The Experts below are selected from a list of 318 Experts worldwide ranked by ideXlab platform
Maritta Heisel - One of the best experts on this subject based on the ideXlab platform.
-
SmartGridSec - Determining the Probability of Smart Grid Attacks by Combining Attack Tree and Attack Graph Analysis
Lecture Notes in Computer Science, 2014Co-Authors: Kristian Beckers, Leanid Krautsevich, Fabio Martinelli, Rene Meis, Maritta Heisel, Artsiom YautsiukhinAbstract:Smart grid is an intelligent energy distribution system consisting of multiple information and communication technologies (ICT). One of the challenges for such complex and heterogeneous system as smart grid is to unite security analysis on a high level of abstraction and concrete behavioral attack patterns that exploit low-level vulnerabilities. We provide a Structured Method that combines the Si* language, which can express attacker motivations as a goal hierarchy, and vulnerability specific attack graphs, which shows every step available for an attacker. We derive system specific information from the low-level representation of the system for a high-level probabilistic analysis.
-
ARES - A Problem-Based Threat Analysis in Compliance with Common Criteria
2013 International Conference on Availability Reliability and Security, 2013Co-Authors: Kristian Beckers, Denis Hatebur, Maritta HeiselAbstract:In order to gain their customers' trust, software vendors can certify their products according to security standards, e.g., the Common Criteria (ISO 15408). A Common Criteria certification requires a comprehensible documentation of the software product, including a detailed threat analysis. In our work, we focus on improving that threat analysis. Our Method is based upon an attacker model, which considers attacker types like software attacker that threaten only specific parts of a system. We use OCL expressions to check if all attackers for a specific domain have been considered. For example, we propose a computer-aided Method that checks if all software systems have either considered a software attacker or documented an assumption that excludes software attackers. Hence, we propose a Structured Method for threat analysis that considers the Common Criteria's (CC) demands for documentation of the system in its environment and the reasoning that all threats are discovered. We use UML4PF, a UML profile and support tool for Jackson's problem frame Method and OCL for supporting security reasoning, validation of models, and also to generate Common Criteria-compliant documentation. Our threat analysis Method can also be used for threat analysis without the common criteria, because it uses a specific part of the UML profile that can be adapted to other demands with little effort. We illustrate our approach with the development of a smart metering gateway system.
-
A Foundation for Requirements Analysis of Privacy Preserving Software
2012Co-Authors: Kristian Beckers, Maritta HeiselAbstract:Privacy requirements are difficult to elicit for any given software engineering project that processes personal information. The problem is that these systems require personal data in order to achieve their functional requirements and privacy mechanisms that constrain the processing of personal information in such a way that the requirement still states a useful functionality.We present privacy patterns that support the expression and analysis of different privacy goals: anonymity, pseudonymity, unlinkability and unobservability. These patterns have a textual representation that can be instantiated. In addition, for each pattern, a logical predicate exists that can be used to validate the instantiation. We also present a Structured Method for instantiating and validating the privacy patterns, and for choosing privacy mechanisms. Our patterns can also be used to identify incomplete privacy requirements. The approach is illustrated by the case study of a patient monitoring system.
-
Software Service and Application Engineering - Pattern-Based context establishment for service-oriented architectures
Software Service and Application Engineering, 2012Co-Authors: Kristian Beckers, Maritta Heisel, Stephan Faßbender, Rene MeisAbstract:A context description of a software system and its environment is essential for any given software engineering process. Requirements define statements about the environment (according to Jackson's terminology). The context description of a Service-Oriented Architecture is difficult to provide, because of the variety of technical systems and stakeholders involved. We present two patterns for SOA systems and support their instantiation with a Structured Method. In addition, we show how the pattern can be used in a secure service development life-cycle.
Kristian Beckers - One of the best experts on this subject based on the ideXlab platform.
-
SmartGridSec - Determining the Probability of Smart Grid Attacks by Combining Attack Tree and Attack Graph Analysis
Lecture Notes in Computer Science, 2014Co-Authors: Kristian Beckers, Leanid Krautsevich, Fabio Martinelli, Rene Meis, Maritta Heisel, Artsiom YautsiukhinAbstract:Smart grid is an intelligent energy distribution system consisting of multiple information and communication technologies (ICT). One of the challenges for such complex and heterogeneous system as smart grid is to unite security analysis on a high level of abstraction and concrete behavioral attack patterns that exploit low-level vulnerabilities. We provide a Structured Method that combines the Si* language, which can express attacker motivations as a goal hierarchy, and vulnerability specific attack graphs, which shows every step available for an attacker. We derive system specific information from the low-level representation of the system for a high-level probabilistic analysis.
