lnu.sePublikationer
Ändra sökning
Länk till posten
Permanent länk

Direktlänk
Publikationer (10 of 38) Visa alla publikationer
Khakpour, N. & Skandylas, C. (2024). Compositional Security Analysis of Dynamic Component-based Systems. In: ASE '24: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering. Paper presented at 39th IEEE/ACM International Conference on Automated Software Engineering (ASE 2024) (pp. 1232-1244). ACM Press
Öppna denna publikation i ny flik eller fönster >>Compositional Security Analysis of Dynamic Component-based Systems
2024 (Engelska)Ingår i: ASE '24: Proceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering, ACM Press, 2024, s. 1232-1244Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

To reason about and enforce security in dynamic software systems, automated analysis and verification approaches are required. However, such approaches often encounter scalability issues, particularly when employed for runtime analysis, which is necessary in software systems with dynamically changing architectures, such as self-adaptive systems. In this work, we propose an automated formal approach for security analysis of component-based systems with dynamic architectures. This approach leverages formal abstraction and incremental analysis techniques to reduce the complexity of runtime analysis. We have implemented and evaluated our approach against ZNN, a widely known self-adaptive system exemplar. Our experimental results demonstrate the effectiveness of our approach in addressing scalability issues.

Ort, förlag, år, upplaga, sidor
ACM Press, 2024
Nyckelord
Security Analysis, Model Checking, Runtime Security
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Data- och informationsvetenskap, Datavetenskap
Identifikatorer
urn:nbn:se:lnu:diva-121775 (URN)
Konferens
39th IEEE/ACM International Conference on Automated Software Engineering (ASE 2024)
Tillgänglig från: 2023-06-13 Skapad: 2023-06-13 Senast uppdaterad: 2025-01-21Bibliografiskt granskad
Berthier, N. & Khakpour, N. (2023). Symbolic Abstract Heaps for Polymorphic Information-Flow Guard Inference. In: Dragoi, C., Emmi, M., Wang, J. (Ed.), Verification, Model Checking, and Abstract Interpretation. VMCAI 2023.: . Paper presented at 24th International Conference on Verification, Model Checking, and Abstract Interpretation, VMCAI 2023; Conference date: 16 January 2023 through 17 January 2023; (pp. 66-90). Springer, 13881 LNCS
Öppna denna publikation i ny flik eller fönster >>Symbolic Abstract Heaps for Polymorphic Information-Flow Guard Inference
2023 (Engelska)Ingår i: Verification, Model Checking, and Abstract Interpretation. VMCAI 2023. / [ed] Dragoi, C., Emmi, M., Wang, J., Springer, 2023, Vol. 13881 LNCS, s. 66-90Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

In the realm of sound object-oriented program analyses for information-flow control, very few approaches adopt flow-sensitive abstractions of the heap that enable a precise modeling of implicit flows. To tackle this challenge, we advance a new symbolic abstraction approach for modeling the heap in Java-like programs. We use a store-less representation that is parameterized with a family of relations among references to offer various levels of precision based on user preferences. This enables us to automatically infer polymorphic information-flow guards for methods via a co-reachability analysis of a symbolic finite-state system. We instantiate the heap abstraction with three different families of relations. We prove the soundness of our approach and compare the precision and scalability obtained with each instantiated heap domain by using the IFSpec benchmarks and real-life applications.

