Clark D. Thomborson

2009-01-01

Abstract:We provide a coherent framework for the design and analysis of secure systems. Our framework is inspired by Lawrence Lessig's modalities of control, by Niklas Luhmann's theory of trust, by existing models of information security, and by existing models of computer systems performance. Our framework provides a firm conceptual foundation for the study of control systems, Clark-Wilson systems, and the Collaboration Oriented Architecture recently proposed by The Jericho Forum. This seminar is designed for a generalist audience.

Aslan Askarov,Andrew Myers

DOI: https://doi.org/10.2168/LMCS-7%283%3A17%292011

2011-09-23

Abstract:Language-based information flow methods offer a principled way to enforce strong security properties, but enforcing noninterference is too inflexible for realistic applications. Security-typed languages have therefore introduced declassification mechanisms for relaxing confidentiality policies, and endorsement mechanisms for relaxing integrity policies. However, a continuing challenge has been to define what security is guaranteed when such mechanisms are used. This paper presents a new semantic framework for expressing security policies for declassification and endorsement in a language-based setting. The key insight is that security can be characterized in terms of the influence that declassification and endorsement allow to the attacker. The new framework introduces two notions of security to describe the influence of the attacker. Attacker control defines what the attacker is able to learn from observable effects of this code; attacker impact captures the attacker's influence on trusted locations. This approach yields novel security conditions for checked endorsements and robust integrity. The framework is flexible enough to recover and to improve on the previously introduced notions of robustness and qualified robustness. Further, the new security conditions can be soundly enforced by a security type system. The applicability and enforcement of the new policies is illustrated through various examples, including data sanitization and authentication.

Programming Languages,Cryptography and Security

Haixin Duan,Jianping Wu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2000.05.008

2000-01-01

Abstract:The definitions of some concepts related to security architecture for computer networks are presented firstly in this paper, and then, a framework is proposed from the aspect of security requirements. Based on the analysis of dependence among security services, a method is presented for classifying and rating network security according to se curity services and mechanisms. After the analysis of security mechanisms in TCP/IP protocol including IPSec and SSL, a protocol layered entity model is presented for implementation of security services and security management. From the aspect of entity unit, all kinds of security technologies are organized into to four layers. The place of security management in the architecture and content of management activities for large networks are described. At the end of this paper, further research directions are pointed about the security architecture.

Ahmed I. Al-Darwish,Pilsung Choe

DOI: https://doi.org/10.1007/978-3-030-22351-9_15

2019-01-01

Abstract: Information systems support organizations to achieve strategic competitiveness over other organizations and assist senior management in the decision-making process. In addition, they help organizations in timely implementation of projects and effective risk management. A reliable and coherent Information System requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organizations doing business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. This paper provides an integrated framework that classifies and holistic view of challenges in Information Security Systems, and their interrelationships. The framework is expected to provide a basis that can be used to evaluate individual organizational members’ behavior and the adequateness of existing security measures.

Lin Liu,Eric Yu,John Mylopoulos

2002-01-01

Abstract:Security issues for software systems ultimately concern relationships among social actors -- stakeholders, users, potential attackers, etc. -- and software acting on their behalf. In assessing vulnerabilities and mitigation measures, actors make strategic decisions to achieve desired levels of security while trading off competing requirements such as costs, performance, usability and so on. This paper explores the explicit modeling of relationships among strategic actors in order to elicit, identify and analyze security requirements. In particular, actor dependency analysis helps in the identification of attackers and their potential threats, while actor goal analysis helps to elicit the dynamic decision making process of system players for security issues. Patterns of relationships at various levels of abstraction (e.g. intentional dependencies among abstract roles) can be studied separately. These patterns can be selectively applied and combined for analyzing specific system configurations. The approach is particularly suitable for new Internet applications where layers of software entities and human roles interact to create complex security challenges. Examples from Peer-to-Peer computing are used to illustrate the proposed framework.

William A. Wulf,Chenxi Wang,darrell m kienzle

DOI: https://doi.org/10.1145/304851.304860

1996-01-01

Abstract:With the rapid growth of the information age, electronic activities of many kinds are becoming more common. The need for protection and security in this environment has never been greater. The conventional approach to security has been to enforce a system-wide policy, but this approach will not work for large distributed systems where entirely new security issues and concerns are emerging.We argue that a new model is needed that shifts the emphasis from "system as enforcer" to user-definable policies in which the cost scales with the degree of security required. Users ought to be able to select the level of security they need and pay only the overhead necessary to achieve it. Moreover, ultimately, they must be responsible for their own security. This research is being carried out in the context of the Legion project. We start by describing the objectives and philosophy of the overall project and then present our conceptual model and tentative implementation plan. A set of technical challenges is also addressed.

