Formal specification and verification of safety interlock systems: A comparative case study

Seotsanyana, Motlatsi

12 1900

Thesis (MSc (Mathematical Sciences))--University of Stellenbosch, 2007. / The ever-increasing reliance of society on computer systems has led to a need for highly reliable systems. There are a number of areas where computer systems perform critical functions and the development of such systems requires a higher level of attention than any other type of system. The appropriate approach in this situation is known as formal methods. Formal methods refer to the use of mathematical techniques for the specification, development and verification of software and hardware systems. The two main goals of this thesis are: 1. The design of mathematical models as a basis for the implementation of error-free software for the safety interlock system at iThemba LABS (http://www.tlabs.ac.za/). 2. The comparison of formal method techniques that addresses the lack of much-needed empirical studies in the field of formal methods. Mathematical models are developed using model checkers: Spin, Uppaal, Smv and a theorem prover Pvs. The criteria used for the selection of the tools was based on the popularity of the tools, support of the tools, representation of properties, representativeness of verification techniques, and ease of use. The procedure for comparing these methods is divided into two phases. Phase one involves the time logging of activities followed by a novice modeler to model check and theorem prove software systems. The results show that it takes more time to learn and use a theorem prover than a model checker. Phase two involves the performance of the tools in relation to the time taken to verify a property, memory used, number of states and transitions generated. In spite of the differences between models, the results are in favor of Smv and this maybe attributed to the nature of the safety interlock system, as it involves a lot of hard-wired lines.

Theses -- Mathematics

Dissertations -- Mathematics

Theses -- Computer science

Dissertations -- Computer science

Computer security -- Case studies.

Formal methods (Computer science)

Mathematical Sciences

Computer Science

Um modelo complementar para aprimorar a segurança da informação no SDLC para dispositivos móveis: SDD - security driven development

Paulo, Luis Gonzaga de

20 August 2015

O uso de dispositivos móveis por um número cada vez maior de pessoas, e em um número crescente de atividades que requerem mais segurança da informação, coloca em evidência a necessidade de prover segurança nos softwares desse ambiente. O aspecto de segurança da informação em dispositivos móveis é preocupante. Entretanto os modelos utilizados pela indústria de software – e os encontrados na literatura atual - no desenvolvimento de aplicações móveis com requisitos de segurança da informação de alto nível ainda não respondem às necessidades de mais segurança reclamadas pelos usuários. O presente estudo considera que tais modelos podem ser melhorados com o incremento de métodos e técnicas específicas, algumas já utilizadas com sucesso no desenvolvimento de aplicações desktop ou não voltadas para o ambiente de dispositivos móveis. Este trabalho propõe a inclusão de abordagem de segurança da informação no início do ciclo de vida do desenvolvimento de software, a partir do estudo das ameaças e vulnerabilidades, da aplicação antecipada dos casos de abuso – aqui chamados de casos de uso impróprio, da análise de risco, dos testes de segurança baseados no risco e do uso de máquinas de ataque nos testes de segurança durante o processo de desenvolvimento do software. Para alcançar o objetivo desta pesquisa, os modelos mais conhecidos e utilizados no ciclo de vida do desenvolvimento de software são analisados do ponto de vista da segurança da informação, e uma nova abordagem é proposta por meio do uso de um modelo complementar de desenvolvimento de software voltado para a segurança. Alguns modelos de artefatos são apresentados e um estudo de caso aplicando os conceitos tratados na pesquisa é utilizado com o intuito de avaliar as principais contribuições discutidas no texto, e também alguns dos resultados preliminares obtidos com a realização do trabalho de pesquisa. / The increasingly wide and intense use of mobile devices - whose processing and storage capacity grows almost overcoming the desktops - exposes greatly issues relating to information security in this environment. This is a worrying fact. However, the models currently found in the literature and used by software industry in developing mobile applications with the highest information security requirements are not yet answering users’ needs for more security, and may be improved adding specific methods or techniques, sometimes already used in desktop - or not mobile ones - applications development. This work proposes to insert information security approach early in the software development life cycle using threats and vulnerabilities study, the early application of abuse case - also called misuse cases, the risk analysis, the risk based security test and the use of attack machines in the development process. To reach the research goal, this work analyzed usual models used on SDLC from the information security point of view, and presents a new approach thru the use of a security driven development complementary model. The work also presents some templates and uses a case study for apply the concepts and evaluate the main contributions discussed in the text, also as the preliminary results obtained on the research.

Software - Desenvolvimento

Software - Proteção

Proteção de dados

Hackers

Computação

Computer software - Development

Software protection

Data protection

Computer hackers

Computer science

License Management for EBITool

Krznaric, Anton

January 2013

This degree project deals with license management for EBITool. It´s about providing protection and monitoring for a Java Application via a license server, and the construction of it. An analysis that discusses the approach and other possible courses of action is also included. Additionally, it covers a discussion of a prototype implementation of the model solution from the analysis. The prototype is a Java EE application that deploys to JBoss AS7. It´s developed using the JBoss Developer Studio 5.0.0, an Eclipse IDE with JBoss Tools preinstalled. It exposes web services to Java Applications through SOAP via JAX-WS. Using Hibernate, the web service Enterprise Java Beans get access to a PostgreSQL 9.1 database via entity classes mapped to the database through the Java Persistence API.

