fault tree represent at ion of securit y requirement s 0
play

Fault Tree Represent at ion of Securit y Requirement s 0 Work in - PowerPoint PPT Presentation

Jul 16, 2023 •375 likes •618 views

Fault Tree Represent at ion of Securit y Requirement s 0 Work in progress Work in progress One Picture is Worth a Thousand Words Couple Dozen Connectives I liano Cer vesat o iliano@itd.nrl.navy.mil I TT I ndust r ies, inc @ NRL Washingt

  1. Fault Tree Represent at ion of Securit y Requirement s 0

  2. Work in progress Work in progress One Picture is Worth a Thousand Words Couple Dozen Connectives I liano Cer vesat o iliano@itd.nrl.navy.mil I TT I ndust r ies, inc @ NRL Washingt on, DC ht t p:/ / t heory.st anf ord.edu/ ~iliano Joint work with Cathy Meadows UMBC meeting Baltimore, MD October 1-2, 2003

  3. How this work came about Analysis of GDOI group prot ocol ! Requir ement s expressed in NP ATRL " Novel gr oup pr oper t ies " Medium size specif icat ions – Dozen oper at ors " Lot s of f ine-t uning ! Dif f icult t o read and shar e specs. ! I nf ormal use of f ault t rees " I nt uit ive visualizat ion medium " Became f avor ed language ! For mal r elat ion wit h NPATRL Fault Tree Represent at ion of Securit y Requirement s 2

  4. Security Requirements Describe what a prot ocol should do • Ver if ied by ! Model checking ! Mat hemat ical pr oof ! Pat t er n-mat ching (in some cases) • Expr essed ! I nf or mally ! Semi-f or mally ! For mal language • Adequat e f or t oy pr ot ocols BUT, do not scale t o r eal prot ocols Fault Tree Represent at ion of Securit y Requirement s 3

  5. Example: Kerberos 5 [CSFW’02] • Semi-f ormal ! But ver y pr ecise • Bulky and unint uit ive ! Requir es sever al r eadings t o gr asp Fault Tree Represent at ion of Securit y Requirement s 4

  6. Example: GDOI [CCS’01] • Formal ! NPATRL pr ot ocol spec. language • Ok f or a comput er • Bulky and unint uit ive f or humans ! About 20 oper at or s Fault Tree Represent at ion of Securit y Requirement s 5

  7. Example: Authentication [Lowe, CSFW’97] • I nf ormal ! Made pr ecise as CSP expr essions • Simple, but … ! … many ver y similar def init ions Fault Tree Represent at ion of Securit y Requirement s 6

  8. The Problem • Desired propert ies are dif f icult t o ! Phrase & get right ! Explain & underst and ! Modif y & keep right • Examples ! Endless back and f ort h on GDOI " Ar e specs. r ight now? ! K5 propert ies read over and over Fault Tree Represent at ion of Securit y Requirement s 7

  9. Dealing with Textual Complexity • HCI response: graphical present at ion • Our approach: Dependence Trees ! Re-int erpret at ion of f ault t rees ! 2D represent at ion of NPATRL ! I nt uit ive f or medium size specs. Fault Tree Represent at ion of Securit y Requirement s 8

  10. Example: Kerberos 5 • Excises t he gist of t he t heor em • Highlight s dependencies • Fair ly int uit ive ! … in a minut e … Fault Tree Represent at ion of Securit y Requirement s 9

  11. Example: GDOI • I somor phic t o NP ATRL specif icat ions • Much mor e int uit ive ! … in a minut e … Fault Tree Represent at ion of Securit y Requirement s 10

  12. Example: Authentication • Formalize def init ions • Easy t o compare … ! … and r emember … Fault Tree Represent at ion of Securit y Requirement s 11

  13. Rest of this Talk • Logic f or prot ocol specs ! NPATRL Logic ! NRL Prot ocol Analyzer f ragment ! Model checking • Precedence t rees ! Fault t rees ! NPATRL semant ics • Analysis of an example • Fut ure Work Fault Tree Represent at ion of Securit y Requirement s 12

  14. NPATRL • Formal language f or prot ocol requirement s ! Simple t empor al logic • Designed f or NRL Prot ocol Analyzer ! Simplif y input of pr ot ocol specs " Sequences of event s t hat should not occur ! Applies beyond NP A • Used f or many prot ocols ! SET, GDOI , … Fault Tree Represent at ion of Securit y Requirement s 13