J Liu,J Eker,JW Janneck,XJ Liu,EA Lee

DOI: https://doi.org/10.1109/tcst.2004.824310

IF: 4.8

2004-01-01

IEEE Transactions on Control Systems Technology

Abstract:Complex control systems are heterogeneous, in the sense of discrete computer-based controllers interacting with continuous physical plants, regular data sampling interleaving with irregular communication and user interaction, and multilayer and multimode control laws. This heterogeneity imposes great challenges for control system design in terms of end-to-end control performance modeling and simulation, traceable refinements from algorithms to software/hardware implementation, and component reuse. This paper presents an actor-oriented design methodology that tackles these issues by separating the data-centric computational components (a.k.a. actors) and the control-flow-centric scheduling and activation mechanisms ( a.k.a. frameworks). Semantically different frameworks are composed hierarchically to manage heterogeneous models and achieve actor and framework reuse. We introduce a notion of responsible frameworks to characterize the property that a framework can aggregate individual actor's execution into a well-defined composite execution such that heterogeneous models can be composed. This methodology is implemented in the Ptolemy II software environment. We discuss how some of the most useful models for control system design are implemented as responsible frameworks. As an example, the methodology and the Ptolemy II software environment is applied to the design of a distributed, real-time software implementation of a pendulum inversion and stabilization system.

Lin Liu,Eric Yu,John Mylopoulos

2002-01-01

Abstract:Security issues for software systems ultimately concern relationships among social actors – stakeholders, users, potential attackers, etc. -and software acting on their behalf. In assessing vulnerabilities and mitigation measures, actors make strategic decisions to achieve desired levels of security while trading off competing requirements such as costs, performance, usability and so on. This paper explores the explicit modeling of relationships among strategic actors in order to elicit, identify and analyze security requirements. In particular, actor dependency analysis helps in the identification of attackers and their potential threats, while actor goal analysis helps to elicit the dynamic decision making process of system players for security issues. Patterns of relationships at various levels of abstraction (e.g. intentional dependencies among abstract roles) can be studied separately. These patterns can be selectively applied and combined for analyzing specific system configurations. The approach is particularly suitable for new Internet applications where layers of software entities and human roles interact to create complex security challenges. Examples from Peer-to-Peer computing are used to illustrate the proposed framework.

Feng Wang,Baoshan Ge,Li Zhang,Yong Chen,Yang Xin,Xiayuan Li

DOI: https://doi.org/10.1002/sres.2184

2013-04-04

Systems Research and Behavioral Science

Abstract:After analysing the security conditions in current Enterprise Systems (ES), this paper proposes a systematic framework that is based on the Secure Sockets Layer Virtual Private Network (SSL‐VPN) for improving security management. This framework takes account of several key aspects such as channel strategy, network pattern, workstation authentication, identity authentication, security workflow, etc. The proposed framework has the following advantages: low cost, high performance, easy to implement, and strong security control pattern. In addition, this paper proposes a dynamic security strategy that is about authorizing user ID and roles dynamically and conducting real‐time mapping via agent or proxy technologies. Copyright © 2013 John Wiley & Sons, Ltd.

management,social sciences, interdisciplinary

Stephen S. Yau,Yisheng Yao

2006-01-01

Abstract:A major advantage of the emerging service-oriented computing technology is its ability to enable rapid formation of large-scale distributed systems by composing massively available services to achieve the system goals, regardless of the programming languages and platforms used to develop and run these services. For these systems which often involve interactions among multiple organizations over various networks, how to manage and enforce security policies is the prime concern in assuring that only authorized users or systems have the access to massively available services. However, with the increasing scalability and flexibility required by the dynamic service-oriented computing environments, manage and enforce security policies in such systems is a very challenging task. Existing research efforts have not sufficiently addressed this challenging task for enabling systematic security policy management and enforcement in service-oriented systems. In this dissertation research, a framework based on formal foundations is developed for dynamically, yet systematically, managing and enforcing security policies in service-oriented systems. This framework includes a security policy meta-model and a runtime security policy execution model for security decision making and enforcement. The security policy meta-model will be used to provide unambiguous security policy specifications and to facilitate sound and complete security policy reasoning, such as consistency checking, redundancy analysis, security policy specification composition, and automated security service synthesis from declarative security policy specifications. Analysis of expressiveness of this security policy meta-model is also provided in this dissertation. The runtime security policy execution model is developed for enforcing the security policies with provable correctness. This framework will also include tools for generating and deploying security services to compute and enforce security decisions based on security policies, credentials and situational information. With this framework, various parties of large-scale service-oriented systems can easily manage and enforce security policies to meet their security requirements under various situations. Examples are provided to show the effectiveness of the framework.