Ort, förlag, år, upplaga, sidor
Springer, 2023
Serie
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 13881
Nyckelord
Abstracting, Computer software, Object oriented programming, Flow sensitive, Information flow control, Information flows, Java-like programs, Object-oriented program, Parameterized, Precise modeling, Program analysis, Reachability analysis, User’s preferences, Benchmarking
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Data- och informationsvetenskap, Datavetenskap
Identifikatorer
urn:nbn:se:lnu:diva-123724 (URN)10.1007/978-3-031-24950-1_4 (DOI)2-s2.0-85148694768 (Scopus ID)9783031249495 (ISBN)9783031249501 (ISBN)
Konferens
24th International Conference on Verification, Model Checking, and Abstract Interpretation, VMCAI 2023; Conference date: 16 January 2023 through 17 January 2023;
Tillgänglig från: 2023-08-15 Skapad: 2023-08-15 Senast uppdaterad: 2023-09-07Bibliografiskt granskad
Skandylas, C., Khakpour, N. & Cámara, J. (2022). Security Countermeasure Selection for Component-Based Software-Intensive Systems. In: 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS), Guangzhou, China, 2022: . Paper presented at 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS), Guangzhou, China, December 5 -9, 2022 (pp. 63-72). IEEE
Öppna denna publikation i ny flik eller fönster >>Security Countermeasure Selection for Component-Based Software-Intensive Systems
2022 (Engelska)Ingår i: 2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS), Guangzhou, China, 2022, IEEE, 2022, s. 63-72Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Given the increasing complexity of software-intensive systems as well as the sophistication and high frequencyof cyber-attacks, automated and sound approaches to select countermeasures are required to effectively protect softwaresystems. In this paper, we propose a formal architecture-centered approach to analyze the security of a software-intensive component-based system to find cost-efficient countermeasuresthat consider both the system architecture and its behavior. We evaluate our approach by applying it on a case study.

Ort, förlag, år, upplaga, sidor
IEEE, 2022
Serie
IEEE International Conference on Software Quality, Reliability and Security, E-ISSN 2693-9177
Nyckelord
Security Analysis, Countermeasure Selection, Software-Intensive Systems, Component-based Systems, Formal Methods
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Data- och informationsvetenskap, Datavetenskap
Identifikatorer
urn:nbn:se:lnu:diva-121774 (URN)10.1109/QRS57517.2022.00017 (DOI)2-s2.0-85151426531 (Scopus ID)9781665477048 (ISBN)
Konferens
2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS), Guangzhou, China, December 5 -9, 2022
Tillgänglig från: 2023-06-13 Skapad: 2023-06-13 Senast uppdaterad: 2023-06-14Bibliografiskt granskad
Khakpour, N. (2021). A Field-Sensitive Security Monitor for Object-Oriented Programs. Computers & security (Print), 108, Article ID 102349.
Öppna denna publikation i ny flik eller fönster >>A Field-Sensitive Security Monitor for Object-Oriented Programs
2021 (Engelska)Ingår i: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 108, artikel-id 102349Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

In this paper, we propose a sound method to synthesize a permissive monitor using boolean supervisory controller synthesis that observes a Java program at certain checkpoints, predicts information flow violations and applies suitable countermeasures to prevent violations. We introduce an approach for modeling heap and information flow via heap. To improve permissiveness, we train the monitor and remove false positives by executing the program along with its executable model. If a security violation is detected, the user can define sound countermeasures, including declassification to apply in checkpoints. We prove that the monitored program ensures localized delimited release in case of declassifying information and termination-insensitive noninterference in case of no declassification. We implement a tool to automate the whole process and generate a monitor. Our method is evaluated by applying it on the Droidbench benchmark and one real-life Android application.

Ort, förlag, år, upplaga, sidor
Elsevier, 2021
Nyckelord
Language-based security, Information flow control, Controller synthesis, Heap modeling
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Data- och informationsvetenskap, Datavetenskap
Identifikatorer
urn:nbn:se:lnu:diva-103731 (URN)10.1016/j.cose.2021.102349 (DOI)000677639500014 ()2-s2.0-85109189036 (Scopus ID)2021 (Lokalt ID)2021 (Arkivnummer)2021 (OAI)
Projekt
PROSSES
Tillgänglig från: 2021-05-28 Skapad: 2021-05-28 Senast uppdaterad: 2022-05-20Bibliografiskt granskad
Talcott, C., Ananieva, S., Bae, K., Combemale, B., Heinrich, R., Hills, M., . . . Vangheluwe, H. (2021). Composition of Languages, Models, and Analyses. In: Heinrich, R., Durán, F., Talcott, C., Zschaler, S. (Ed.), Composing Model-Based Analysis Tools: (pp. 45-70). Springer
Öppna denna publikation i ny flik eller fönster >>Composition of Languages, Models, and Analyses
Visa övriga...
2021 (Engelska)Ingår i: Composing Model-Based Analysis Tools / [ed] Heinrich, R., Durán, F., Talcott, C., Zschaler, S., Springer, 2021, s. 45-70Kapitel i bok, del av antologi (Refereegranskat)
Abstract [en]

