Robustness of Spatial Databases: Using Network Analysis on GIS Data Models

Hedefalk, Finn

January 2010

<p>Demands on the quality and reliability of Volunteered Geographic Information have increased because of its rising popularity. Due to the less controlled data entry, there is a risk that people provide false or inaccurate information to the database. One factor that affects the effect of such updates is the network structure of the database schema, which might reveal the database’s robustness against different kinds of false updates. Therefore, network analyses are needed. The aim is to analyse GIS data models, stored in UML class diagrams, for scale-free and small-world properties. Moreover, a robustness analysis is to be carried out on selected data models in order to find out their error and attack tolerance against, for example, false updates. Three graphs were specified from the UML class diagrams: (1) <em>class graphs</em>: classes as nodes and their interactive relationships as connections; (2) <em>attribute graphs</em>: classes and attributes as nodes, with connections between the classes and their attributes; and (3) <em>schema graphs</em>: attributes as nodes and their interactive relationships inside and outside the tables as links. The analysed class diagrams were stored in XMI, and therefore transformed with XSLT to the Pajek network format. Thereafter, small-world and scale-free analyses as well as a robustness analysis were performed on the graphs. </p><p>The results from the scale-free analyses showed no strict power-laws. Nevertheless, the classes’ relationships and attributes, and the betweenness in the schema graphs were long-tailed distributed. Furthermore, the schema graphs had small-world properties, and the analysed class and schema graphs were robust against errors but fragile against attacks. In a network structure perspective, these results indicate that false updates on random tables of a database should usually do little harm, but falsely updating the most central cells or tables may cause big damage. Consequently, it may be necessary to monitor and constrain sensitive cells and tables in order to protect them from attacks</p>

GIS

Database

UML

VGI

Power-law

Small-world

Error and attack tolerance

Network

Robustness of Spatial Databases: Using Network Analysis on GIS Data Models

Hedefalk, Finn

January 2010

Demands on the quality and reliability of Volunteered Geographic Information have increased because of its rising popularity. Due to the less controlled data entry, there is a risk that people provide false or inaccurate information to the database. One factor that affects the effect of such updates is the network structure of the database schema, which might reveal the database’s robustness against different kinds of false updates. Therefore, network analyses are needed. The aim is to analyse GIS data models, stored in UML class diagrams, for scale-free and small-world properties. Moreover, a robustness analysis is to be carried out on selected data models in order to find out their error and attack tolerance against, for example, false updates. Three graphs were specified from the UML class diagrams: (1) class graphs: classes as nodes and their interactive relationships as connections; (2) attribute graphs: classes and attributes as nodes, with connections between the classes and their attributes; and (3) schema graphs: attributes as nodes and their interactive relationships inside and outside the tables as links. The analysed class diagrams were stored in XMI, and therefore transformed with XSLT to the Pajek network format. Thereafter, small-world and scale-free analyses as well as a robustness analysis were performed on the graphs.  The results from the scale-free analyses showed no strict power-laws. Nevertheless, the classes’ relationships and attributes, and the betweenness in the schema graphs were long-tailed distributed. Furthermore, the schema graphs had small-world properties, and the analysed class and schema graphs were robust against errors but fragile against attacks. In a network structure perspective, these results indicate that false updates on random tables of a database should usually do little harm, but falsely updating the most central cells or tables may cause big damage. Consequently, it may be necessary to monitor and constrain sensitive cells and tables in order to protect them from attacks

GIS

Database

UML

VGI

Power-law

Small-world

Error and attack tolerance

Network

Protein Domain Networks: Analysis Of Attack Tolerance Under Varied Circumstances

Oguz, Saziye Deniz

01 September 2010

Recently, there has been much interest in the resilience of complex networks to random failures and intentional attacks. The study of the network robustness is particularly important by several occasions. In one hand a higher degree of robustness to errors and attacks may be desired for maintaining the information flow in communication networks under attacks. On the other hand planning a very limited attack aimed at fragmenting a network by removal of minimum number of the most important nodes might have significant usage in drug design. Many real world networks were found to display scale free topology including WWW, the internet, social networks or regulatory gene and protein networks. In the recent studies it was shown that while these networks have a surprising error tolerance, their scale-free topology makes them fragile under intentional attack, leaving the scientists a challenge on how to improve the networks robustness against attacks. In this thesis, we studied the protein domain co-occurrence network of yeast which displays scale free topology generated with data from Biomart which links to Pfam database. Several networks obtained from protein domain co-occurrence network having exactly the same connectivity distribution were compared under attacks to investigate the assumption that the different networks with the same connectivity distribution do not need to have the same attack tolerances. In addition to this, we considered that the networks with the same connectivity distribution have higher attack tolerance as we organize the same resources in a better way. Then, we checked for the variations of attack tolerance of the networks with the same connectiviy distributions. Furthermore, we investigated whether there is an evolutionary mechanism for having networks with higher or lower attack tolerances for the same connectivity distribution. As a result of these investigations, the different networks with the same connectivity distribution do not have the same attack tolerances under attack. In addition to this, it was observed that the networks with the same connectivity distribution have higher attack tolerances as organizing the same resources in a better way which implies that there is an evolutionary mechanism for having networks with higher attack tolerance for the same connectivity distribution.

