fault tree represent at ion of securit y requirement s 0
play

Fault Tree Represent at ion of Securit y Requirement s 0 Work in - PowerPoint PPT Presentation

Jul 16, 2023 •375 likes •618 views

Fault Tree Represent at ion of Securit y Requirement s 0 Work in progress Work in progress One Picture is Worth a Thousand Words Couple Dozen Connectives I liano Cer vesat o iliano@itd.nrl.navy.mil I TT I ndust r ies, inc @ NRL Washingt

  1. Fault Tree Represent at ion of Securit y Requirement s 0

  2. Work in progress Work in progress One Picture is Worth a Thousand Words Couple Dozen Connectives I liano Cer vesat o iliano@itd.nrl.navy.mil I TT I ndust r ies, inc @ NRL Washingt on, DC ht t p:/ / t heory.st anf ord.edu/ ~iliano Joint work with Cathy Meadows UMBC meeting Baltimore, MD October 1-2, 2003

  3. How this work came about Analysis of GDOI group prot ocol ! Requir ement s expressed in NP ATRL " Novel gr oup pr oper t ies " Medium size specif icat ions – Dozen oper at ors " Lot s of f ine-t uning ! Dif f icult t o read and shar e specs. ! I nf ormal use of f ault t rees " I nt uit ive visualizat ion medium " Became f avor ed language ! For mal r elat ion wit h NPATRL Fault Tree Represent at ion of Securit y Requirement s 2

  4. Security Requirements Describe what a prot ocol should do • Ver if ied by ! Model checking ! Mat hemat ical pr oof ! Pat t er n-mat ching (in some cases) • Expr essed ! I nf or mally ! Semi-f or mally ! For mal language • Adequat e f or t oy pr ot ocols BUT, do not scale t o r eal prot ocols Fault Tree Represent at ion of Securit y Requirement s 3

  5. Example: Kerberos 5 [CSFW’02] • Semi-f ormal ! But ver y pr ecise • Bulky and unint uit ive ! Requir es sever al r eadings t o gr asp Fault Tree Represent at ion of Securit y Requirement s 4

  6. Example: GDOI [CCS’01] • Formal ! NPATRL pr ot ocol spec. language • Ok f or a comput er • Bulky and unint uit ive f or humans ! About 20 oper at or s Fault Tree Represent at ion of Securit y Requirement s 5

  7. Example: Authentication [Lowe, CSFW’97] • I nf ormal ! Made pr ecise as CSP expr essions • Simple, but … ! … many ver y similar def init ions Fault Tree Represent at ion of Securit y Requirement s 6

  8. The Problem • Desired propert ies are dif f icult t o ! Phrase & get right ! Explain & underst and ! Modif y & keep right • Examples ! Endless back and f ort h on GDOI " Ar e specs. r ight now? ! K5 propert ies read over and over Fault Tree Represent at ion of Securit y Requirement s 7

  9. Dealing with Textual Complexity • HCI response: graphical present at ion • Our approach: Dependence Trees ! Re-int erpret at ion of f ault t rees ! 2D represent at ion of NPATRL ! I nt uit ive f or medium size specs. Fault Tree Represent at ion of Securit y Requirement s 8

  10. Example: Kerberos 5 • Excises t he gist of t he t heor em • Highlight s dependencies • Fair ly int uit ive ! … in a minut e … Fault Tree Represent at ion of Securit y Requirement s 9

  11. Example: GDOI • I somor phic t o NP ATRL specif icat ions • Much mor e int uit ive ! … in a minut e … Fault Tree Represent at ion of Securit y Requirement s 10

  12. Example: Authentication • Formalize def init ions • Easy t o compare … ! … and r emember … Fault Tree Represent at ion of Securit y Requirement s 11

  13. Rest of this Talk • Logic f or prot ocol specs ! NPATRL Logic ! NRL Prot ocol Analyzer f ragment ! Model checking • Precedence t rees ! Fault t rees ! NPATRL semant ics • Analysis of an example • Fut ure Work Fault Tree Represent at ion of Securit y Requirement s 12

  14. NPATRL • Formal language f or prot ocol requirement s ! Simple t empor al logic • Designed f or NRL Prot ocol Analyzer ! Simplif y input of pr ot ocol specs " Sequences of event s t hat should not occur ! Applies beyond NP A • Used f or many prot ocols ! SET, GDOI , … Fault Tree Represent at ion of Securit y Requirement s 13

  15. NPATRL Logic • Event s init iat or _accept _key( A, (B,S), (K AB ,n A ), N) name round act uat or ot her agent s t erms • Classical connect ives: ∧ , ∨ , ¬ , … • “Previously”: # ( ) init iat or _accept _key(A, (B,S), (K AB ,n A ), N) ⇒ # server _sent _key(S, (A,B), (K AB ), _) Fault Tree Represent at ion of Securit y Requirement s 14