This chapter targets a better understanding of the compositionality of analyses, including different forms of compositionality and specific conditions of composition. Analysis involves models, contexts, and properties. These are all expressed in languages with their own semantics. For a successful composition of analyses, it is therefore important to compose models as well as the underlying languages. We aim to develop a better understanding of what is needed to answer questions such as “When I want to compose two or more analyses, what do I need to take into account?” We describe the elements impacting analysis compositionality, the relation of these elements to analysis, and how composition of analysis relates to compositionality of these elements.

This core chapter addresses Challenge 1 introduced in Chap. 3 of this book (the theoretical foundations—how to compose the underlying languages, models, and analyses).

Ort, förlag, år, upplaga, sidor
Springer, 2021
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Data- och informationsvetenskap
Identifikatorer
urn:nbn:se:lnu:diva-127090 (URN)10.1007/978-3-030-81915-6_4 (DOI)9783030819149 (ISBN)9783030819156 (ISBN)
Tillgänglig från: 2024-01-24 Skapad: 2024-01-24 Senast uppdaterad: 2024-02-06Bibliografiskt granskad
Skandylas, C. & Khakpour, N. (2021). Design and Implementation of Self-Protecting Systems: A Formal Approach. Future Generation Computer Systems, 115, 421-437
Öppna denna publikation i ny flik eller fönster >>Design and Implementation of Self-Protecting Systems: A Formal Approach
2021 (Engelska)Ingår i: Future Generation Computer Systems, ISSN 0167-739X, E-ISSN 1872-7115, Vol. 115, s. 421-437Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

As threats to computer security become more common, complex and frequent, systems that canautomatically protect themselves from attacks are imminently needed. In this paper, we proposea formal approach to achieve self-protection by performing security analysis on self-adaptive systems, taking the adaptation process into account. We use probabilistic model checking to quantitatively analyze adaptation security, rank the strategies available and select the most secure one to apply in the system. We have incorporated our approach in Rainbow which is a framework to develop architecture-based self-adaptive systems.To evaluate our approach's effectiveness, we applied it on two  case studies: a simple document storage system and ZNN, a well known self-adaptive exemplar. The results show that applying our approachcan guarantee a reasonable degree of security, both during and after adaptation.

Ort, förlag, år, upplaga, sidor
Elsevier, 2021
Nyckelord
Self-Protection, Self-Adaptive Systems, Formal Security Analysis, Model Checking, Adaptive Security
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Data- och informationsvetenskap, Datavetenskap
Identifikatorer
urn:nbn:se:lnu:diva-98075 (URN)10.1016/j.future.2020.09.005 (DOI)000591438900011 ()2-s2.0-85092115590 (Scopus ID)
Projekt
PROSSES
Forskningsfinansiär
KK-stiftelsen
Tillgänglig från: 2020-09-16 Skapad: 2020-09-16 Senast uppdaterad: 2024-09-04Bibliografiskt granskad
Talcott, C., Ananieva, S., Bae, K., Combemale, B., Heinrich, R., Hills, M., . . . Zschaler, S. (2021). Foundations. In: Heinrich, R., Durán, F., Talcott, C., Zschaler, S. (Ed.), Composing Model-Based Analysis Tools: (pp. 9-37). Springer
Öppna denna publikation i ny flik eller fönster >>Foundations
Visa övriga...
2021 (Engelska)Ingår i: Composing Model-Based Analysis Tools / [ed] Heinrich, R., Durán, F., Talcott, C., Zschaler, S., Springer, 2021, s. 9-37Kapitel i bok, del av antologi (Refereegranskat)
Abstract [en]

