UM FRAMEWORK DE SEGURANÇA BASEADO EM ENGENHARIA DIRIGIDA POR MODELOS PARA PLATAFORMAS DE COMPUTAÇÃO EM NUVEM: Uma Abordagem para Modelos SaaS. / AN ENGINEERED SAFETY FRAMEWORK DIRECTED BY MODELS FOR COMPUTER PLATFORMS IN CLOUD: An approach to SaaS Models.

MATOS, Pablo Luís Castro de

31 August 2015

Submitted by Maria Aparecida (cidazen@gmail.com) on 2017-08-24T11:52:22Z No. of bitstreams: 1 Pablo.pdf: 5598718 bytes, checksum: cce40776950abfd027f223d50cfca06c (MD5) / Made available in DSpace on 2017-08-24T11:52:22Z (GMT). No. of bitstreams: 1 Pablo.pdf: 5598718 bytes, checksum: cce40776950abfd027f223d50cfca06c (MD5) Previous issue date: 2015-08-31 / CAPES,CNPQ,FAPEMA / The development and use of software based on cloud computing have been highlighted more and more nowadays. Software as a Service (SaaS) has been considered as a trend for small, medium and large companies, subtly acquiring presence in personal computing too. This service popularizing brings with it many challenges concerning to information security handled by their suppliers and the vulnerability of their applications. In this work, we propose a SaaS development framework by combining the Model-Driven Engineering (MDE) with merging techniques of domain-security models and domainapplication model. This approach involves the use of MDE techniques for achieving such adaptation and assist in the software development process. By adopting the MDE approach, it is possible to combine elements of different models, from source models reaching a target model by using weaving techniques. A prototype implements the proposed framework and reuses the Mapping Tool for Model Driven Engineering (MT4MDE) and Semi-Automatic Matching Tool for Model Driven Engineering (SAMT4MDE) in order to demonstrate the used methodology. The results demonstrate the feasibility and benefits of combining several security aspects in the development process of SaaS. / O desenvolvimento e a utilização de softwares baseados em computação em nuvem têm conquistado cada vez mais destaque na atualidade. A oferta de SaaS (Software as a Service) se mostra uma tendência não apenas para as grandes empresas, mas também para as pequenas e médias, adquirindo espaço também na computação pessoal de forma transparente. Esta relativa popularização do serviço traz consigo muitos desafios no que se refere à segurança da informação manipulada pelos seus fornecedores e a vulnerabilidade de suas respectivas aplicações. Neste trabalho, propomos um framework de desenvolvimento de SaaS, fazendo uso da Engenharia Dirigida por Modelos (MDE) aliada a técnicas de fusão de modelos do domínio de segurança a modelos do domínio da aplicação. Esta abordagem envolve a utilização de técnicas de MDE para se alcançar tal adaptação e auxiliar na condução do processo de desenvolvimento do software. Através da adoção da abordagem MDE é possível realizar a junção de elementos de modelos diferentes, a partir de modelos fonte alcançando-se um modelo alvo pela utilização de técnicas de weaving. Um protótipo implementa o framework proposto e reutiliza as ferramentas Mapping Tool for Model Driven Engineering (MT4MDE) e Semi-Automatic Matching Tool for Model Driven Engineering (SAMT4MDE) na demonstração da metodologia usada. Os resultados demonstram a viabilidade e os benefícios da combinação de vários aspectos de segurança no processo de desenvolvimento de um SaaS.

Sistemas de Informação

Modelo de segurança independente de plataforma para execução de software não confiável. / Platform-independent security model for running untrusted software.

GURJÃO, Tales Ribeiro Morais.