  16. NPA Fragment NPA uses a small f ragment of NPATRL R ::= a ⇒ F F ::= E | ¬ E | F 1 ∧ F 2 | F 1 ∨ F 2 E ::= # a | # (a ∧ F) • Ef f icient model checking Fault Tree Represent at ion of Securit y Requirement s 15

  17. Fault Trees • Saf et y analysis of syst em design ! Root is a f ailure sit uat ion " Ext ended t o behavior descr ipt ions ! I nner nodes ar e condit ions enabling f ault " Event s " Combinat or s (logical gat es) canBoard • Example ! A passenger needs a t icket and a phot o I D hasTicket hasI D t o boar d a plane, but should not carr y a weapon carriesWeapon Fault Tree Represent at ion of Securit y Requirement s 16

  18. R ::= a ⇒ F F ::= E | ¬ E | F 1 ∧ F 2 | F 1 ∨ F 2 Precedence Trees E ::= # a | # (a ∧ F) • Fault t ree represent at ion of NPATRL NPA ! I somor phism a a R ::= E ::= a F F F ::= E E F 1 F 2 F 1 F 2 Fault Tree Represent at ion of Securit y Requirement s 17

  19. “Recency Freshness” in GDOI if a member accept s a key f r om t he cont r oller in a pr ot ocol r un, no newer key should have been dist r ibut ed pr ior t o t he mem- ber ' s r equest member_accept _key(M,G,(K GM ,K old ),N) ⇒ # gcks_loseparwisekey(G,(),(M,K GM ),_) ∨ ¬ ( # ( member_request key(M,G,(),N) ∧ # gcks_creat ekey(G,(),K new ,K old ),_))) Fault Tree Represent at ion of Securit y Requirement s 18

  20. “Sequential Freshness” in GDOI if a member accept s a key f r om t he gr oup cont r oller in a pr ot o- col r un, t hen it should not have pr eviously accept ed a lat er key member_accept _key(M,G,(K GM ,K old ),_) ⇒ # gcks_loseparwisekey(G,(),(M,K GM ),_) ∨ ¬ ( # (member_accept key(M,G,(K GM ,K new ),_) ∧ # ( gcks_creat ekey(G,(),K new ,K ’ ),_) ∧ # gcks_creat ekey(G,(),K old ,K ’’ ),_)))) Fault Tree Represent at ion of Securit y Requirement s 19

  21. Conclusions • Explor ed t r ee r epr esent at ion of pr ot ocol reqs. ! Pr omising init ial r esult s ! Complex r equir ement s now int uit ive • Pr ecedence t r ees ! Dr aw f r om f ault t r ees r esear ch ! Specialized t o NPATRL and NPA ! NPATRL semant ics ! Bet t er under st anding of NPATRL • Paper s ! “A Fault -Tr ee Repr esent at ion of NPATRL Secur it y Requir ement s”, wit h Cat hy Meadows " WI TS’03 " TCS (long version, submit t ed) Fault Tree Represent at ion of Securit y Requirement s 20

  22. Future Work – Theory • What propert ies can be expressed? ! All of saf et y? ! Liveness? • Graphical equivalence of requirement s? • Expressive power ! Recur sive t rees? ! Mor e complex quant if ier pat t er ns? • Graphical gist of t heorems ! Usef ul classes? ! Pr oof s? Fault Tree Represent at ion of Securit y Requirement s 21

  23. Future Work – Practice • Gain f urt her experience ! Can t hey be used f or ot her requir ement s? • Scaling up ! When ar e t r ees so big t hey ar e non-int uit ive? " Exist ing r equir ement s? ! Modular it y • I nt eract ion wit h f ault t ree communit y ! Br oader applicat ions of dependence t rees? ! Tools we can use? " NPATRL < -> dependence t r ees Fault Tree Represent at ion of Securit y Requirement s 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya

Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya

Reliability Maintenance and Managing Risk Conference 2019 Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya Supportability Systems Engineer Northrop Grumman Alpana.Gangopadhyaya@ngc.com Phone Number

466 views • 18 slides
Requirement Requirement Requirement Requirement Engineering Engineering Engineering

Requirement Requirement Requirement Requirement Engineering Engineering Engineering

Requirement Requirement Requirement Requirement Engineering Engineering Engineering Engineering Outline Stakeholders Context diagram and interfaces Types of requirements Numbering requirements Scenarios, sequence diagrams

586 views • 39 slides
Analysis of 802.11 Securit y or Wired Equivalent Privacy I snt Nikit a Borisov, I an

