- Computer Science, Software Engineering, Information Science, Network Security, Information Security, Distributed Computing, and 16 moreCryptography, Ubiquitous Computing, Systems Engineering, Computer Security And Reliability, Theory Of Computation, Formal Methods (Formal Verification), Computer Forensics, Computational Logic, Computational Complexity, Model-Driven Development, Wireless security, Automata Theory (Formal Languages), Computational Complexity Theory, Mobile Distributed Systems, Proof Theory, and Temporal and Modal Logicedit
Abstract The traditional approach of computer scientists to Law is that laws (statutes, regulations, etc.) set the requirements, logicians and requirements analysts model them, and finally IT technical solutions or organizational patterns... more
Abstract The traditional approach of computer scientists to Law is that laws (statutes, regulations, etc.) set the requirements, logicians and requirements analysts model them, and finally IT technical solutions or organizational patterns are used to implement them. In this paper we try to answer a radically different question: Can a technical solution (eg a requirement in a security and dependability pattern) be implemented by legal means?
Open multi-application smart cards that allow post-issuance evolution (ie loading of new applets) are very attractive for both smart card developers and card users. Since these applications contain sensitive data and can exchange... more
Open multi-application smart cards that allow post-issuance evolution (ie loading of new applets) are very attractive for both smart card developers and card users. Since these applications contain sensitive data and can exchange information, a major concern is the assurance that these applications will not exchange data unless permitted by their respective policies.
Requirement evolution has drawn a lot of attention from the community with a major focus on management and consistency of requirements. Here, we tackle the fundamental, albeit less explored, alternative of modeling the future evolution of... more
Requirement evolution has drawn a lot of attention from the community with a major focus on management and consistency of requirements. Here, we tackle the fundamental, albeit less explored, alternative of modeling the future evolution of requirements. Our approach is based on the explicit representation of controllable evolutions vs observable evolutions, which can only be estimated with a certain probability.
Quality of Protection: Security Measurements and Metrics is an edited volume based on the Quality of Protection Workshop in Milano, Italy (September 2005). This volume discusses how security research can progress towards quality of... more
Quality of Protection: Security Measurements and Metrics is an edited volume based on the Quality of Protection Workshop in Milano, Italy (September 2005). This volume discusses how security research can progress towards quality of protection in security comparable to quality of service in networking and software measurements, and metrics in empirical software engineering. Information security in the business setting has matured in the last few decades.
Java card technology have progressed at the point of running web servers and web clients on a smart card. Yet concrete deployment of multi-applications smart cards have remained extremely rare because the business model of the... more
Java card technology have progressed at the point of running web servers and web clients on a smart card. Yet concrete deployment of multi-applications smart cards have remained extremely rare because the business model of the asynchronous download and update of applications by different parties requires the control of interactions among possible applications after the card has been fielded. Yet the current security models and techniques do not support this type of evolution.
Abstract This panel is aimed at assessing the state of the art and exploring trends and emerging issues in computer security in general and protocol verification in particular. It brings together experts from both the security community... more
Abstract This panel is aimed at assessing the state of the art and exploring trends and emerging issues in computer security in general and protocol verification in particular. It brings together experts from both the security community and the verification area. Some of questions over which they will be invited to discuss their views, and maybe even to answer, include:
Most Secure Development Software Life Cycles (SSDLCs) start from security requirements. Security Management standards do likewise. There are several methods from industry and academia to elicit and analyze security requirements, but there... more
Most Secure Development Software Life Cycles (SSDLCs) start from security requirements. Security Management standards do likewise. There are several methods from industry and academia to elicit and analyze security requirements, but there are few empirical evaluations to investigate whether these methods are effective in identifying security requirements.
Nowadays IT systems are undergoing an irreversible evolution: we face a socio-technical system where humans are not just “users” but decision makers whose decisions determine the behavior of the system as a whole. These decisions will not... more
Nowadays IT systems are undergoing an irreversible evolution: we face a socio-technical system where humans are not just “users” but decision makers whose decisions determine the behavior of the system as a whole. These decisions will not necessarily be system supported, nor planned in advance and sometimes not even informed, but they will nonetheless be taken.
Users of mobile devices are increasingly requesting a controlled way to exit from the sandboxing model in order to exploit the full computational power of the device. Porting in-line security monitors to mobile devices requires to solve... more
Users of mobile devices are increasingly requesting a controlled way to exit from the sandboxing model in order to exploit the full computational power of the device. Porting in-line security monitors to mobile devices requires to solve both theoretical and practical challenges. Current security monitors provided solutions only for the desktop and either monitor a single instance of an application. In this demonstration we show an inline monitoring system for.
