A framework for automatic generation of security controller

Martinelli, Fabio; Matteucci, Ilaria

doi:10.1002/stvr.441

Cited by 14 publications

(13 citation statements)

References 30 publications

(48 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this paper, we do not yet investigate this aspect of the framework; this is left as future work. In particular, we plan to use quantitative evaluation of security policies, specified by logic formulas, in order to extend previous work on automated verification and synthesis of (qualitative) controllers [21].…”

Section: Discussion -Future Workmentioning

confidence: 99%

Quantitative Evaluation of Enforcement Strategies

Ciancia

Martinelli

Matteucci

et al. 2014

Foundations and Practice of Security

Self Cite

View full text Add to dashboard Cite

In Security, monitors and enforcement mechanisms run in parallel with programs to check, and modify their run-time behaviour, respectively, in order to guarantee the satisfaction of a security policy. For the same policy, several enforcement strategies are possible. We provide a framework for quantitative monitoring and enforcement. Enforcement strategies are analysed according to user-defined parameters. This is done by extending the notion controller processes, that mimics the well-known edit automata, with weights on transitions, valued in a C-semiring. C-semirings permit one to be flexible and general in the quantitative criteria. Furthermore, we provide some examples of orders on controllers that are evaluated under incomparable criteria. * The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grants no 256980 (NESSoS) and no 295354 (SESAMO).

show abstract

Section: Discussion -Future Workmentioning

confidence: 99%

Quantitative Evaluation of Enforcement Strategies

Ciancia

Martinelli

Matteucci

et al. 2014

Foundations and Practice of Security

Self Cite

View full text Add to dashboard Cite

show abstract

“…We also aim to apply the action refinement theory to cryptographic protocols specified by using Crypto-CCS [17] and GN DC. We also would like to go further in this direction by dealing also with the synthesis of controller program Y as in [19].…”

Section: Discussionmentioning

confidence: 99%

“…Here we extend the definition of GNDC by introducing a controller program as parameter of the definition. A controller program is a process that, by monitoring the behaviour of a possible malicious component according to a strategy defined by a controller operator , guarantees that a considered system is secure [19]. Hence, at high level of abstraction we have the following formalization, given in terms of process algebra [9], for our family of properties:…”

Section: Overviewmentioning

confidence: 99%

“…In particular a controller program is a process that, according to the semantics definition of the controller operator, denoted by , monitors the behaviour of all possible malicious components which behaviour (unknown a priori) aims to violate the security of the system. Hereafter, we consider a controller operator [19] semantically de-fined as follows:…”

Section: Definition 41 (Standard Gndc)mentioning

confidence: 99%

See 1 more Smart Citation

Preserving security properties under refinement

Martinelli

Matteucci

2011

Proceedings of the 7th International Workshop on Software Engineering for Secure Systems

Self Cite

View full text Add to dashboard Cite

“…There are numerous methods for business process assessment, that can be used to evaluate all business processes of the organization, e.g. RAPID RE [17]. Obtained values, after normalization, provide business processes weights WBP i .…”

Section: Integrated Approach To Information Security Monitoringmentioning

confidence: 99%

Load-balanced Integrated Information Security Monitoring System

Klasa

Fray

2017

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

Abstract-Monitoring is the last step of the information security management process. It is intended to evaluate not the state of security itself, but rather the accuracy and quality of prior security evaluation and risk treatment applied. In other words, it is supposed to provide the answer, whether chosen countermeasures and all other decisions based on the security assessment and evaluation results were accurate, proper and sufficient. If during this phase of the security management process, any significant anomaly is found within the system, it means that either one of the accepted 'as is' risks occurred, or that the applied countermeasures did not provide assumed protection in some point of the system. In such a case it is necessary to identify all the areas that require security audit repeat. As information systems grow in complexity, an integrated solution for security monitoring that will prevent system overload caused by monitoring is proposed in this paper.

show abstract

A framework for automatic generation of security controller

Cited by 14 publications

References 30 publications

Quantitative Evaluation of Enforcement Strategies

Quantitative Evaluation of Enforcement Strategies

Preserving security properties under refinement

Load-balanced Integrated Information Security Monitoring System

Contact Info

Product

Resources

About