Analysis of 802.11 Securit y or Wired Equivalent Privacy I snt Nikit a Borisov, I an

Analysis of 802.11 Securit y or Wired Equivalent Privacy I snt Nikit a Borisov, I an Goldberg, and David Wagner WEP Prot ocol Wired Equivalent Privacy Part of t he 802.11 Link-layer securit y prot ocol Securit y Goals

608 views • 25 slides
Data Requirement for Species Tree from Multiple Gene Trees (Dasarathy, Nowak, Roch 2015) Daewon

Data Requirement for Species Tree from Multiple Gene Trees (Dasarathy, Nowak, Roch 2015) Daewon

Data Requirement for Species Tree from Multiple Gene Trees (Dasarathy, Nowak, Roch 2015) Daewon Seo Mar. 14. 2017 Introduction Incomplete Lineage Sorting (ILS), . Gene tree topologies could be different from species tree Two

237 views • 11 slides
Trees Chapter 4 1 Objectives Understand the terminology of the tree data structure Represent

Trees Chapter 4 1 Objectives Understand the terminology of the tree data structure Represent

Trees Chapter 4 1 Objectives Understand the terminology of the tree data structure Represent a tree structure in a program Understand the importance of the binary trees Use a binary search tree for storing ordered elements 2 Motivation

651 views • 22 slides
HyperG Solution Introduction Agenda HyperG yo your best Securit ity &amp; Smart Solutio

HyperG Solution Introduction Agenda HyperG yo your best Securit ity &amp; Smart Solutio

HyperG Solution Introduction Agenda HyperG yo your best Securit ity &amp; Smart Solutio ion Cho hoic ice 3S Cyber Security Solution S S Securit ity app app S S Securit ity smart Off ffic ice S S

674 views • 34 slides
INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Vulnerability Analysis on Smart Cards using Fault Tree Guillaume Bouffard Bhagyalekshmy N Thampi Jean-Louis Lanet Smart Secure Devices (SSD) Team

705 views • 39 slides
CUDA accelerated fault tree analysis with C-XSC Gabor Rebner 1 , Michael Beer 2 1 Department of

CUDA accelerated fault tree analysis with C-XSC Gabor Rebner 1 , Michael Beer 2 1 Department of

Table of Contents Motivation Definitions Implementation Conclusion References CUDA accelerated fault tree analysis with C-XSC Gabor Rebner 1 , Michael Beer 2 1 Department of Computer and Cognitive Sciences (INKO) University of Duisburg-Essen

324 views • 19 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
1 Conceptual Example (III): Less formally (II) Or-tree-based Search n If all

1 Conceptual Example (III): Less formally (II) Or-tree-based Search n If all

2.4.3 Or-tree-based Search Formal Definitions (I) Or-tree-based Search Model A = ( S , T ): Basic Idea: n Prob set of problem descriptions If every solution is okay, represent the different n Altern Prob +

190 views • 3 slides
I mport ance of Net work Securit y? Think about The most pr ivat e, embar r assing

I mport ance of Net work Securit y? Think about The most pr ivat e, embar r assing

I mport ance of Net work Securit y? Think about The most pr ivat e, embar r assing or valuable 15: piece of inf or mat ion youve ever st or ed on a comput er Net work Securit y Basics How much you r ely on comput er

566 views • 7 slides
Objectives To design and implement a binary search tree (25.2). To represent binary trees

Objectives To design and implement a binary search tree (25.2). To represent binary trees

Chapter 25 Binary Search Trees Liang, Introduction to Java Programming, Tenth Edition, (c) 2013 Pearson Education, Inc. All 1 rights reserved. Objectives To design and implement a binary search tree (25.2). To represent binary trees

443 views • 18 slides
Fault Tree Generation from EMF Models Christoph Lauer 1 , Reinhard German 1 and Jens Pollmer 2 1

Fault Tree Generation from EMF Models Christoph Lauer 1 , Reinhard German 1 and Jens Pollmer 2 1

Computer Networks and Communication Systems Friedrich-Alexander-University Erlangen-Nuremberg Prof. Dr.-Ing. Reinhard German Fault Tree Generation from EMF Models Christoph Lauer 1 , Reinhard German 1 and Jens Pollmer 2 1 Department of Computer

558 views • 21 slides
Homework 5 Due Tuesday Oct 26 CLRS 14-2.2 (rb tree black height) CLRS 14-2.3 (rb tree

Homework 5 Due Tuesday Oct 26 CLRS 14-2.2 (rb tree black height) CLRS 14-2.3 (rb tree

Homework 5 Due Tuesday Oct 26 CLRS 14-2.2 (rb tree black height) CLRS 14-2.3 (rb tree depth) CLRS 14-1 (point of maximum overlap) CLRS 15.1-4 (assembly line space requirement) 1 Chapter 15: Dynamic programming Dynamic programming

1.04k views • 47 slides
CONTENTS Introduction 1. Faut Tree Analysis method (FTA) 2. The main steps of fault tree 3.