The Safety and Security in Multiagent Systems (SASEMAS) series of workshops that took place from 2004-2006 provided a forum for the exchange of ideas and discussion on areas related to the safety and security of multiagent systems.
Abstract Change management and change propagation across the various models of the system (such as requirements, design and testing models) are well-known problems in software engineering. For such problems a number of solutions have been... more
Abstract Change management and change propagation across the various models of the system (such as requirements, design and testing models) are well-known problems in software engineering. For such problems a number of solutions have been proposed that are usually based on the integration of model repositories and on the maintenance of traceability links between the models.
Abstract. Showing that business processes comply with regulatory requirements is not easy. We investigate this compliance problem in the case that the requirements are expressed as a directed, acyclic graph, with high-level requirements... more
Abstract. Showing that business processes comply with regulatory requirements is not easy. We investigate this compliance problem in the case that the requirements are expressed as a directed, acyclic graph, with high-level requirements (called control objectives) at the top and with low-level requirements (called control activities) at the bottom. These control activities are then implemented by control processes.
Security and trust are core research issues for the further development of the Information Society and for 10 years have played, and continue to play, an integral part in the European Union's Framework Programmes (FPs) for R&D.... more
Security and trust are core research issues for the further development of the Information Society and for 10 years have played, and continue to play, an integral part in the European Union's Framework Programmes (FPs) for R&D. EU-supported collaborative research projects in trust and security bring together multi-partner stakeholders from industry (technology and service providers, system integrators and end-users), academic and research laboratories working in several interdisciplinary research fields.
Logical cryptanalysis has been introduced by Massacci and Marraro as a general framework for encoding properties of crypto-algorithms into SAT problems, with the aim of generating SAT benchmarks that are controllable and that share the... more
Logical cryptanalysis has been introduced by Massacci and Marraro as a general framework for encoding properties of crypto-algorithms into SAT problems, with the aim of generating SAT benchmarks that are controllable and that share the properties of real-world problems and randomly generated problems.
Abstract In order to provide certified security services we must provide indicators that can measure the level of assurance that a complex business process can offer. Unfortunately the formulation of security indicators is not amenable to... more
Abstract In order to provide certified security services we must provide indicators that can measure the level of assurance that a complex business process can offer. Unfortunately the formulation of security indicators is not amenable to efficient algorithms able to evaluate the level of assurance of complex process from its components.
Abstract If all applications could be loaded at the start this would boil down to information flow analysis for which many solutions exist, but this is precisely what we want to overcome. When applications are not known in advance and can... more
Abstract If all applications could be loaded at the start this would boil down to information flow analysis for which many solutions exist, but this is precisely what we want to overcome. When applications are not known in advance and can be updated asynchronously and possibly without connection to trusted third parties, we must preserve the security policies of the various owners of the applets during such autonomous evolution.
Security Requirements Engineering is an emerging field which lies at the crossroads of Security and Software Engineering. Much research has focused on this field in recent years, spurred by the realization that security must be dealt with... more
Security Requirements Engineering is an emerging field which lies at the crossroads of Security and Software Engineering. Much research has focused on this field in recent years, spurred by the realization that security must be dealt with in the earliest phases of the software development process as these phases cover a broader organizational perspective. Agent-oriented methodologies have proved to be especially useful in this setting as they support the modeling of the social context in which the system-to-be will operate.
deutsch english. Publication View. 5887708. Enhancements to a mobile robot virtual path language assembler / (1996). McCarty, Paul Sidney. Abstract. Typescript.. Thesis (MS)--University of South Carolina, 1996.. Includes bibliographical... more
deutsch english. Publication View. 5887708. Enhancements to a mobile robot virtual path language assembler / (1996). McCarty, Paul Sidney. Abstract. Typescript.. Thesis (MS)--University of South Carolina, 1996.. Includes bibliographical references (leaves 64). Publication details. Download, http://worldcat.org/oclc/37740583. Repository, OCLC's Experimental Thesis Catalog (United States). Type, text. Language, eng.
The formal verification of security protocols is one of the successful applications of automated reasoning 1. Techniques based on belief logics, model checking, and theorem proving have been successful in determining strengths and... more
The formal verification of security protocols is one of the successful applications of automated reasoning 1. Techniques based on belief logics, model checking, and theorem proving have been successful in determining strengths and weaknesses of many protocols, some of which have been even fielded before being discovered badly wrong. This tutorial presents the problems to the “security illiterate”, explaining aims, objectives and tools of this application of automated reasoning.