ZJ He,T Phan,TD Nguyen

DOI: https://doi.org/10.1109/reldis.2005.17

2006-01-01

Journal of Computers

Abstract:We propose and evaluate a novel framework for enforcing global coordination and control policies over interacting software components in enterprise computing environments. This framework combines a per-node reference monitor with two existing coordination and control systems to enforce policies that, among other properties, are stateful and communal. Each reference monitor filters messages exchanged between the interacting software components similar to a firewall, passing only messages that are allowed by the policies in effect. This filtering approach decouples coordination and control from application implementation, allowing the coordination and control mechanism and application implementations to evolve independently of each other. We demonstrate the power of our framework by using it to specify and enforce an RBAC policy with delegation, revocation, and separation-of-duty over accesses to a cluster of NFS and SMB file servers without changing any client or server implementations. Measurements show that our framework imposes acceptable overheads when enforcing this policy.

Ankur Shukla,Basel Katt,Livinus Obiora Nweke,Prosper Kandabongee Yeng,Goitom Kahsay Weldehawaryat

DOI: https://doi.org/10.1016/j.cosrev.2022.100496

2022-07-29

Abstract:System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber-physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.

Cryptography and Security,Software Engineering

Clark Thomborson

DOI: https://doi.org/10.1007/978-3-642-13869-0_26

2010-01-01

Abstract:Academic discourse on trust is fractured along disciplinary lines Security theorists routinely use a definition of trust which, apparently, has little in common with any of the definitions of trust that, appear in the sociological and psychological literature In tins essay, we extend a recently-proposed framework for the technical analysis of secure systems, so that, its notion of trust is roughly congruent. with the sociological theories of Parsons, Luhmann, Barber, Lewis and Weigert This congruent extension suggests some ways in which a computerised System might, appropriately, inspire trust in its non-technical users

Sean Weerakkody,Bruno Sinopoli,Soummya Kar,Anupam Datta

DOI: https://doi.org/10.48550/arXiv.1603.05710

2016-03-18

Abstract:This paper considers the development of information flow analyses to support resilient design and active detection of adversaries in cyber physical systems (CPS). The area of CPS security, though well studied, suffers from fragmentation. In this paper, we consider control systems as an abstraction of CPS. Here, we extend the notion of information flow analysis, a well established set of methods developed in software security, to obtain a unified framework that captures and extends system theoretic results in control system security. In particular, we propose the Kullback Liebler (KL) divergence as a causal measure of information flow, which quantifies the effect of adversarial inputs on sensor outputs. We show that the proposed measure characterizes the resilience of control systems to specific attack strategies by relating the KL divergence to optimal detection techniques. We then relate information flows to stealthy attack scenarios where an adversary can bypass detection. Finally, this article examines active detection mechanisms where a defender intelligently manipulates control inputs or the system itself in order to elicit information flows from an attacker's malicious behavior. In all previous cases, we demonstrate an ability to investigate and extend existing results by utilizing the proposed information flow analyses.

Systems and Control

Mukund Bhole,Wolfgang Kastner,Thilo Sauter

DOI: https://doi.org/10.1109/ETFA52439.2022.9921549

2023-06-22

Abstract:Todays industrial control systems consist of tightly coupled components allowing adversaries to exploit security attack surfaces from the information technology side, and, thus, also get access to automation devices residing at the operational technology level to compromise their safety functions. To identify these concerns, we propose a model-based testing approach which we consider a promising way to analyze the safety and security behavior of a system under test providing means to protect its components and to increase the quality and efficiency of the overall system. The structure of the underlying framework is divided into four parts, according to the critical factors in testing of operational technology environments. As a first step, this paper describes the ingredients of the envisioned framework. A system model allows to overview possible attack surfaces, while the foundations of testing and the recommendation of mitigation strategies will be based on process-specific safety and security standard procedures with the combination of existing vulnerability databases.