CONTENTS Introduction 1. Faut Tree Analysis method (FTA) 2. The main steps of fault tree 3.

th 13 Annual System of Systems Engineering Conference Q UANTITATIVE AND Q UALITATIVE R ELIABILITY A SSESSMENT OF R EPARABLE E LECTRICAL P OWER S UPPLY S YSTEMS USING F AULT T REE A NALYSIS M ETHOD AND I MPORTANCE F ACTORS Authors: Dallal.

972 views • 28 slides
Fault Isolation in a Multicast Tree using DYSWIS COMS 6181 Fall 2011 Phil Sphicas Goal

Fault Isolation in a Multicast Tree using DYSWIS COMS 6181 Fall 2011 Phil Sphicas Goal

Fault Isolation in a Multicast Tree using DYSWIS COMS 6181 Fall 2011 Phil Sphicas Goal Correlate faults between multicast receivers of the same stream, and pinpoint where in the network the loss occurred How do we detect faults?

470 views • 11 slides
RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES II MISTAKES II Eunsuk Kang Required

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES II MISTAKES II Eunsuk Kang Required

RISK AND PLANNING FOR RISK AND PLANNING FOR MISTAKES II MISTAKES II Eunsuk Kang Required reading: &quot;How Big Data Transformed Applying to College&quot;, Cathy O'Neil 1 LEARNING GOALS: LEARNING GOALS: Evaluate the risks of mistakes from

718 views • 61 slides
Foundations of Chemical Kinetics Lecture 15: Variational transition-state theory and the fate of

Foundations of Chemical Kinetics Lecture 15: Variational transition-state theory and the fate of

Foundations of Chemical Kinetics Lecture 15: Variational transition-state theory and the fate of the products Marc R. Roussel Department of Chemistry and Biochemistry Transition-state dividing surface (TSDS) Recrossing trajectories R BC R AB

378 views • 10 slides
The Fate of the EUs Sustainable Energy Policy Francis McGowan The EUs Energy and Climate

The Fate of the EUs Sustainable Energy Policy Francis McGowan The EUs Energy and Climate

The Fate of the EUs Sustainable Energy Policy Francis McGowan The EUs Energy and Climate Impact The EUs Record on Tackling Climate Change: How Much of a Leader? The 202020 by 2020 targets The Road to 2020: Easy Targets,. Or

542 views • 18 slides
Many Task Computing for Modeling the Fate of Oil Discharged from the Deep Water Horizon Well

Many Task Computing for Modeling the Fate of Oil Discharged from the Deep Water Horizon Well

Many Task Computing for Modeling the Fate of Oil Discharged from the Deep Water Horizon Well Blowout Ashwanth Srinivasan, Judith Helgers, Matthieu LeHenaff, Claire Paris, HeeSook Kang, Villy Kourafalou, Carlisle Thacker, Mohamed Iskandarani, Joel

544 views • 27 slides
One Picture is Worth a Thousand Words Couple Dozen Connectives Iliano Cervesato

One Picture is Worth a Thousand Words Couple Dozen Connectives Iliano Cervesato

Work in progress Work in progress One Picture is Worth a Thousand Words Couple Dozen Connectives Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC http://theory.stanford.edu/~iliano Joint work with Cathy

253 views • 22 slides
Acyclic Phase-Type Distributions in Fault Trees Pepijn Crouzen Reza Pulungan Dept. of Computer

Acyclic Phase-Type Distributions in Fault Trees Pepijn Crouzen Reza Pulungan Dept. of Computer

Theory Practice Conclusion Acyclic Phase-Type Distributions in Fault Trees Pepijn Crouzen Reza Pulungan Dept. of Computer Science Jurusan Ilmu Komputer Saarland University Universitas Gadjah Mada Germany Indonesia The 9th International

813 views • 49 slides
Reliability Engineering Overview Reliability engineering measures and improves resistance to

Reliability Engineering Overview Reliability engineering measures and improves resistance to

Reliability Engineering: A Brief Overview Mohammad Modarres Reliability Engineering Overview Reliability engineering measures and improves resistance to failure over time, estimates expended life, and predicts time-to-failure What

484 views • 5 slides
Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit:

Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit:

Building Trustworthy Systems on seL4 Ihor Kuz seL4 Summit: 25 September 2019 www.data61.csiro.au Overview What is a Trustworthy System? What does

747 views • 26 slides

More recommend