Systematic Development of UMLsec Design Models Based On Security Requirements
|
|
- Magdalene Short
- 6 years ago
- Views:
Transcription
1 and Systematic Development of UMLsec Design Models Based On Security Requirements European Joint Conferences on Theory and Practice of Software (ETAPS) Fundamental Approaches to Software Engineering Denis Hatebur 1,2, Maritta Heisel 2, Jan Jürjens 3,4, and Holger Schmidt 1,3 1 ITESYS Inst. f. Tech. Sys. GmbH, Germany 2 University Duisburg-Essen, Faculty of Engineering, Department of Computational and Applied Cognitive Science, SE, Germany 3 TU Dortmund, Faculty of Computer Science, SE, Germany 4 Fraunhofer ISST, Germany 1/ 21
2 Motivation and Goal and 2/ 21 Goal Developing security-critical systems Transition from security requirements analysis to UMLsec [Jür05] design models Problem Informal guidelines Our Approach Formal guideline Model generation rules expressed as pre- and postconditions in Object Constraint Language (OCL) [UML06] Specification of CASE tool
3 Security Requirements Analysis and Environment Awareness Requirements describe the environment after the software is in action [Jac01]. Security describes the inability of the environment to have an undesirable effect on a technical system [RTLN06]. Modeling the environment is essential for secure software engineering Security requirements analysis [H06, H07] based on Jackson s problem frames [Jac01] UML profile UML4PF 1 supporting Jackson s approach 3/
4 UMLsec Design Models and UMLsec [Jür05] UML profile for modeling security-critical systems Support for different kinds of security properties via stereotypes and tagged values Support for different kinds of UML diagram types such as deployment, class, and sequence diagrams UMLsec analysis tools 2 Static checks, permission analysis, integration of external verification tools, code generation 4/
5 Overview and : security requirements analysis based on UML4PF : Environment models Structural and behavioral specification of security mechanisms : design models enriched with UMLsec stereotypes further analysis using UMLsec analysis tools possible 5/ 21
6 Environment Description of PMS and : Patient Monitoring System (PMS) Environment model as UML4PF class diagram Environment structured by means of domains and shared phenomena 6/ 21
7 Functional Requirements of PMS and No Requirement refersto constrains R1 R2 R3 The vital signs should be displayed, and an alarm should be raised if the vital signs exceed the limits. The infusion flow is controlled according to the configured doses for the current vital signs. Configura- Patient, tion PhysiciansAndNurses Configura- Patient, tion Physicians and nurses can change the configuration. Terminal Configuration InfusionPump 7/ 21
8 Security Requirements of PMS and No Security Statement complements 1 Configuration should be protected from modification for Patient against Attacker or PhysiciansAndNurses should be informed. 2 Alarm and Vital Signs should be protected from modification for Patient against Attacker or PhysiciansAndNurses should be informed. 3 Configuration, Alarm, and Vital Signs should be protected from disclosure for Patient against Attacker. R2 refersto Configuration is asset, Terminal and WLAN know asset, Patient is stakeholder, against Attacker R1 Alarm and Vital Signs are assets, Terminal and WLAN know asset, Patient is stakeholder, against Attacker R1, R2 Configuration, Alarm, and Vital Signs are assets, Patient is stakeholder, against Attacker constrains / Mechanism TerminalDisplay/ MAC of SSL TerminalDisplay/ MAC of SSL WLAN/ encryption of SSL 4 The Shared Keys should be distributed to Terminal and PMS (for Patient) and Attacker should not be able to access Shared Keys. R1, R2 Shared Keys are assets, Patient is stakeholder, against Attacker WLAN/ key exchange of SSL (KE) 8/ 21