This chapter gives an introduction to the key concepts and terminology relevant for model-based analysis tools and their composition. In the first half of the chapter, we introduce concepts relevant for modelling and composition of models and modelling languages. The second half of the chapter then focuses on concepts relevant to analysis and analysis composition. This chapter, thus, lays the foundations for the remainder of the book, ensuring that readers can go through the book as a coherent piece.

Ort, förlag, år, upplaga, sidor
Springer, 2021
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Data- och informationsvetenskap
Identifikatorer
urn:nbn:se:lnu:diva-127089 (URN)10.1007/978-3-030-81915-6_2 (DOI)9783030819149 (ISBN)9783030819156 (ISBN)
Tillgänglig från: 2024-01-24 Skapad: 2024-01-24 Senast uppdaterad: 2024-02-06Bibliografiskt granskad
Skandylas, C., Zhou, L., Khakpour, N. & Roe, S. (2021). Security Risk Analysis of Multi-Stage Attacks Based on Data Criticality. In: The 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021), June 3th, 2021: . Paper presented at The 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021), June 3th, 2021, Madrid (pp. 13-20). IEEE
Öppna denna publikation i ny flik eller fönster >>Security Risk Analysis of Multi-Stage Attacks Based on Data Criticality
2021 (Engelska)Ingår i: The 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021), June 3th, 2021, IEEE, 2021, s. 13-20Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

In recent years, it has become more challenging for organizations to assess the security risks of their assets properly, as more vulnerabilities are discovered, exploited, and weaponized. Further, attackers usually use complex multi-stage attack strategies to compromise a system and achieve their goals by exploiting several vulnerabilities.The number of affected assets and the strategy used to create the compromises by the threat actor will often dictate the costs and damages to the organization.When performing risk analysis, in addition to existing vulnerabilities, it is important, but often neglected, to consider the criticality of the data residing in the vulnerable asset. However, graphical threat modeling techniques often do not offer suitable toolsfor this type of analysis.In this paper, we propose a class of security risk metrics to estimate the cost of an attack that considers the criticality of data in addition to the dependencies among vulnerabilities. Our metrics are based on graphical modeling techniques in which we incorporate data criticality. We applied our approach to a real-life case study and obtained promising results.

Ort, förlag, år, upplaga, sidor
IEEE, 2021
Nyckelord
Data Criticality, Security Analysis, Security Metrics, Graphical Threat Modeling
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Data- och informationsvetenskap, Datavetenskap
Identifikatorer
urn:nbn:se:lnu:diva-103734 (URN)10.1109/EnCyCriS52570.2021.00010 (DOI)000863013000003 ()2-s2.0-85113866854 (Scopus ID)9781665445535 (ISBN)9781665445542 (ISBN)
Konferens
The 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021), June 3th, 2021, Madrid
Tillgänglig från: 2021-05-28 Skapad: 2021-05-28 Senast uppdaterad: 2024-08-28Bibliografiskt granskad
Skandylas, C., Khakpour, N. & Andersson, J. (2020). Adaptive Trust-Aware Decentralized Information Flow Control. In: Esam El-Araby, Sven Tomforde, Timothy Wood, Pradeep Kumar, Claudia Raibulet, Ioan Petri, Gabriele Valentini, Phyllis Nelson, Barry Porter (Ed.), 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS): Virtual Conference 17-21 August 2020. Paper presented at 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS), Virtual Conference 17-21 August 2020 (pp. 92-101). IEEE
Öppna denna publikation i ny flik eller fönster >>Adaptive Trust-Aware Decentralized Information Flow Control
2020 (Engelska)Ingår i: 2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS): Virtual Conference 17-21 August 2020 / [ed] Esam El-Araby, Sven Tomforde, Timothy Wood, Pradeep Kumar, Claudia Raibulet, Ioan Petri, Gabriele Valentini, Phyllis Nelson, Barry Porter, IEEE, 2020, s. 92-101Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Modern software systems are decentralized, distributed, and dynamic, and consequently, require decentralized mechanisms to enforce security. In this paper, we propose an adaptive approach using a combination of decentralized information flow control (DIFC) mechanisms, trust-based methods and decentralized control architectures to enforce security in open distributed systems. In our approach, adaptivity mitigates two aspects of the system dynamics that cause uncertainty: the ever-changing nature of trust and system openness. We formalize our trust-aware DIFC model and instantiate two decentralized control architectures to implement and evaluate it. We evaluate the effectiveness and performance of our method and decentralized control architectures on two case studies.