06 August 2018

Submitted by Johnny Rodrigues (johnnyrodrigues@ufcg.edu.br) on 2018-08-06T17:39:41Z No. of bitstreams: 1 TALES RIBEIRO MORAIS GURJÃO - DISSERTAÇÃO PPGCC 2016..pdf: 12989849 bytes, checksum: b3c43aa02fd4c9c5320e84063d3c8d34 (MD5) / Made available in DSpace on 2018-08-06T17:39:41Z (GMT). No. of bitstreams: 1 TALES RIBEIRO MORAIS GURJÃO - DISSERTAÇÃO PPGCC 2016..pdf: 12989849 bytes, checksum: b3c43aa02fd4c9c5320e84063d3c8d34 (MD5) Previous issue date: 2016-09-01 / Capes / Ataques a sistemas informatizados sempre foram um problema e evoluíram de simples investidas contra instalações físicas nos anos de 1970 a ataques coordenados usando milhares de computadores espalhados ao redor do mundo. Essas ofensivas têm como principal vetor códigos maliciosos, também conhecidos como malwares, que por vezes se passam por benignos mas se instalam no sistema e agem de forma maligna. Técnicas de isolamento de ambiente de execução e detecção de comportamento são empregadas para mitigar o risco ao executar um código desconhecido e potencialmente perigoso. Porém, muitas alternativas são custosas e, por vezes, dependem de ferramentas externas. Neste trabalho, propõe-se um modelo independente de plataforma para prover segurança na execução de códigos não confiáveis, sem efeitos colaterais para o hospedeiro e para terceiros. O modelo de segurança desenvolvido é constituído de dois módulos principais, analisador e executor, os quais (a) extraem metadados referentes ao programa e os utiliza para realizar uma análise prévia do código e (b) realizam checagens em tempo de execução que objetivam a preservação da integridade do sistema e dos recursos associados. A validação da abordagem foi realizada através de estudo de caso de aplicação em computação voluntária. / Attacks on computer systems have always been a problem and have evolved from simple attacks against physical facilities in the 1970s to coordinated attacks using thousands of computers spread around the world. The main vector of these offensives are softwares that sometimes pass by benign programs but when are installed in a system act in a malicious manner. Environment isolation and behavior detection techniques are used to mitigate the risk of running an unknown and potentially dangerous code. However, many alternatives are expensive and sometimes requires external tools. In this paper, we propose a platformindependent model to provide security to execute untrusted code with no side effects to the host and to third parties. The model consists of two main modules, analyzer and executor, which (a) extracts metadata related to the program and uses them to conduct a preliminary analysis of the code and (b) carry out checks at runtime aimed to preserve the integrity of the system and its associated resources. The validation of the approach was performed by a case study on a volunteer computing application

Ciência da Computação.

Modelo de segurança - computação

Software não confiável

Códigos maliciosos - computação

Malwares

Isolamento de ambiente - computação

Security model - computing

Untrusted software

Segurança de sistemas

System security

Computação voluntária

Vícedimenzionální přístup k WWW aplikacím / Mutli-Dimensional Access Control in Web Applications

Grešša, Pavol

January 2011

This master's thesis deals with the analysis, design and implementation of authentication and authorization subsystem into the environment of distributed web application. It unifies the well-known security models into the one universal security model that can be used for the development of authorization device enabling the user to secure the applications with various security models. Furthermore, it applies this integration of models into the Takeplace system.