9 Security Domain Knowledge of PMS and No Security Statement complements 1 The KE keys should be distributed to Terminal and PMS for Patient, and Attacker should not be able to access Shared Keys. 2 Infusion Flow and PatientMonitoringSystem should be protected from modification for Patient against Attacker or Patient should know. 3 Infusion Flow and PatientMonitoringSystem should be protected from disclosure for Patient against Attacker. 4 Terminal should be protected from modification for Patient against Attacker or PhysiciansAndNurses should know. refersto R1, R2 KE keys are assets, Patient is stakeholder, against Attacker R1, R2, R3 R1, R2, R3 Infusion Flow and Patient- Monitoring- System are assets, Patient is stakeholder, against Attacker Infusion Flow and Patient- Monitoring- System are assets, Patient is stakeholder, against Attacker R1, R2 Terminal is asset, Patient is stakeholder, against Attacker constrains / Mechanism WLAN/ manual import in physically protected area Infusion Pump, PatientMonitoring- System/ physical protection (e.g., EMF) and protection by Patient Infusion Pump, PatientMonitoring- System/ physical protection (e.g., EMF) and protection by Patient Terminal/ physical protection (e.g., EMF) and protection by PhysiciansAndNurses 9/ 21
10 From Security Requirements to Secure Design and Concept: Design decisions through interactive model generation Model generation rules expressed as OCL pre- and postconditions OCL specifications for UMLsec deployment, class, and sequence diagrams Technical realization: Papyrus UML 3 Relating UML4PF stereotypes to UMLsec stereotypes Patterns for security mechanisms 10/
11 Generating UMLsec Deployment Diagrams and 1 createdeploymentdiagram ( PMS Deployment ) ; 2 a d d S e c u r e L i n k s S t e r e o t y p e ( PMS Deployment, d e f a u l t ) ; 3 c r e a t e N o d e s ( PMS Deployment ) ; 4 c r e a t e N e s t e d C l a s s e s ( { C o n f i g u r a t i o n } ) ; 5 g e t N e t w o r k C o n n e c t i o n s ( ) ; r e t u r n s { PMS! { Alarm, V i t a l S i g n s },T! { c o n f i g } } 6 c r e a t e C o m m u n i c a t i o n P a t h s ( PMS Deployment ) ; 7 setcommunicationpathtype ( PMS Deployment, PMS! { Alarm, V i t a l S i g n s }, T! { c o n f i g }, e n c r y p t e d ) ; 8 c r e a t e D e p e n d e n c i e s ( PMS Deployment ) ; 11/ 21
12 : Creating a UMLsec Deployment Diagram for PMS I createdeploymentdiagram( PMS Deployment ); and 12/ 21
13 : Creating a UMLsec Deployment Diagram for PMS II addsecurelinksstereotype( PMS Deployment, default ); and 13/ 21
14 : Creating a UMLsec Deployment Diagram for PMS III and 1 a d d S e c u r e L i n k s S t e r e o t y p e ( diagramname : S t r i n g, adv : S t r i n g ) 2 PRE package w i t h name diagramname e x i s t s 3 Package. a l l I n s t a n c e s ( ) >s e l e c t ( name=diagramname ) 4 >s i z e ( )=1 and 5 ( adv = d e f a u l t or adv = i n s i d e r ) 6 POST Package. a l l I n s t a n c e s ( ) >s e l e c t ( name=diagramname ) 7. g e t A p p l i e d S t e r e o t y p e s ( ). name >i n c l u d e s ( s e c u r e l i n k s ) and 8 Package. a l l I n s t a n c e s ( ) >s e l e c t ( name=diagramname ) 9. g e t V a l u e ( Package. a l l I n s t a n c e s ( ) >s e l e c t ( name=diagramname ) 10. g e t A p p l i e d S t e r e o t y p e s ( ) 11 >s e l e c t ( s. oclastype ( S t e r e o t y p e ). name >i n c l u d e s ( s e c u r e l i n k s ) ) 12 >assequence ( ) > f i r s t ( ), a d v e r s a r y ) 13. oclastype ( S t r i n g ) >i n c l u d e s ( adv ) User interface to guarantee preconditions 14/ 21
15 : Creating a UMLsec Deployment Diagram for PMS IV createnodes( PMS Deployment ); and 15/ 21
16 : Creating a UMLsec Deployment Diagram for PMS V createnestedclasses ({ Configuration }) ; and 16/ 21
17 : Creating a UMLsec Deployment Diagram for PMS VI and getnetworkconnections(); returns { PMS!{Alarm,VitalSigns},T!{config} } createcommunicationpaths( PMS Deployment ); setcommunicationpathtype( PMS Deployment, PMS!{Alarm,VitalSigns}, T!{config }, encrypted ) ; 17/ 21