Ort, förlag, år, upplaga, sidor
IEEE, 2020
Nyckelord
Adaptive Security, Decentralized Information Flow Control, Adaptive Trust, Decentralized Feedback Loop
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Data- och informationsvetenskap, Datavetenskap
Identifikatorer
urn:nbn:se:lnu:diva-98074 (URN)10.1109/ACSOS49614.2020.00030 (DOI)000719369400011 ()2-s2.0-85092697845 (Scopus ID)978-1-7281-7278-1 (ISBN)978-1-7281-7277-4 (ISBN)
Konferens
2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems (ACSOS), Virtual Conference 17-21 August 2020
Projekt
PROSSES
Forskningsfinansiär
KK-stiftelsen
Tillgänglig från: 2020-09-16 Skapad: 2020-09-16 Senast uppdaterad: 2024-08-28Bibliografiskt granskad
Skandylas, C., Khakpour, N. & Andersson, J. (2020). AT-DIFC +: Toward Adaptive and Trust-Aware Decentralized Information Flow Control. ACM Transactions on Autonomous and Adaptive Systems, 15(4), Article ID 13.
Öppna denna publikation i ny flik eller fönster >>AT-DIFC +: Toward Adaptive and Trust-Aware Decentralized Information Flow Control
2020 (Engelska)Ingår i: ACM Transactions on Autonomous and Adaptive Systems, ISSN 1556-4665, E-ISSN 1556-4703, Vol. 15, nr 4, artikel-id 13Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Modern software systems and their corresponding architectures are increasingly decentralized, distributed, and dynamic. As a consequence, decentralized mechanisms are required to ensure security in such architectures. Decentralized Information Flow Control (DIFC) is a mechanism to control information flow in distributed systems. This article presents and discusses several improvements to an adaptive decentralized information flow approach that incorporates trust for decentralized systems to provide security. Adaptive Trust-Aware Decentralized Information Flow (AT-DIFC+) combines decentralized information flow control mechanisms, trust-based methods, and decentralized control architectures to control and enforce information flow in an open, decentralized system. We strengthen our approach against newly discovered attacks and provide additional information about its reconfiguration, decentralized control architectures, and reference implementation. We evaluate the effectiveness and performance of AT-DIFC+ on two case studies and perform additional experiments and to gauge the mitigations’ effectiveness against the identified attacks.

Ort, förlag, år, upplaga, sidor
ACM Press, 2020
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Data- och informationsvetenskap, Datavetenskap
Identifikatorer
urn:nbn:se:lnu:diva-108706 (URN)10.1145/3487292 (DOI)000807171600005 ()2-s2.0-85142035502 (Scopus ID)
Projekt
PROSSESERES
Tillgänglig från: 2021-12-21 Skapad: 2021-12-21 Senast uppdaterad: 2024-08-28Bibliografiskt granskad
Organisationer
Identifikatorer
ORCID-id: ORCID iD iconorcid.org/0000-0002-0377-5595

Sök vidare i DiVA

Visa alla publikationer