-
ARES - A Problem-Based Threat Analysis in Compliance with Common Criteria
2013 International Conference on Availability Reliability and Security, 2013Co-Authors: Kristian Beckers, Denis Hatebur, Maritta HeiselAbstract:In order to gain their customers' trust, software vendors can certify their products according to security standards, e.g., the Common Criteria (ISO 15408). A Common Criteria certification requires a comprehensible documentation of the software product, including a detailed threat analysis. In our work, we focus on improving that threat analysis. Our Method is based upon an attacker model, which considers attacker types like software attacker that threaten only specific parts of a system. We use OCL expressions to check if all attackers for a specific domain have been considered. For example, we propose a computer-aided Method that checks if all software systems have either considered a software attacker or documented an assumption that excludes software attackers. Hence, we propose a Structured Method for threat analysis that considers the Common Criteria's (CC) demands for documentation of the system in its environment and the reasoning that all threats are discovered. We use UML4PF, a UML profile and support tool for Jackson's problem frame Method and OCL for supporting security reasoning, validation of models, and also to generate Common Criteria-compliant documentation. Our threat analysis Method can also be used for threat analysis without the common criteria, because it uses a specific part of the UML profile that can be adapted to other demands with little effort. We illustrate our approach with the development of a smart metering gateway system.
-
A Foundation for Requirements Analysis of Privacy Preserving Software
2012Co-Authors: Kristian Beckers, Maritta HeiselAbstract:Privacy requirements are difficult to elicit for any given software engineering project that processes personal information. The problem is that these systems require personal data in order to achieve their functional requirements and privacy mechanisms that constrain the processing of personal information in such a way that the requirement still states a useful functionality.We present privacy patterns that support the expression and analysis of different privacy goals: anonymity, pseudonymity, unlinkability and unobservability. These patterns have a textual representation that can be instantiated. In addition, for each pattern, a logical predicate exists that can be used to validate the instantiation. We also present a Structured Method for instantiating and validating the privacy patterns, and for choosing privacy mechanisms. Our patterns can also be used to identify incomplete privacy requirements. The approach is illustrated by the case study of a patient monitoring system.
-
Software Service and Application Engineering - Pattern-Based context establishment for service-oriented architectures
Software Service and Application Engineering, 2012Co-Authors: Kristian Beckers, Maritta Heisel, Stephan Faßbender, Rene MeisAbstract:A context description of a software system and its environment is essential for any given software engineering process. Requirements define statements about the environment (according to Jackson's terminology). The context description of a Service-Oriented Architecture is difficult to provide, because of the variety of technical systems and stakeholders involved. We present two patterns for SOA systems and support their instantiation with a Structured Method. In addition, we show how the pattern can be used in a secure service development life-cycle.
Lofton A. Bullard - One of the best experts on this subject based on the ideXlab platform.
-
Verifying the Security Characteristics of a Secure Physical Access Control Protocol
International Journal of Reliability Quality and Safety Engineering, 2016Co-Authors: Clyde Carryl, Bassem Alhalabi, Taghi M. Khoshgoftaar, Lofton A. BullardAbstract:Physical access control protocols provide a Structured Method of controlling the behavior of physical devices which in many cases are not only remotely located with respect to the accessing entity, but require the exchange of messages over one or more untrusted networks, such as the internet. Therefore, if it is necessary to prevent unauthorized access to the controlled physical devices, it is essential that the physical access control protocol exhibit certain verifiable security properties. We studied the Universal Physical Access Control System (UPACS) and used the formal protocol verification tool Proverif to verify that it possesses several key security properties. We also conducted a security analysis of the protocol and verified that it was resilient or otherwise invulnerable to several known forms of security attack, including Attacks on User Privacy and Anonymity, Session Key Security Attacks, Password Guessing Attacks, De-Synchronization Attacks, Replay Attacks, Eavesdropping Attacks, Denial-of-S...
