Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Component Composition for Personal Ubiquitous Computing Project Overview and Potential Techniques —————— 16 th May 2003 —————— David Llewellyn-Jones.

Published byMae Mason Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Component Composition for Personal Ubiquitous Computing Project Overview and Potential Techniques —————— 16 th May 2003 —————— David Llewellyn-Jones."— Presentation transcript:

1 Secure Component Composition for Personal Ubiquitous Computing Project Overview and Potential Techniques —————— 16 th May 2003 —————— David Llewellyn-Jones Bob Askwith Qi Shi Madjid Merabti http://www.cms.livjm.ac.uk/PUCsec/

2 Aims of the project Concerning security in a given setting Privacy/confidentiality Integrity and authentication Access control Non-repudiation QoS – not tackled

3 Aims of the project – the setting Networked Many appliances networked together. Non-uniform Appliances may vary greatly in terms of power, user interface and intended use. Mobile Devices will be mobile. Code may be mobile in the form of mobile agents. Componentised Software services built from multiple smaller components.

4 Aims of the project – challenges Maintain security Total security will not be achievable, but the framework should provide a reasonable and adaptable level. Maintain usability The security protection should be transparent to the user. Incorporate extendibility The framework must be extensible

5 Network setting Internet

6 Current techniques General Certification Secure protocols Cryptography etc.. All well developed techniques with real-world implementations

7 Current techniques More specific Model checking/verification Component composition Flow control/analysis Wrappers/white-box techniques

8 Using the techniques – a framework The framework for applying these techniques might involve a process along the following lines: Certificates checked Code analysis Initial properties establishes Composition analysis secure wrapper execution C 1. C 2. C 3 C1C1 C2C2 C3C3 Dynamic re-evaluation Full certificates

9 Model checking/verification An automated method for checking that a program satisfies its specification. Most often used in safety critical systems. Requires a lot of computing power even when checking relatively small programs: time consuming and expensive. Applies to finite state systems. Has the potential to allow automated verification of security properties without requiring any user intervention.

10 Model checking – process overview Three stages to model checking: Modelling Specification Verification ModellingSpecificationVerification

11 Modelling Converts a program in to a form suitable for analysis by a model checker. Program execution viewed as a series of states: memory snapshots. The program design dictates flow from one state to another. Information about states and flow are encoded in to a Kripke diagram. Modelling SpecificationVerification

12 Kripke diagrams A simple example: inta = 2; a += 5; Modelling SpecificationVerification S1S1 S2S2 S1S1 S2S2 a = 2 a = 7

13 Kripke diagrams Unravelling loops: inta = 2; boolkey = false; do { a = 7; key = (getchar () == ‘c’); } while !key; a = 0; S1S1 S 2 / S 3 S4S4 a = 7 key = true a = 7 key = false a = 2 key = false a = 0 key = true S2S2 S3S3 S4S4 S1S1 Modelling SpecificationVerification

14 Kripke diagrams Unravelling loops S2S2 S3S3 S4S4 S1S1 Modelling SpecificationVerification

15 Kripke diagrams Unravelling loops S2S2 S3S3 S4S4 S1S1 Modelling SpecificationVerification S4S4 S3S3 S4S4 S2S2 S3S3 S4S4 S3S3 S2S2 S3S3 S4S4 S1S1 S2S2

16 Specification Which properties must be satisfied by the program? In our case security properties Modelling Specification Verification Example CTL* formula “If a file gets set as Private it will not have Send applied to it at a later date” A specification consists of a collection of such formulae

17 Verification This part involves the ‘serious’ computation. Tests every sequence of potential states (called a trace) against the specification. Because of looping, some traces will be of infinite length, so how can we check these? ModellingSpecification Verification

18 Checking infinite traces ModellingSpecification Verification Although some traces will have potentially infinite length, there are only finitely many possible states. So an infinite trace must take the form: For example:

19 Problems with verification ModellingSpecification Verification Only applies to finite state systems For CTL*, time needed for model checking is Although this is linear in the size of the model, this makes it potentially exponential in the number of variables

20 Component Composition Component composition can be considered in many ways. In our case, it will be the connection of inputs/outputs of one component to the inputs/outputs of further components. Not all properties are preserved across this process of composition.

21 Component Composition Example of property not preserved by composition: “In a single session the component will access either files, or the network, but not both.” In general properties will be strict technical mathematically formulated

22 Composition properties BSD – Backward Strict Deletion BSI – Backward Strict Insertion

23 Resolving timing difficulties When combining components, it is essential to consider the security aspects. However, it can also be beneficial. Model checking an entire program will take time exponential to the number of states. However, when split in to components, this can be improved substantially.

24 Composition results “Under given circumstances” the following hold There are practical problems with this Composed property is as weak as the weakest component Can only use components satisfying strict security properties

25 Components with mixed properties Weaker components can have their security properties improved by the strength of the stronger ones. Example: If all data must satisfy some property, such as being signed, then in this configuration only C 2 needs to satisfy the requirement. C1C1 C2C2 OUT IN OUT

26 Current techniques More specific Model checking/verification Component composition Flow control/analysis Wrappers/white-box techniques

Download ppt "Secure Component Composition for Personal Ubiquitous Computing Project Overview and Potential Techniques —————— 16 th May 2003 —————— David Llewellyn-Jones."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Verification and Validation

Verification and Validation
Presentation by Prabhjot Singh

Presentation by Prabhjot Singh
A mobile single sign-on system Master thesis 2006 Mats Byfuglien.

A mobile single sign-on system Master thesis 2006 Mats Byfuglien.
A Survey of Runtime Verification Jonathan Amir 2004.

A Survey of Runtime Verification Jonathan Amir 2004.
Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.

Metodi formali dello sviluppo software a.a.2013/2014 Prof.Anna Labella.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 24 Slide 1 Critical Systems Validation 2.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Secure Component Composition for Personal Ubiquitous Computing Project Summary —————— 21 st April 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi.

Secure Component Composition for Personal Ubiquitous Computing Project Summary —————— 21 st April 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi.
Lab/Sessional -CSE-374. SYSTEM DEVELOPMENT LIFE CYCLE.

Lab/Sessional -CSE-374. SYSTEM DEVELOPMENT LIFE CYCLE.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Overview of the Multos construction process Chad R. Meiners.

Overview of the Multos construction process Chad R. Meiners.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.

Similar presentations

Ads by Google