Software Engineering,Systems and Control

W. Alec Cram,Jeffrey G. Proudfoot,John D’Arcy

DOI: https://doi.org/10.1057/s41303-017-0059-9

2017-11-01

European Journal of Information Systems

Abstract:A major stream of research within the field of information systems security examines the use of organizational policies that specify how users of information and technology resources should behave in order to prevent, detect, and respond to security incidents. However, this growing (and at times, conflicting) body of research has made it challenging for researchers and practitioners to comprehend the current state of knowledge on the formation, implementation, and effectiveness of security policies in organizations. Accordingly, the purpose of this paper is to synthesize what we know and what remains to be learned about organizational information security policies, with an eye toward a holistic understanding of this research stream and the identification of promising paths for future study. We review 114 influential security policy-related journal articles and identify five core relationships examined in the literature. Based on these relationships, we outline a research framework that synthesizes the construct linkages within the current literature. Building on our analysis of these results, we identify a series of gaps and draw on additional theoretical perspectives to propose a revised framework that can be used as a basis for future research.

information science & library science,management,computer science, information systems

Cataldo Basile,Gabriele Gatti,Francesco Settanni

2024-05-06

Abstract:Enforcing security requirements in networked information systems relies on security controls to mitigate the risks from increasingly dangerous threats. Configuring security controls is challenging; even nowadays, administrators must perform it without adequate tool support. Hence, this process is plagued by errors that translate to insecure postures, security incidents, and a lack of promptness in answering threats. This paper presents the Security Capability Model (SCM), a formal model that abstracts the features that security controls offer for enforcing security policies, which includes an Information Model that depicts the basic concepts related to rules (i.e., conditions, actions, events) and policies (i.e., conditions' evaluation, resolution strategies, default actions), and a Data Model that covers the capabilities needed to describe different types of filtering and channel protection controls. Following state-of-the-art design patterns, the model allows for generating abstract versions of the security controls' languages and a model-driven approach for translating abstract policies into device-specific configuration settings. By validating its effectiveness in real-world scenarios, we show that SCM enables the automation of different and complex security tasks, i.e., accurate and granular security control comparison, policy refinement, and incident response. Lastly, we present opportunities for extensions and integration with other frameworks and models.

Cryptography and Security

William Knowles,Daniel Prince,David Hutchison,Jules Ferdinand Pagna Disso,Kevin Jones

DOI: https://doi.org/10.1016/j.ijcip.2015.02.002

IF: 3.683

2015-06-01

International Journal of Critical Infrastructure Protection

Abstract:Contemporary industrial control systems no longer operate in isolation, but use other networks (e.g., corporate networks and the Internet) to facilitate and improve business processes. The consequence of this development is the increased exposure to cyber threats. This paper surveys the latest methodologies and research for measuring and managing this risk. A dearth of industrial-control-system-specific security metrics has been identified as a barrier to implementing these methodologies. Consequently, an agenda for future research on industrial control system security metrics is outlined. The “functional assurance” concept is also introduced to deal with fail-safe and fail-secure industrial control system operations.

engineering, multidisciplinary,computer science, information systems

Jie Liu,Johan Eker,Xiaojun Liu,John Reekie,Edward A. Lee

2002-01-01

Abstract:Complex control systems are heterogeneous, in the sense of discrete computer-based controllers interacting with continuous physical plants, regular data sampling interleaving with usually irregular communication and user interaction, and multilayer and multimode control laws. This heterogeneity imposes great challenges for control system design technologies in terms of end-to-end control performance modeling and simulation, traceable refinements from algorithms to software/hardware implementation, and component reuse. This paper presents an actor-oriented design methodology that tames these issues by separating the data-centric computational components (a.k.a. actors) and the control-flow-centric scheduling and activation mechanisms (a.k.a. frameworks). The underlying principle of frameworks is to use formal models of computation to manage the interactions among actors. Semantically different frameworks can be composed hierarchically to manage heterogeneity, improve understandability, and achieve actor and framework reusability. This methodology is implemented through the Ptolemy II software environment. As an example, the methodology and the Ptolemy II software have been applied to the design of a pendulum inversion and stabilization system.

Dr. Brijender Kahanwal,Dr. Tejinder Pal Singh

DOI: https://doi.org/10.48550/arXiv.1312.1460

2013-12-05

Cryptography and Security

Abstract:Todays modern society is extremely dependent on computer based information systems. Many of the organizations would simply not be able to function properly without services provided by these systems, just like financing organizations. Although interruption might decrease the efficiency of an organization, theft or unintentional disclosure of entrusted private data could have more serious consequences, such as legal actions as well as loss of business due to lack of trust from potential users. This dependence on information systems has lead to a need for securing these systems and this in turn has created a need for knowing how secure they are. The introduction of the information society has changed how people interact with government agencies. Government agencies are now encouraged to uphold a 24-hour electronic service to the citizens. The introduction of government services on the Internet is meant to facilitate communication with agencies, decrease service times and to lessen the amount of papers that needs to be processed. The increased connectivity to the Internet results in a rising demand for information security in these systems. In this article, we have discussed about many file data breaches in the past and current history and they are going to increase day by day as the reports by DataLossDB (Open Security Foundation) organization, a non-profit organization in US.