  15. NPATRL Logic • Event s init iat or _accept _key( A, (B,S), (K AB ,n A ), N) name round act uat or ot her agent s t erms • Classical connect ives: ∧ , ∨ , ¬ , … • “Previously”: # ( ) init iat or _accept _key(A, (B,S), (K AB ,n A ), N) ⇒ # server _sent _key(S, (A,B), (K AB ), _) Fault Tree Represent at ion of Securit y Requirement s 14

  16. NPA Fragment NPA uses a small f ragment of NPATRL R ::= a ⇒ F F ::= E | ¬ E | F 1 ∧ F 2 | F 1 ∨ F 2 E ::= # a | # (a ∧ F) • Ef f icient model checking Fault Tree Represent at ion of Securit y Requirement s 15

  17. Fault Trees • Saf et y analysis of syst em design ! Root is a f ailure sit uat ion " Ext ended t o behavior descr ipt ions ! I nner nodes ar e condit ions enabling f ault " Event s " Combinat or s (logical gat es) canBoard • Example ! A passenger needs a t icket and a phot o I D hasTicket hasI D t o boar d a plane, but should not carr y a weapon carriesWeapon Fault Tree Represent at ion of Securit y Requirement s 16

  18. R ::= a ⇒ F F ::= E | ¬ E | F 1 ∧ F 2 | F 1 ∨ F 2 Precedence Trees E ::= # a | # (a ∧ F) • Fault t ree represent at ion of NPATRL NPA ! I somor phism a a R ::= E ::= a F F F ::= E E F 1 F 2 F 1 F 2 Fault Tree Represent at ion of Securit y Requirement s 17

  19. “Recency Freshness” in GDOI if a member accept s a key f r om t he cont r oller in a pr ot ocol r un, no newer key should have been dist r ibut ed pr ior t o t he mem- ber ' s r equest member_accept _key(M,G,(K GM ,K old ),N) ⇒ # gcks_loseparwisekey(G,(),(M,K GM ),_) ∨ ¬ ( # ( member_request key(M,G,(),N) ∧ # gcks_creat ekey(G,(),K new ,K old ),_))) Fault Tree Represent at ion of Securit y Requirement s 18

  20. “Sequential Freshness” in GDOI if a member accept s a key f r om t he gr oup cont r oller in a pr ot o- col r un, t hen it should not have pr eviously accept ed a lat er key member_accept _key(M,G,(K GM ,K old ),_) ⇒ # gcks_loseparwisekey(G,(),(M,K GM ),_) ∨ ¬ ( # (member_accept key(M,G,(K GM ,K new ),_) ∧ # ( gcks_creat ekey(G,(),K new ,K ’ ),_) ∧ # gcks_creat ekey(G,(),K old ,K ’’ ),_)))) Fault Tree Represent at ion of Securit y Requirement s 19

  21. Conclusions • Explor ed t r ee r epr esent at ion of pr ot ocol reqs. ! Pr omising init ial r esult s ! Complex r equir ement s now int uit ive • Pr ecedence t r ees ! Dr aw f r om f ault t r ees r esear ch ! Specialized t o NPATRL and NPA ! NPATRL semant ics ! Bet t er under st anding of NPATRL • Paper s ! “A Fault -Tr ee Repr esent at ion of NPATRL Secur it y Requir ement s”, wit h Cat hy Meadows " WI TS’03 " TCS (long version, submit t ed) Fault Tree Represent at ion of Securit y Requirement s 20

  22. Future Work – Theory • What propert ies can be expressed? ! All of saf et y? ! Liveness? • Graphical equivalence of requirement s? • Expressive power ! Recur sive t rees? ! Mor e complex quant if ier pat t er ns? • Graphical gist of t heorems ! Usef ul classes? ! Pr oof s? Fault Tree Represent at ion of Securit y Requirement s 21

  23. Future Work – Practice • Gain f urt her experience ! Can t hey be used f or ot her requir ement s? • Scaling up ! When ar e t r ees so big t hey ar e non-int uit ive? " Exist ing r equir ement s? ! Modular it y • I nt eract ion wit h f ault t ree communit y ! Br oader applicat ions of dependence t rees? ! Tools we can use? " NPATRL < -> dependence t r ees Fault Tree Represent at ion of Securit y Requirement s 22

Recommend

Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya

Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya

Reliability Maintenance and Managing Risk Conference 2019 Can Fault Tree Analysis Technique Resolve Fault Isolation Ambiguity? Alpana Gangopadhyaya Supportability Systems Engineer Northrop Grumman Alpana.Gangopadhyaya@ngc.com Phone Number

466 views • 18 slides
Requirement Requirement Requirement Requirement Engineering Engineering Engineering

Requirement Requirement Requirement Requirement Engineering Engineering Engineering