18 : Creating a UMLsec Deployment Diagram for PMS VII createdependencies( PMS Deployment ); and 18/ 21
19 : UMLsec Class Diagram for PMS and createkeyexchangeprotocol( Terminal, PatientMonitoringSystem, KeyExchProt ) «data security» PMS KeyExchProt «critical» Terminal S_: Data s_: Data N_: Data K_T: Keys inv(k_t): Keys K_CA: Keys i: Integer + resp(shrd, cert) «data security» adversary = default «critical» secrecy = {s_,inv(k_t)} integrity = {s_,n_,k_t,inv(k_t),k_ca,i} authenticity = (k,p_i) «primitivetype» Data «send, secrecy, integrity» «send, secrecy, integrity» «primitivetype» Keys «critical» secrecy = {inv(k_p),k_} integrity = {K_P,inv(K_P),K_CA,k_,j} «critical» PatientMonitoringSystem K_P: Keys inv(k_p): Keys K_CA: Keys k_: Keys j: Integer + init(n, k, cert) + xchd(mstr) «primitivetype» Expressions 19/ 21
20 : UMLsec Sequence Diagram for PMS and createkeyexchangeprotocol( Terminal, PatientMonitoringSystem, KeyExchProt ) sd PMS KeyExchProt Terminal init(n_i,k_t,sign(inv(k_t),t::k_t)) resp({sign(inv(k_p_i),k_j::n'::k'_t)}_k'_t, Sign(inv(K_CA),P_i::K_P_i)) PatientMonitoringSystem [snd(ext (K'_T,c_c))=K'_T] [fst(ext (K_CA),c_S=S_i) and snd(ext (K'_S_i,Dec(inv (K_T),c_k)))=N_i] xchd({s_i}_k) 20/ 21
21 and : Approach to bridge the gap between security requirements analysis and secure design Formal model generation rules Creating design models in the security domain becomes more routine and less error-prone. Future work: Develop a notion of correctness for the considered transition. Construct CASE tool. 21/ 21
22 I and [H06] Denis Hatebur, Maritta Heisel, and Holger Schmidt. Security engineering using problem frames. In G. Müller, editor, Proceedings of the International Conference on Emerging Trends in Information and Communication Security (ETRICS) (LNCS 3995), pages Springer, [H07] Denis Hatebur, Maritta Heisel, and Holger Schmidt. A pattern system for security requirements engineering. In Proceedings of the International Conference on Availability, Reliability and Security (AReS), pages IEEE Computer Society, / 21
23 II and [Jac01] [Jür05] Michael Jackson. Problem Frames. Analyzing and structuring software development problems. Addison-Wesley, Jan Jürjens. Secure Systems Development with UML. Springer, , 4 23/ 21
24 III and [RTLN06] Lillian Røstad, Inger Anne Tøndel, Maria B. Line, and Odd Nordland. Safety vs. security. In Michael G. Stamatelatos and Harold S. Blackman, editors, Proceedings of the International Conference on Probabilistic Safety Assessment and Management (PSAM). ASME Press, New York, [UML06] UML Revision Task Force. Object Constraint Language Specification. Object Management Group (OMG), May / 21
Systematic Development of UMLsec Design Models Based On Security Requirements
Systematic Development of UMLsec Design Models Based On Security Requirements Denis Hatebur 1,4 and Maritta Heisel 1 and Jan Jürjens 2,3 and Holger Schmidt 2 1 Software Engineering, Department of Computer
More informationAutomated Checking of Integrity Constraints for a Model- and Pattern-Based Requirements Engineering Method (Technical Report)
Automated Checking of Integrity Constraints for a Model- and Pattern-Based Requirements Engineering Method (Technical Report) Isabelle Côté 1, Denis Hatebur 1,2, Maritta Heisel 1 1 University Duisburg-Essen,
More informationFormal Analysis of UML/OCL Models
Formal Analysis of UML/OCL Models Achim D. Brucker Vincenz-Priessnitz-Str. 1, 76131 Karlsruhe, Germany achim.brucker@sap.com University Bremen Computer Science Colloqium Bremen, 29th October 2008 Outline
More informationTUM INSTITUT FÜR INFORMATIK. Stream Based Specification of Cryptographic Protocols and Their Composition Properties. Maria Spichkova, Jan Jürjens
TUM INSTITUT FÜR INFORMATIK Stream Based Specification of Cryptographic Protocols and Their Composition Properties Maria Spichkova, Jan Jürjens ABCDE FGHIJ KLMNO TUM-I0823 Juli 08 TECHNISCHE UNIVERSITÄT