License Management

Cryptography

Security

Software Protection

Software Monitoring

License Server

JBoss AS7

Java EE

JAX-WS

SOAP

JPA

Hibernate

PosgreSQL

EAR

XML

UUID

RSA

SHA-1

AES

EBITool

Bombardier Transportation

Ενσωματωμένο σύστημα ασφαλούς ελέγχου, προστασίας και ανανέωσης λογισμικού απομακρυσμένου υπολογιστή μέσω διαδικτύου

Σπανού, Ελένη

13 September 2011

Είναι ευρέως αποδεκτό ότι η ασφάλεια δεδομένων έχει ήδη ξεκινήσει να διαδραματίζει κεντρικό ρόλο στον σχεδιασμό μελλοντικών συστημάτων τεχνολογίας πληροφορίας (IT – Information Technology). Μέχρι πριν από λίγα χρόνια, ο υπολογιστής αποτελούσε την κινητήρια δύναμη της ψηφιακής επικοινωνίας. Πρόσφατα, ωστόσο, έχει γίνει μια μετατόπιση προς τις εφαρμογές τεχνολογίας πληροφορίας που υλοποιούνται σαν ενσωματωμένα συστήματα. Πολλές από αυτές τις εφαρμογές στηρίζονται σε μεγάλο βαθμό σε μηχανισμούς ασφαλείας, περιλαμβάνοντας την ασφάλειας για ασύρματα τηλέφωνα, φαξ, φορητούς υπολογιστές, συνδρομητική τηλεόραση, καθώς και συστήματα προστασίας από αντιγραφή για audio / video καταναλωτικά προϊόντα και ψηφιακούς κινηματογράφους. Το γεγονός ότι ένα μεγάλο μέρος των ενσωματωμένων εφαρμογών είναι ασύρματο, καθιστά το κανάλι επικοινωνίας ιδιαίτερα ευάλωτο και φέρνει στο προσκήνιο την ανάγκη για ακόμη μεγαλύτερη ασφάλεια. Παράλληλα με τα ενσωματωμένα συστήματα, η εκρηκτική ανάπτυξη των ψηφιακών επικοινωνιών έχει επιφέρει πρόσθετες προκλήσεις για την ασφάλεια. Εκατομμύρια ηλεκτρονικές συναλλαγές πραγματοποιούνται κάθε μέρα, και η ταχεία ανάπτυξη του ηλεκτρονικού εμπορίου κατέστησε την ασφάλεια ένα θέμα ζωτικής σημασίας για πολλές καταναλωτές. Πολύτιμες επιχειρηματικές ευκαιρίες , καθώς επίσης και πολλές υπηρεσίες πραγματοποιούνται κάθε μέρα μέσω του Διαδικτύου και πλήθος ευαίσθητων δεδομένων μεταφέρονται από ανασφαλή κανάλια επικοινωνίας σε όλο τον κόσμο. Η επιτακτική ανάγκη για την αντιμετώπιση αυτών των προβλημάτων, κατέστησε πολύ σημαντική την συμβολή της κρυπτογραφίας, και δημιούργησε μια πολύ υποσχόμενη λύση, με την οποία ενσωματωμένα συστήματα σε συνδυασμό με κρυπτογραφικά πρωτόκολλα, θα μπορούσαν να μας οδηγήσουν στην εξασφάλιση των επιθυμητών αποτελεσμάτων. Στην παρούσα εργασία, παρουσιάζουμε την υλοποίηση ενός ενσωματωμένου συστήματος, εμπλουτισμένο με κρυπτογραφικά πρωτόκολλα, που ουσιαστικά μεταμορφώνει έναν κοινό ηλεκτρονικό υπολογιστή σε ένα ισχυρό Crypto System PC, και έχει σαν κύρια αρμοδιότητα να μπορεί να επικοινωνεί με ένα υπολογιστικό σύστημα και να στέλνει πληροφορίες για την κατάσταση του μέσω ασφαλούς σύνδεσης διαδικτύου σε κάποιον απομακρυσμένο υπολογιστή ελέγχου/καταγραφής συμβάντων σε ώρες που δεν είναι εφικτή η παρουσία εξειδικευμένου προσωπικού για τον έλεγχο του. Αξιολογούμε την απόδοση του και την λειτουργία του με την εκτέλεση διάφορων πειραμάτων, ενώ επίσης προτείνουμε λύσεις για πιο ιδανικές και αποδοτικές συνθήκες λειτουργίας για μελλοντικές εφαρμογές. / It is widely recognized that data security already plays a central role in the design of future IT systems.Until a few years ago, the PC had been the major driver of the digital economy. Recently, however, there has been a shift towards IT applications realized as embedded systems.Many of those applications rely heavily on security mechanisms, including security for wireless phones, faxes, wireless computing, pay-TV, and copy protection schemes for audio/video consumer products and digital cinemas. Note that a large share of those embedded applications will be wireless, which makes the communication channel especially vulnerable and the need for security even more obvious. In addition to embedded devices, the explosive growth of digital communications also brings additional security challenges. Millions of electronic transactions are completed each day, and the rapid growth of eCommerce has made security a vital issue for many consumers. Valuable business opportunities are realized over the Internet and megabytes of sensitive data are transferred and moved over insecure communication channels around the world. The urgent need to face these problems has made the contribution of cryptography very important , and created a very promising solution, in which embedded systems in combination with cryptographic protocols, could lead us to obtain the desired results. In this paper, we present the implementation of an embedded system, enriched with cryptographic protocols, which turns a common computer into a powerful Crypto System PC, and has as its primary responsibility to be able to communicate with a computer system and send information for its situation through secure internet connections to a remote computer which is responsible for recording of events, when there is not qualified staff to control the computer system. We evalauate its performance and operation, by executing various experiments and we also suggest solutions for more optimal and efficient operating conditions for future applications.

Ανανέωση λογισμικού

005.82

Embedded systems

Remote computer software protection

Remote computer software update

Secure control via Internet

Secure encrypted connection

Cryptographic protocols

Hush functions

DES

AES-128

CAST-128

SHA-1

MD5