Model-Based Autonomic Security Management of Networked Distributed Systems

Chen, Qian

13 December 2014

This research focuses on the development and validation of an autonomic security management (ASM) framework to proactively protect distributed systems (DSs) from a wide range of cyber assaults with little or no human intervention. Multi-dimensional cyber attack taxonomy was developed to characterize cyber attack methods and tactics against both a Web application (Web-app) and an industrial control system (ICS) by accounting for their impacts on a set of system, network, and security features. Based on this taxonomy, a normal region of system performance is constructed, refined, and used to predict and identify abnormal system behavior with the help of forecasting modules and intrusion detection systems (IDS). Protection mechanisms are evaluated and implemented by a multi-criteria analysis controller (MAC) for their efficiency in eliminating and/or mitigating attacks, maintaining normal services, and minimizing operational costs and impacts. Causes and impacts of unknown attacks are first investigated by an ASM framework learning module. Attack signatures are then captured to update IDS detection algorithms and MAC protection mechanisms in near real-time. The ASM approach was validated within Web-app and ICS testbeds demonstrating the effectiveness of the self-protection capability. Experiments were conducted using realworld cyber attack tools and profiles. Experimental results show that DS security behavior is predicted, detected, and eliminated thus validating our original hypothesis concerning the self-protection core capability. One important benefit from the self-protection feature is the cost-effective elimination of malicious requests before they impede, intrude or compromise victim systems. The ASM framework can also be used as a decision support system. This feature is important especially when unknown attack signatures are ambiguous or when responses selected automatically are not efficient or are too risky to mitigate attacks. In this scenario, man-in-the-loop decisions are necessary to provide manual countermeasures and recovery operations. The ASM framework is resilient because its main modules are installed on a master controller virtual machine (MC-VM). This MC-VM is simple to use and configure for various platforms. The MC-VM is protected; thus, even if the internal network is compromised, the MC-VM can still maintain “normal” self-protection services thereby defending the host system from cyber attack on-thely.

Intrusion Mitigation and Response System

Self-Protection

Autonomic Computing

Intrusion Detection/Protection System

Network Forensics

Cyber Attack Taxonomy

Cyber Security

Intrusion Estimation

Security Model-based Validation

Validating Side Channel models in RISC-V using Model-Based Testing

Vitek, Viktor

January 2021

Microarchitecture’s optimizations have increased the performance but lowered the security. Speculative execution is one of the optimizations that was thought to be secure, but it is exploitable to leak information. The problem with these exploits is that there is no easy software defence and many exploits could be unexplored due to it being a fairly recent discovery. This thesis explores a way to find code that is vulnerable to this. The solution to the problem is to use the tool Side Channel Abstract Model Validator (SCAMV) which implements the method Model-Based Testing (MBT). We examine the core CVA6, which is a RISCV Central Processing Unit (CPU). Test cases are generated by program generators and interesting ones are selected by applying an observational model to them. The observational model abstracts side-channel leakage of the microarchitecture. The selected test cases are executed on the platform to validate the used observational models. The results of the test cases showed no indication of modifying the side channels under speculative execution. The results showed that SCAMV can examine timing-based channels. The conclusion is that our findings indicate that the CVA6 core is not vulnerable to speculative cache or timing-based side-channel attacks. / Optimeringar på mikroarkitektur nivåer har ökat prestandan men minskat säkerheten. Spekulativt utförande (speculative execution) är en av de optimeringar som har ansetts vara säkert, men det har visats att det kan utnyttjas för att läcka information. Problemet med dessa sårbarheter är att det inte finns något enkelt mjukvaruförsvar och att många sårbarheter fortfarande kan vara outforskade. Denna avhandling undersöker ett sätt att försöka hitta kod som är sårbar för detta. Lösningen på problemet är att använda verktyget SCAMV som använder sig av metoden Model-Baserad Testning. Vi undersöker CVA6, vilket är en RISCV CPU. Testfall genereras av programgeneratorer och intressanta testfall väljs genom att tillämpa en observationsmodell på dem. Observationsmodellen abstraherar sidokanalläckage i mikroarkitekturen. De valda testprogrammen verkställs på plattformen för att validera de använda observationsmodellerna. Resultatet från testfallen visade ingen indikation på att det går att modifiera sidokanalerna under spekulativt utförande. Resultatet visade att SCAMV kan undersöka tidsbaserade kanaler. Slutsatsen är att våra resultat indikerar att CVA6 inte är sårbar för spekulativa cache eller tidsbaserade sidokanalattacker.