Properties like confidentiality, authentication and integrity are of increasing importance to communication protocols. Hence the development of formal methods for the verification of security protocols. This paper proposes to represent... more
Properties like confidentiality, authentication and integrity are of increasing importance to communication protocols. Hence the development of formal methods for the verification of security protocols. This paper proposes to represent the verification of security properties as a (deductive or model-based) logical AI planning problem. The key intuition is that security attacks can be seen as plans.
Page 1. SecureTropos STTool A CASE tool for securityaware software requirements analysis Departement of Information and Communication Technology – University of Trento, Italy Departement of Computer Science – University of Toronto, Canada... more
Page 1. SecureTropos STTool A CASE tool for securityaware software requirements analysis Departement of Information and Communication Technology – University of Trento, Italy Departement of Computer Science – University of Toronto, Canada Paolo Giorgini ∙ Fabio Massacci ∙ John Mylopoulos ∙ Nicola Zannone Page 2.
Abstract. Security protocols intend to give their parties reasonable assurance that certain security properties will protect their communication session. However, the literature confirms that the protocols may suffer subtle and hidden... more
Abstract. Security protocols intend to give their parties reasonable assurance that certain security properties will protect their communication session. However, the literature confirms that the protocols may suffer subtle and hidden attacks. Flawed protocols are customarily sent back to the design process, but the costs of reengineering a deployed protocol may be prohibitive.
This paper presents a prefixed tableaux calculus for Propositional Dynamic Logic with Converse based on a combination of different techniques such as prefixed tableaux for modal logics and model checkers for mu-calculus. We prove the... more
This paper presents a prefixed tableaux calculus for Propositional Dynamic Logic with Converse based on a combination of different techniques such as prefixed tableaux for modal logics and model checkers for mu-calculus. We prove the correctness and completeness of the calculus and illustrate its features. We also discuss the transformation of the tableaux method (naively NEXPTIME) into an EXPTIME algorithm.
Abstract. Reasoning about trust management and credential-based systems such as SDSI/SPKI, is one of today's security challenges. The representation and reasoning problem for this (simple) public key infrastructure is challenging: we need... more
Abstract. Reasoning about trust management and credential-based systems such as SDSI/SPKI, is one of today's security challenges. The representation and reasoning problem for this (simple) public key infrastructure is challenging: we need to represent permissions, complex naming constructions (“Martinelli's officemate is FAST's PC-Chair's Colleague”), intervals of time and metric time for expiration dates and validity intervals.
Abstract The workflow of a Virtual Organization is often divided into fragments that are run by different entities having different clearance level or accessibility permissions. Therefore, an important issue is a decomposition of the... more
Abstract The workflow of a Virtual Organization is often divided into fragments that are run by different entities having different clearance level or accessibility permissions. Therefore, an important issue is a decomposition of the overall business process into workflow views that can be outsourced to the side of the corresponding contractors.
Abstract The basic tenet of security management when actions violate policies is that the former must be forbidden or amended. This requires to specify precisely all possible exceptions and corrections to the default workflow. In many... more
Abstract The basic tenet of security management when actions violate policies is that the former must be forbidden or amended. This requires to specify precisely all possible exceptions and corrections to the default workflow. In many practical e-health business processes this is not feasible: the default clinical or administrative protocol is simple and well understood by clinicians but the precise codification of all possible amendable errors into the policy would transform it from a straight-line to an unreadable spaghetti-graph.
Autonomic Communication is a new paradigm for dynamic network integration. An Autonomic Network crosses organizational boundaries and is provided by entities that see each other just as business partners. Policy-base network anagement... more
Autonomic Communication is a new paradigm for dynamic network integration. An Autonomic Network crosses organizational boundaries and is provided by entities that see each other just as business partners. Policy-base network anagement already requires a paradigm shift in the access control mechanism (from identity-based access control to trust management and negotiation), but this is not enough for cross organizational autonomic communication.
Abstract We investigate a generalization of the notion of XML security view introduced by Stoica and Farkas (Proceedings of the 16th International Conference on Data and Applications Security (IFIP'02). IFIP Conference Proceedings, vol.... more
Abstract We investigate a generalization of the notion of XML security view introduced by Stoica and Farkas (Proceedings of the 16th International Conference on Data and Applications Security (IFIP'02). IFIP Conference Proceedings, vol. 256, pp. 133–146. Kluwer, Dordrecht, 2002) and later refined by Fan et al.(Proceedings of the ACM SIG-MOD International Conference on Management of Data (SIGMOD'04), pp. 587–598. ACM Press, New York, 2004).