QA General 15707

Attack tolerance for services-based applications in the Cloud / Tolérance aux attaques pour les applications orientées services Web dans le cloud

Ouffoué, Georges

21 December 2018

Les services Web permettent la communication de systèmes hétérogènes sur le Web. Ces facilités font que ces services sont particulièrement adaptés au déploiement dans le cloud. Les efforts de formalisation et de vérification permettent d’améliorer la confiance dans les services Web, néanmoins des problèmes tels que la haute disponibilité et la sécurité ne sont pas entièrement pris en compte. Par ailleurs, les services Web déployés dans une infrastructure cloud héritent des vulnérabilités de cette dernière. En raison de cette limitation, ils peuvent être incapables d’exécuter parfaitement leurs tâches. Dans cette thèse, nous pensons qu’une bonne tolérance nécessite un monitoring constant et des mécanismes de réaction fiables. Nous avons donc proposé une nouvelle méthodologie de monitoring tenant compte des risques auxquels peuvent être confrontés nos services. Pour mettre en oeuvre cette méthodologie, nous avons d’abord développé une méthode de tolérance aux attaques qui s’appuie sur la diversification au niveau modèle. On définit un modèle du système puis on dérive des variantes fonctionnellement équivalents qui remplaceront ce dernier en cas d’attaque. Pour ne pas dériver manuellement les variants et pour augmenter le niveau de diversification nous avons proposé une deuxième méthode complémentaire. Cette dernière consiste toujours à avoir des variants de nos services; mais contrairement à la première méthode, nous proposons un modèle unique avec des implantations différentes tant au niveau des interfaces, du langage qu’au niveau des exécutables. Par ailleurs, pour détecter les attaques internes, nous avons proposé un mécanisme de détection et de réaction basé sur la reflexivité. Lorsque le programme tourne, nous l’analysons pour détecter les exécutions malveillantes. Comme contremesure, on génère de nouvelles implantations en utilisant la reflexivité. Pour finir, nous avons étendu notre environnement formel et outillé de services Web en y incorporant de manière cohérente tous ces mécanismes. L’idée est de pouvoir combiner ces différentes méthodes afin de tirer profit des avantages de chacune d’elle. Nous avons validé toute cette approche par des expériences réalistes. / Web services allow the communication of heterogeneous systems on the Web. These facilities make them particularly suitable for deploying in the cloud. Although research on formalization and verification has improved trust in Web services, issues such as high availability and security are not fully addressed. In addition, Web services deployed in cloud infrastructures inherit their vulnerabilities. Because of this limitation, they may be unable to perform their tasks perfectly. In this thesis, we claim that a good tolerance requires attack detection and continuous monitoring on the one hand; and reliable reaction mechanisms on the other hand. We therefore proposed a new formal monitoring methodology that takes into account the risks that our services may face. To implement this methodology, we first developed an approach of attack tolerance that leverages model-level diversity. We define a model of the system and derive more robust functionally equivalent variants that can replace the first one in case of attack. To avoid manually deriving the variants and to increase the level of diversity, we proposed a second complementary approach. The latter always consists in having different variants of our services; but unlike the first, we have a single model and the implementations differ at the language, source code and binaries levels. Moreover, to ensure detection of insider attacks, we investigated a new detection and reaction mechanism based on software reflection. While the program is running, we analyze the methods to detect malicious executions. When these malicious activities are detected, using reflection again, new efficient implementations are generated as countermeasure. Finally, we extended a formal Web service testing framework by incorporating all these complementary mechanisms in order to take advantage of the benefits of each of them. We validated our approach with realistic experiments.

Tolérance aux attaques

Services Web

Supervision

Cloud

Tests passifs

Réflexivité

Attack tolerance

Web services

Monitoring

Cloud

Passive tests

Reflection