Computer Sciences

Datavetenskap (datalogi)

System and Method for Passive Radiative RFID Tag Positioning in Realtime for both Elevation and Azimuth Directions

Modaresi, Mahyar

January 2010

<p>In this thesis, design and realization of a system which enables precise positioning of RFID tags in both azimuth and elevation angles is explained. The positioning is based on measuring the phase difference between four Yagi antennas placed in two arrays. One array is placed in the azimuth plane and the other array is perpendicular to the first array in the elevation plane. The phase difference of the signals received from the antennas in the azimuth array is used to find the position of RFID tag in the horizontal direction. For the position in the vertical direction, the phase difference of the signals received from the antennas in the elevation plane is used. After that the position of tag in horizontal and vertical directions is used to control the mouse cursor in the horizontal and vertical directions on the computer screen. In this way by attaching one RFID tag to a plastic rod, a wireless pen is implemented which enables drawing in the air by using a program like Paint in Windows. Simulated results show that the resolution of the tag positioning in the system is in the order of 3mm in a distance equal to 0.5 meter in front of the array with few number of averaging over the received phase data. Using the system in practice reveals that it is easily possible to write and draw with this RFID pen. In addition it is argued how the system is totally immune to any counterfeit attempt for faked drawings by randomly changing the transmitting antenna in the array. This will make the system a novel option for human identity verification.</p> / QC 20100920

radio-frequency identification

RFID

wireless positioning

phase-comparison monopulse

UHF band

Microstrip Yagi-Uda antenna

antenna array

human-computer interaction

RFID pen

mouse cursor

RFID security model

Computer engineering

Datorteknik

Model-based Evaluation: from Dependability Theory to Security

Alaboodi, Saad Saleh

21 June 2013

How to quantify security is a classic question in the security community that until today has had no plausible answer. Unfortunately, current security evaluation models are often either quantitative but too specific (i.e., applicability is limited), or comprehensive (i.e., system-level) but qualitative. The importance of quantifying security cannot be overstated, but doing so is difficult and complex, for many reason: the “physics” of the amount of security is ambiguous; the operational state is defined by two confronting parties; protecting and breaking systems is a cross-disciplinary mechanism; security is achieved by comparable security strength and breakable by the weakest link; and the human factor is unavoidable, among others. Thus, security engineers face great challenges in defending the principles of information security and privacy. This thesis addresses model-based system-level security quantification and argues that properly addressing the quantification problem of security first requires a paradigm shift in security modeling, addressing the problem at the abstraction level of what defines a computing system and failure model, before any system-level analysis can be established. Consequently, we present a candidate computing systems abstraction and failure model, then propose two failure-centric model-based quantification approaches, each including a bounding system model, performance measures, and evaluation techniques. The first approach addresses the problem considering the set of controls. To bound and build the logical network of a security system, we extend our original work on the Information Security Maturity Model (ISMM) with Reliability Block Diagrams (RBDs), state vectors, and structure functions from reliability engineering. We then present two different groups of evaluation methods. The first mainly addresses binary systems, by extending minimal path sets, minimal cut sets, and reliability analysis based on both random events and random variables. The second group addresses multi-state security systems with multiple performance measures, by extending Multi-state Systems (MSSs) representation and the Universal Generating Function (UGF) method. The second approach addresses the quantification problem when the two sets of a computing system, i.e., assets and controls, are considered. We adopt a graph-theoretic approach using Bayesian Networks (BNs) to build an asset-control graph as the candidate bounding system model, then demonstrate its application in a novel risk assessment method with various diagnosis and prediction inferences. This work, however, is multidisciplinary, involving foundations from many fields, including security engineering; maturity models; dependability theory, particularly reliability engineering; graph theory, particularly BNs; and probability and stochastic models.