Requirement Requirement Requirement Requirement Engineering Engineering Engineering Engineering Outline Stakeholders Context diagram and interfaces Types of requirements Numbering requirements Scenarios, sequence diagrams

587 views • 39 slides
Analysis of 802.11 Securit y or Wired Equivalent Privacy I snt Nikit a Borisov, I an

Analysis of 802.11 Securit y or Wired Equivalent Privacy I snt Nikit a Borisov, I an

Analysis of 802.11 Securit y or Wired Equivalent Privacy I snt Nikit a Borisov, I an Goldberg, and David Wagner WEP Prot ocol Wired Equivalent Privacy Part of t he 802.11 Link-layer securit y prot ocol Securit y Goals

608 views • 25 slides
Data Requirement for Species Tree from Multiple Gene Trees (Dasarathy, Nowak, Roch 2015) Daewon

Data Requirement for Species Tree from Multiple Gene Trees (Dasarathy, Nowak, Roch 2015) Daewon

Data Requirement for Species Tree from Multiple Gene Trees (Dasarathy, Nowak, Roch 2015) Daewon Seo Mar. 14. 2017 Introduction Incomplete Lineage Sorting (ILS), . Gene tree topologies could be different from species tree Two

237 views • 11 slides
Trees Chapter 4 1 Objectives Understand the terminology of the tree data structure Represent

Trees Chapter 4 1 Objectives Understand the terminology of the tree data structure Represent

Trees Chapter 4 1 Objectives Understand the terminology of the tree data structure Represent a tree structure in a program Understand the importance of the binary trees Use a binary search tree for storing ordered elements 2 Motivation

651 views • 22 slides
HyperG Solution Introduction Agenda HyperG yo your best Securit ity &amp; Smart Solutio

HyperG Solution Introduction Agenda HyperG yo your best Securit ity &amp; Smart Solutio

HyperG Solution Introduction Agenda HyperG yo your best Securit ity &amp; Smart Solutio ion Cho hoic ice 3S Cyber Security Solution S S Securit ity app app S S Securit ity smart Off ffic ice S S

674 views • 34 slides
INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Vulnerability Analysis on Smart Cards using Fault Tree Guillaume Bouffard Bhagyalekshmy N Thampi Jean-Louis Lanet Smart Secure Devices (SSD) Team

705 views • 39 slides
CUDA accelerated fault tree analysis with C-XSC Gabor Rebner 1 , Michael Beer 2 1 Department of

CUDA accelerated fault tree analysis with C-XSC Gabor Rebner 1 , Michael Beer 2 1 Department of

Table of Contents Motivation Definitions Implementation Conclusion References CUDA accelerated fault tree analysis with C-XSC Gabor Rebner 1 , Michael Beer 2 1 Department of Computer and Cognitive Sciences (INKO) University of Duisburg-Essen

324 views • 19 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
1 Conceptual Example (III): Less formally (II) Or-tree-based Search n If all

1 Conceptual Example (III): Less formally (II) Or-tree-based Search n If all

2.4.3 Or-tree-based Search Formal Definitions (I) Or-tree-based Search Model A = ( S , T ): Basic Idea: n Prob set of problem descriptions If every solution is okay, represent the different n Altern Prob +

190 views • 3 slides
I mport ance of Net work Securit y? Think about The most pr ivat e, embar r assing

I mport ance of Net work Securit y? Think about The most pr ivat e, embar r assing

I mport ance of Net work Securit y? Think about The most pr ivat e, embar r assing or valuable 15: piece of inf or mat ion youve ever st or ed on a comput er Net work Securit y Basics How much you r ely on comput er

566 views • 7 slides
Objectives To design and implement a binary search tree (25.2). To represent binary trees

Objectives To design and implement a binary search tree (25.2). To represent binary trees

Chapter 25 Binary Search Trees Liang, Introduction to Java Programming, Tenth Edition, (c) 2013 Pearson Education, Inc. All 1 rights reserved. Objectives To design and implement a binary search tree (25.2). To represent binary trees

443 views • 18 slides
Fault Tree Generation from EMF Models Christoph Lauer 1 , Reinhard German 1 and Jens Pollmer 2 1

Fault Tree Generation from EMF Models Christoph Lauer 1 , Reinhard German 1 and Jens Pollmer 2 1

Computer Networks and Communication Systems Friedrich-Alexander-University Erlangen-Nuremberg Prof. Dr.-Ing. Reinhard German Fault Tree Generation from EMF Models Christoph Lauer 1 , Reinhard German 1 and Jens Pollmer 2 1 Department of Computer

558 views • 21 slides
Homework 5 Due Tuesday Oct 26 CLRS 14-2.2 (rb tree black height) CLRS 14-2.3 (rb tree

Homework 5 Due Tuesday Oct 26 CLRS 14-2.2 (rb tree black height) CLRS 14-2.3 (rb tree

Homework 5 Due Tuesday Oct 26 CLRS 14-2.2 (rb tree black height) CLRS 14-2.3 (rb tree depth) CLRS 14-1 (point of maximum overlap) CLRS 15.1-4 (assembly line space requirement) 1 Chapter 15: Dynamic programming Dynamic programming

1.04k views • 47 slides
CONTENTS Introduction 1. Faut Tree Analysis method (FTA) 2. The main steps of fault tree 3.