More informationLecture 05: High-Level Design with SysML. An Introduction to SysML. Where are we? What is a model? The Unified Modeling Language (UML)
Where are we? Systeme hoher Sicherheit und Qualität Universität Bremen, WS 2017/2018 Lecture 05: High-Level Design with SysML Christoph Lüth, Dieter Hutter, Jan Peleska 01: Concepts of Quality 02: Legal
More informationBlock Ciphers/Pseudorandom Permutations
Block Ciphers/Pseudorandom Permutations Definition: Pseudorandom Permutation is exactly the same as a Pseudorandom Function, except for every key k, F k must be a permutation and it must be indistinguishable
More informationAnalysing privacy-type properties in cryptographic protocols
Analysing privacy-type properties in cryptographic protocols Stéphanie Delaune LSV, CNRS & ENS Cachan, France Wednesday, January 14th, 2015 S. Delaune (LSV) Verification of cryptographic protocols 14th
More informationNotes for Lecture 17
U.C. Berkeley CS276: Cryptography Handout N17 Luca Trevisan March 17, 2009 Notes for Lecture 17 Scribed by Matt Finifter, posted April 8, 2009 Summary Today we begin to talk about public-key cryptography,
More informationStandardization of Quantum Cryptography in China
Standardization of Quantum Cryptography in China Zhengfu Han University of Science and Technology of China Anhui Asky Quantum Technology Co.,Ltd November 7,2018 CONTENTS 1 Background on Quantum Cryptography
More informationIntroduction to Computer Programming
Introduction to Computer Programming Lecture 01 Software engineering is a field of engineering, for designing and writing programs for computers or other electronic devices. A software engineer, or programmer,
More informationA new security notion for asymmetric encryption Draft #12
A new security notion for asymmetric encryption Draft #12 Muhammad Rezal Kamel Ariffin 1,2 1 Al-Kindi Cryptography Research Laboratory, Institute for Mathematical Research, 2 Department of Mathematics,
More informationEXPERT SYSTEM FOR POWER TRANSFORMER DIAGNOSIS
EXPERT SYSTEM FOR POWER TRANSFORMER DIAGNOSIS Virginia Ivanov Maria Brojboiu Sergiu Ivanov University of Craiova Faculty of Electrical Engineering 107 Decebal Blv., 200440, Romania E-mail: vivanov@elth.ucv.ro
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474-01, Winter 2011 Lecture 7: Information flow control Eran Tromer 1 Slides credit: Max Krohn, MIT Ian Goldberg and Urs Hengartner, University of Waterloo
More informationOptimal Metric Planning with State Sets in Automata Representation [3]
Optimal Metric Planning with State Sets in Automata Representation [3] Björn Ulrich Borowsky Stefan Edelkamp Fakultät für Informatik, Technische Universität Dortmund, Germany 2008 (Slides by ) Goal and
More informationLecture 9 - Symmetric Encryption
0368.4162: Introduction to Cryptography Ran Canetti Lecture 9 - Symmetric Encryption 29 December 2008 Fall 2008 Scribes: R. Levi, M. Rosen 1 Introduction Encryption, or guaranteeing secrecy of information,
More informationProving Security Protocols Correct. Lawrence C. Paulson Computer Laboratory
Proving Security Protocols Correct Lawrence C. Paulson Computer Laboratory How Detailed Should a Model Be? too detailed too simple concrete abstract not usable not credible ``proves'' everything ``attacks''
More informationA process algebraic analysis of privacy-type properties in cryptographic protocols
A process algebraic analysis of privacy-type properties in cryptographic protocols Stéphanie Delaune LSV, CNRS & ENS Cachan, France Saturday, September 6th, 2014 S. Delaune (LSV) Verification of cryptographic
More informationPDQ Tracker High Level Requirements
Dominion / PeakRC PDQ Tracker High Level Requirements Purpose 1206 Broad Street Chattanooga, TN 37402 423 702 8136 The purpose of PDQ Tracker is (1) to measure phasor data quality, (2) to disseminate data
More informationLecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography
CS 7880 Graduate Cryptography September 10, 2015 Lecture 1: Perfect Secrecy and Statistical Authentication Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Definition of perfect secrecy One-time
More informationEvaluation and Validation
Evaluation and Validation Jian-Jia Chen (Slides are based on Peter Marwedel) TU Dortmund, Informatik 12 Germany Springer, 2010 2016 年 01 月 05 日 These slides use Microsoft clip arts. Microsoft copyright
More informationCSA E0 235: Cryptography (19 Mar 2015) CBC-MAC
CSA E0 235: Cryptography (19 Mar 2015) Instructor: Arpita Patra CBC-MAC Submitted by: Bharath Kumar, KS Tanwar 1 Overview In this lecture, we will explore Cipher Block Chaining - Message Authentication
More informationModes of Operations for Wide-Block Encryption
Wide-Block Encryption p. 1/4 Modes of Operations for Wide-Block Encryption Palash Sarkar Indian Statistical Institute, Kolkata Wide-Block Encryption p. 2/4 Structure of Presentation From block cipher to
More informationCPSA and Formal Security Goals
CPSA and Formal Security Goals John D. Ramsdell The MITRE Corporation CPSA Version 2.5.1 July 8, 2015 Contents 1 Introduction 3 2 Syntax 6 3 Semantics 8 4 Examples 10 4.1 Needham-Schroeder Responder.................
More informationNew Strategy for Doubling-Free Short Addition-Subtraction Chain
Applied Mathematics & Information Sciences 2(2) (2008), 123 133 An International Journal c 2008 Dixie W Publishing Corporation, U. S. A. New Strategy for Doubling-Free Short Addition-Subtraction Chain
More informationVerification of the TLS Handshake protocol
Verification of the TLS Handshake protocol Carst Tankink (0569954), Pim Vullers (0575766) 20th May 2008 1 Introduction In this text, we will analyse the Transport Layer Security (TLS) handshake protocol.
More informationAnalyzing the IETF ACE-OAuth Protocol
Analyzing the IETF ACE-OAuth Protocol Hannes Tschofenig Arm Limited, Email: hannes.tschofenig@arm.com I. ABSTRACT The OAuth Security Workshop series was started after a group of researchers from Trier/Germany
More informationRevisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives
S C I E N C E P A S S I O N T E C H N O L O G Y Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives David Derler, Christian Hanser, and Daniel Slamanig, IAIK,
More informationA JML Specification of the Design Pattern Visitor
A JML Specification of the Design Pattern Visitor Wolfgang Schreiner Research Institute for Symbolic Computation (RISC) Johannes Kepler University Linz, Austria Wolfgang.Schreiner@risc.jku.at September
More informationProbabilistic Model Checking of Security Protocols without Perfect Cryptography Assumption
Our Model Checking of Security Protocols without Perfect Cryptography Assumption Czestochowa University of Technology Cardinal Stefan Wyszynski University CN2016 Our 1 2 3 Our 4 5 6 7 Importance of Security
More informationISO INTERNATIONAL STANDARD. Geographic information Metadata Part 2: Extensions for imagery and gridded data
INTERNATIONAL STANDARD ISO 19115-2 First edition 2009-02-15 Geographic information Metadata Part 2: Extensions for imagery and gridded data Information géographique Métadonnées Partie 2: Extensions pour
More informationMESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION. Mihir Bellare UCSD 1
MESSAGE AUTHENTICATION CODES and PRF DOMAIN EXTENSION Mihir Bellare UCSD 1 Integrity and authenticity The goal is to ensure that M really originates with Alice and not someone else M has not been modified
More informationQuantitative Safety Analysis of Non-Deterministic System Architectures
Quantitative Safety Analysis of Non-Deterministic System Architectures Adrian Beer University of Konstanz Department of Computer and Information Science Chair for Software Engineering Adrian.Beer@uni.kn
More informationFrom Unpredictability to Indistinguishability: A Simple. Construction of Pseudo-Random Functions from MACs. Preliminary Version.