Abstract We illustrate AL SP (Action Language for Security Protocol), a declarative executable specification language for planning attacks to security protocols. AL SP is based on logic programming with negation as failure, and with... more
Abstract We illustrate AL SP (Action Language for Security Protocol), a declarative executable specification language for planning attacks to security protocols. AL SP is based on logic programming with negation as failure, and with stable model semantics. In AL SP we can give a declarative specification of a protocol with the natural semantics of send and receive actions which can be performed in parallel.
Abstract The scenarios of Ambient Intelligence introduce a new computing paradigm and set new challenges for the design and engineering of secure and dependable sys-tems. This chapter describes SERENITY, a comprehensive approach to... more
Abstract The scenarios of Ambient Intelligence introduce a new computing paradigm and set new challenges for the design and engineering of secure and dependable sys-tems. This chapter describes SERENITY, a comprehensive approach to overcome those problems. The key to success in this scenario is to capture security expertise in such a way that it can be supported by automated means.
The last years have seen a renewed interest in modal and description logics (MDLs). Better algorithms, coding, and technology have led to effective systems based on tableau and constraint systems [6,7] to DPLL-based implementations [5],... more
The last years have seen a renewed interest in modal and description logics (MDLs). Better algorithms, coding, and technology have led to effective systems based on tableau and constraint systems [6,7] to DPLL-based implementations [5], first order provers [8] and the inverse method [13]. PSPACE problems such as satisfiability are within reach for realistic instances [10] and potentially EX- PTIME problems stemming from real applications can also be solved [3,7].
This paper presents a prefixed tableaux calculus for Propositional Dynamic Logic with Converse based on a combination of different techniques such as prefixed tableaux for modal logics and model checkers for μ-calculus. We prove the... more
This paper presents a prefixed tableaux calculus for Propositional Dynamic Logic with Converse based on a combination of different techniques such as prefixed tableaux for modal logics and model checkers for μ-calculus. We prove the correctness and completeness of the calculus and illustrate its features. We also discuss the transformation of the tableaux method (naively NEXPTIME) into an EXPTIME algorithm.
We propose a tableaux calculus requiring simple exponential time for satis ability of an ALC concept C wrt a TBox T containing general axioms of the form C v D.> From correspondences with Propositional Dynamic Logic (PDL) it is known that... more
We propose a tableaux calculus requiring simple exponential time for satis ability of an ALC concept C wrt a TBox T containing general axioms of the form C v D.> From correspondences with Propositional Dynamic Logic (PDL) it is known that this problem is in EXPTIME Pratt, 1978; Vardi and Wolper, 1986].
✓ Long-lived systems need to be flexible and to adapt to changes in order to remain useful.✓ Software-based systems are getting increasingly security-critical since software now pervades the whole critical infrastructures dealing with... more
✓ Long-lived systems need to be flexible and to adapt to changes in order to remain useful.✓ Software-based systems are getting increasingly security-critical since software now pervades the whole critical infrastructures dealing with critical data.✓ A challenging aspect is thus to develop techniques and tools that ensure long-running evolving software systems are compliant to evolving security, privacy and dependability requirements.
Abstract System vulnerabilities are often caused by the presence of conflicts within the organization where the system-to-be would eventually operate. In particular, conflicts of interest are very harmful since actors can exploit their... more
Abstract System vulnerabilities are often caused by the presence of conflicts within the organization where the system-to-be would eventually operate. In particular, conflicts of interest are very harmful since actors can exploit their positions/roles relative to the system for gaining personal advantage. Capturing and resolving such conflicts is a necessary condition for developing secure information systems. In this paper, we show how conflicts of interest can be formally detected during requirements analysis.
Abstract Inlined Reference Monitor (IRM) is a flexible mechanism to enforce the security of untrusted applications. One of the shortcomings of IRM is that it might introduce a significant overhead in otherwise perfectly secure... more
Abstract Inlined Reference Monitor (IRM) is a flexible mechanism to enforce the security of untrusted applications. One of the shortcomings of IRM is that it might introduce a significant overhead in otherwise perfectly secure application. In this paper we propose six different framework models for IRM optimization with respect to components that are needed to be trusted or untrusted. Then, we describe an approach for IRM optimization using automata modulo theory.