif University of Technology March 6, 2018 IoT-aided Smart Grid Amir Safdarian IoT and Smart Grid The IoT is defined as a network that can

372 views • 18 slides
Resilient Food Systems, Resilient Cities Presented by Kim Zeuli Resilience A

Resilient Food Systems, Resilient Cities Presented by Kim Zeuli Resilience A

Resilient Food Systems, Resilient Cities Presented by Kim Zeuli Resilience A resilient Growing food Processing system Distribution 60% of NYCs produce; 50% meat and fish 28% of site in

181 views • 15 slides
Behavior through Data: Behavior Incident Report System Myrna Veguilla Lise Fox University of

Behavior through Data: Behavior Incident Report System Myrna Veguilla Lise Fox University of

Addressing Challenging Behavior through Data: Behavior Incident Report System Myrna Veguilla Lise Fox University of South Florida Agenda Introduction to the Behavior Incident Report System BIRS Excel Spreadsheet Questions Our goal is

863 views • 31 slides
Misinformation Debunking Myths and Finding Reliable News Sources OPS Behavior & Engagement

Misinformation Debunking Myths and Finding Reliable News Sources OPS Behavior & Engagement

Misinformation Debunking Myths and Finding Reliable News Sources OPS Behavior & Engagement Symposium January 2020 Randy Warner Dr. Lori Franklin eLearning Coordinator Library Media Coordinator At the end of this presentation you will

996 views • 74 slides
Memory System Behavior of Java-Based Middleware Martin Karlsson, Kevin E. Moore, Erik Hagersten

Memory System Behavior of Java-Based Middleware Martin Karlsson, Kevin E. Moore, Erik Hagersten

Memory System Behavior of Java-Based Middleware Martin Karlsson, Kevin E. Moore, Erik Hagersten and David A. Wood February 11, 2003 Ninth International Symposium on High Performance Computer Architecture Java-Based Middleware: An Important New

284 views • 26 slides
Corruption in the criminal justice system: a robust and resilient system Cheyanne

Corruption in the criminal justice system: a robust and resilient system Cheyanne

Corruption in the criminal justice system: a robust and resilient system Cheyanne Scharbatke-Church The Fletcher School/Tufts, CDA, Besa cheyanne@besacsc.org Our purpose develop an analytic process to understand the system of corruption in

554 views • 26 slides
Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic Equivalences and Abstraction bisimulation CTL, CTL*-equivalence computing the

1.95k views • 194 slides
CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings

CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings

CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings 215.895.0298 yfcai@cs.drexel.edu 1 Drexel University Design within the Context of Software Engineering 2 Drexel University Software Design Between

561 views • 28 slides
In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu

In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu

Exhaustive search, backtracking, object-oriented Queens After today, you should be able to In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu Queens ens A taste of artificial intelligence

637 views • 19 slides
verifiedSCION: Verified Secure Routing Peter Mller Joint work with the verifiedSCION Team at

verifiedSCION: Verified Secure Routing Peter Mller Joint work with the verifiedSCION Team at

verifiedSCION: Verified Secure Routing Peter Mller Joint work with the verifiedSCION Team at ETH Security and Correctness Protocol-level properties - Path validity : Constructed paths are valid and reflect the routing decisions by on-path

294 views • 8 slides
Hybrid I/O Automata Nancy Lynch, MIT Roberto Segala, University of Verona Frits Vaandrager,

Hybrid I/O Automata Nancy Lynch, MIT Roberto Segala, University of Verona Frits Vaandrager,

Hybrid I/O Automata Nancy Lynch, MIT Roberto Segala, University of Verona Frits Vaandrager, University of Nijmegen http://www.cs.kun.nl/~fvaan I/O Automata (Lynch & Tuttle, 87; Jonsson 87) Purpose Formal model for

984 views • 61 slides
Search for More Declarativity Backward Reasoning for Rule Languages Reconsidered Simon Brodt

Search for More Declarativity Backward Reasoning for Rule Languages Reconsidered Simon Brodt

Motivation D&B-search Search & Partial Ordering Conclusion Search for More Declarativity Backward Reasoning for Rule Languages Reconsidered Simon Brodt Franois Bry Norbert Eisinger Institute for Informatics, University of Munich,

1.64k views • 142 slides
Architectural Styles Reid Holmes Lecture 5 - Tuesday, September 28 2010. Objectives What are

Architectural Styles Reid Holmes Lecture 5 - Tuesday, September 28 2010. Objectives What are

Material and some slide content from: - Emerson Murphy-Hill - Software Architecture: Foundations, Theory, and Practice - Essential Software Architecture Architectural Styles Reid Holmes Lecture 5 - Tuesday, September 28 2010. Objectives

554 views • 28 slides
Introduction to Software Architecture Reid Holmes Architecture Architecture is: All

Introduction to Software Architecture Reid Holmes Architecture Architecture is: All

Introduction to Software Architecture Reid Holmes Architecture Architecture is: All about communication. What parts are there? How do the parts fit together? Architecture is not: About development. About

392 views • 18 slides

More recommend