security

reliability

dependability

failure model

security engineering

security economics

ISMM model

asset-control graph

security model

Bayesian Networks

failure interdependency

risk assessment

cloud risk

multi-state systems

Universal Generating Function

Electrical and Computer Engineering

Model-based Evaluation: from Dependability Theory to Security

Alaboodi, Saad Saleh

21 June 2013

How to quantify security is a classic question in the security community that until today has had no plausible answer. Unfortunately, current security evaluation models are often either quantitative but too specific (i.e., applicability is limited), or comprehensive (i.e., system-level) but qualitative. The importance of quantifying security cannot be overstated, but doing so is difficult and complex, for many reason: the “physics” of the amount of security is ambiguous; the operational state is defined by two confronting parties; protecting and breaking systems is a cross-disciplinary mechanism; security is achieved by comparable security strength and breakable by the weakest link; and the human factor is unavoidable, among others. Thus, security engineers face great challenges in defending the principles of information security and privacy. This thesis addresses model-based system-level security quantification and argues that properly addressing the quantification problem of security first requires a paradigm shift in security modeling, addressing the problem at the abstraction level of what defines a computing system and failure model, before any system-level analysis can be established. Consequently, we present a candidate computing systems abstraction and failure model, then propose two failure-centric model-based quantification approaches, each including a bounding system model, performance measures, and evaluation techniques. The first approach addresses the problem considering the set of controls. To bound and build the logical network of a security system, we extend our original work on the Information Security Maturity Model (ISMM) with Reliability Block Diagrams (RBDs), state vectors, and structure functions from reliability engineering. We then present two different groups of evaluation methods. The first mainly addresses binary systems, by extending minimal path sets, minimal cut sets, and reliability analysis based on both random events and random variables. The second group addresses multi-state security systems with multiple performance measures, by extending Multi-state Systems (MSSs) representation and the Universal Generating Function (UGF) method. The second approach addresses the quantification problem when the two sets of a computing system, i.e., assets and controls, are considered. We adopt a graph-theoretic approach using Bayesian Networks (BNs) to build an asset-control graph as the candidate bounding system model, then demonstrate its application in a novel risk assessment method with various diagnosis and prediction inferences. This work, however, is multidisciplinary, involving foundations from many fields, including security engineering; maturity models; dependability theory, particularly reliability engineering; graph theory, particularly BNs; and probability and stochastic models.

security

reliability

dependability

failure model

security engineering

security economics

ISMM model

asset-control graph

security model

Bayesian Networks

failure interdependency

risk assessment

cloud risk

multi-state systems

Universal Generating Function

Electrical and Computer Engineering

System and Method for Passive Radiative RFID Tag Positioning in Realtime for both Elevation and Azimuth Directions

Modaresi, Mahyar

January 2010

In this thesis, design and realization of a system which enables precise positioning of RFID tags in both azimuth and elevation angles is explained. The positioning is based on measuring the phase difference between four Yagi antennas placed in two arrays. One array is placed in the azimuth plane and the other array is perpendicular to the first array in the elevation plane. The phase difference of the signals received from the antennas in the azimuth array is used to find the position of RFID tag in the horizontal direction. For the position in the vertical direction, the phase difference of the signals received from the antennas in the elevation plane is used. After that the position of tag in horizontal and vertical directions is used to control the mouse cursor in the horizontal and vertical directions on the computer screen. In this way by attaching one RFID tag to a plastic rod, a wireless pen is implemented which enables drawing in the air by using a program like Paint in Windows. Simulated results show that the resolution of the tag positioning in the system is in the order of 3mm in a distance equal to 0.5 meter in front of the array with few number of averaging over the received phase data. Using the system in practice reveals that it is easily possible to write and draw with this RFID pen. In addition it is argued how the system is totally immune to any counterfeit attempt for faked drawings by randomly changing the transmitting antenna in the array. This will make the system a novel option for human identity verification. / QC 20100920

radio-frequency identification

RFID

wireless positioning

phase-comparison monopulse

UHF band

Microstrip Yagi-Uda antenna

antenna array

human-computer interaction

RFID pen

mouse cursor

RFID security model

Computer Engineering

Datorteknik