-
Verifying the Security Characteristics of a Secure Physical Access Control Protocol
International Journal of Reliability Quality and Safety Engineering, 2016Co-Authors: Clyde Carryl, Bassem Alhalabi, Taghi M. Khoshgoftaar, Lofton A. BullardAbstract:Physical access control protocols provide a Structured Method of controlling the behavior of physical devices which in many cases are not only remotely located with respect to the accessing entity, but require the exchange of messages over one or more untrusted networks, such as the internet. Therefore, if it is necessary to prevent unauthorized access to the controlled physical devices, it is essential that the physical access control protocol exhibit certain verifiable security properties. We studied the Universal Physical Access Control System (UPACS) and used the formal protocol verification tool Proverif to verify that it possesses several key security properties. We also conducted a security analysis of the protocol and verified that it was resilient or otherwise invulnerable to several known forms of security attack, including Attacks on User Privacy and Anonymity, Session Key Security Attacks, Password Guessing Attacks, De-Synchronization Attacks, Replay Attacks, Eavesdropping Attacks, Denial-of-Service Attacks, User and Server Masquerade Attacks, Stolen Verifier Attacks and Stolen Password Attacks.
Clyde Carryl - One of the best experts on this subject based on the ideXlab platform.
-
Verifying the Security Characteristics of a Secure Physical Access Control Protocol
International Journal of Reliability Quality and Safety Engineering, 2016Co-Authors: Clyde Carryl, Bassem Alhalabi, Taghi M. Khoshgoftaar, Lofton A. BullardAbstract:Physical access control protocols provide a Structured Method of controlling the behavior of physical devices which in many cases are not only remotely located with respect to the accessing entity, but require the exchange of messages over one or more untrusted networks, such as the internet. Therefore, if it is necessary to prevent unauthorized access to the controlled physical devices, it is essential that the physical access control protocol exhibit certain verifiable security properties. We studied the Universal Physical Access Control System (UPACS) and used the formal protocol verification tool Proverif to verify that it possesses several key security properties. We also conducted a security analysis of the protocol and verified that it was resilient or otherwise invulnerable to several known forms of security attack, including Attacks on User Privacy and Anonymity, Session Key Security Attacks, Password Guessing Attacks, De-Synchronization Attacks, Replay Attacks, Eavesdropping Attacks, Denial-of-S...
-
Verifying the Security Characteristics of a Secure Physical Access Control Protocol
International Journal of Reliability Quality and Safety Engineering, 2016Co-Authors: Clyde Carryl, Bassem Alhalabi, Taghi M. Khoshgoftaar, Lofton A. BullardAbstract:Physical access control protocols provide a Structured Method of controlling the behavior of physical devices which in many cases are not only remotely located with respect to the accessing entity, but require the exchange of messages over one or more untrusted networks, such as the internet. Therefore, if it is necessary to prevent unauthorized access to the controlled physical devices, it is essential that the physical access control protocol exhibit certain verifiable security properties. We studied the Universal Physical Access Control System (UPACS) and used the formal protocol verification tool Proverif to verify that it possesses several key security properties. We also conducted a security analysis of the protocol and verified that it was resilient or otherwise invulnerable to several known forms of security attack, including Attacks on User Privacy and Anonymity, Session Key Security Attacks, Password Guessing Attacks, De-Synchronization Attacks, Replay Attacks, Eavesdropping Attacks, Denial-of-Service Attacks, User and Server Masquerade Attacks, Stolen Verifier Attacks and Stolen Password Attacks.
N. Tricot - One of the best experts on this subject based on the ideXlab platform.
-
Design Method for Systematic Safety Integration
CIRP Annals - Manufacturing Technology, 2009Co-Authors: R. Ghemraoui, L. Mathieu, N. TricotAbstract:In the discipline of product design, safety barriers implementation for risk reduction usually intervenes in the end of the design process, in the detailed design stage, and are rapidly increasing in variety, size, complexity and sophistication. In fact, there is no formal Method to set safety requirements in the early design from knowledge abstraction. This paper looks at the problem of synthesizing safety solutions in the early design process. A Structured Method is proposed for systematic safety requirements definition through experience feedbacks and technical solutions analysis. The application to the agricultural hitching system, the three-point hitch, is then developed. Finally, the requirements formulation and their impact on the solution are explained.