CONTENTS Introduction 1. Faut Tree Analysis method (FTA) 2. The main steps of fault tree 3.

th 13 Annual System of Systems Engineering Conference Q UANTITATIVE AND Q UALITATIVE R ELIABILITY A SSESSMENT OF R EPARABLE E LECTRICAL P OWER S UPPLY S YSTEMS USING F AULT T REE A NALYSIS M ETHOD AND I MPORTANCE F ACTORS Authors: Dallal.

972 views • 28 slides
Fault Isolation in a Multicast Tree using DYSWIS COMS 6181 Fall 2011 Phil Sphicas Goal

Fault Isolation in a Multicast Tree using DYSWIS COMS 6181 Fall 2011 Phil Sphicas Goal

Fault Isolation in a Multicast Tree using DYSWIS COMS 6181 Fall 2011 Phil Sphicas Goal Correlate faults between multicast receivers of the same stream, and pinpoint where in the network the loss occurred How do we detect faults?

470 views • 11 slides
P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her

P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her

P rot ect ion Prot ect ing processes/ users f rom each 17: P rot ect ion/ Securit y ot her is one of t he core OS responsibilit ies Cont rol access of processes or users t o resources of t he comput er syst em (HW Last Modif ied:

384 views • 11 slides
Se Securit ity Risk An Anal alyses Done Right A Complimentary Webinar From

Se Securit ity Risk An Anal alyses Done Right A Complimentary Webinar From

Se Securit ity Risk An Anal alyses Done Right A Complimentary Webinar From healthsystemCIO.com Sponsored by Fortified Health Solutions, A Santa Rosa Company Your Line Will Be Silent Until Our Event Begins at 12:00 ET Thank You! Slide

267 views • 23 slides
Se Securit ity fr from om Pap aper to o Tak ake-Of Off Ma Mana nagement T Team Tony

Se Securit ity fr from om Pap aper to o Tak ake-Of Off Ma Mana nagement T Team Tony

Se Securit ity fr from om Pap aper to o Tak ake-Of Off Ma Mana nagement T Team Tony Gallo Managing Partner More than 30 years experience in the Security, Audit, Safety, and Emergency Management fields in which he specializes in

588 views • 19 slides
What is AST? Abstract Syntax Tree pruned CST What is it? From Wikipedia: Why use it instead of

What is AST? Abstract Syntax Tree pruned CST What is it? From Wikipedia: Why use it instead of

What is AST? Abstract Syntax Tree pruned CST What is it? From Wikipedia: Why use it instead of CST? A finite, labeled, directed tree, where the internal CST AST nodes are labeled by operators, and the leaf nodes represent the operands

193 views • 6 slides
2 Fault Isolation &amp; Restoration Manual Fault Isolation &amp; Restoration The

2 Fault Isolation &amp; Restoration Manual Fault Isolation &amp; Restoration The

1 Self Healing Network (Centralized Restoration Gateway) IEEE PES 2015 General Meeting 2 Fault Isolation &amp; Restoration Manual Fault Isolation &amp; Restoration The operator makes switching decisions Automatic Fault Location

724 views • 22 slides
Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

4/1/2014 Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault coverage COMPUTING Checkpointing and backward error recovery (rollback) Kewal K.Saluja General principles General principles

259 views • 3 slides
Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too

Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too

8/1/2012 Fault Modeling 1 Why Fault Models? Actual number of physical defects in a circuit are too many. Not possible to consider individually. Difficult to count and analyze. Some logical fault models are considered. A fault

493 views • 15 slides
So Social cial Securit Security ys F Financing and inancing and (E (Exist xisting

So Social cial Securit Security ys F Financing and inancing and (E (Exist xisting

So Social cial Securit Security ys F Financing and inancing and (E (Exist xisting &amp; ing &amp; Evolv lving ing) Po ) Policy licy Op Optio ions ns Abigail Zapote Executive Director Our mission includes protecting Social

138 views • 13 slides

More recommend