From Unpredictability to Indistinguishability: A Simple Construction of Pseudo-Random Functions from MACs Preliminary Version Moni Naor Omer Reingold y Abstract This paper studies the relationship between
More informationHashes and Message Digests Alex X. Liu & Haipeng Dai
Hashes and Message Digests Alex X. Liu & Haipeng Dai haipengdai@nju.edu.cn 313 CS Building Department of Computer Science and Technology Nanjing University Integrity vs. Secrecy Integrity: attacker cannot
More informationPKCS #1 v2.0 Amendment 1: Multi-Prime RSA
PKCS #1 v2.0 Amendment 1: Multi-Prime RSA RSA Laboratories DRAFT 1 May 20, 2000 Editor s note: This is the first draft of amendment 1 to PKCS #1 v2.0, which is available for a 30-day public review period.
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationInformation Disclosure in Identity Management
Information Disclosure in Identity Management all of us Abstract User Controlled Identity Management Systems have the goal to hinder the linkability between the different digital identities of a user.
More informationDynamic and Adversarial Reachavoid Symbolic Planning
Dynamic and Adversarial Reachavoid Symbolic Planning Laya Shamgah Advisor: Dr. Karimoddini July 21 st 2017 Thrust 1: Modeling, Analysis and Control of Large-scale Autonomous Vehicles (MACLAV) Sub-trust
More informationCryptanalysis of Threshold-Multisignature Schemes
Cryptanalysis of Threshold-Multisignature Schemes Lifeng Guo Institute of Systems Science, Academy of Mathematics and System Sciences, Chinese Academy of Sciences, Beijing 100080, P.R. China E-mail address:
More informationFormal verification of One Dimensional Time Triggered Velocity PID Controllers Kenneth Payson 12/09/14
Formal verification of One Dimensional Time Triggered Velocity PID Controllers 12/09/14 1: Abstract This paper provides a formal proof of the safety of a time triggered velocity PID controller that are
More informationSpringerBriefs in Statistics
SpringerBriefs in Statistics For further volumes: http://www.springer.com/series/8921 Jeff Grover Strategic Economic Decision-Making Using Bayesian Belief Networks to Solve Complex Problems Jeff Grover
More informationModel-based requirements analysis for reactive systems with UML sequence diagrams and coloured petri nets
Innovations Syst Softw Eng (2008) 4:233 240 DOI 10.1007/s11334-008-0054-3 ORIGINAL PAPER Model-based requirements analysis for reactive systems with UML sequence diagrams and coloured petri nets Kristian
More informationA new security notion for asymmetric encryption Draft #10
A new security notion for asymmetric encryption Draft #10 Muhammad Rezal Kamel Ariffin 1,2 1 Al-Kindi Cryptography Research Laboratory, Institute for Mathematical Research, 2 Department of Mathematics,
More informationIdentifying and Analyzing Implicit Interactions in Critical Infrastructure Systems
Identifying and in Critical Infrastructure Systems Jason Jaskolka Collaborator: John Villasenor (UCLA) Department of Systems and Computer Engineering Carleton University, Ottawa, ON, Canada jaskolka@sce.carleton.ca
More informationA Forgery Attack on the Candidate LTE Integrity Algorithm 128-EIA3 (updated version)
A Forgery Attack on the Candidate LTE Integrity Algorithm 128-EIA3 (updated version) Thomas Fuhr, Henri Gilbert, Jean-René Reinhard, and Marion Videau ANSSI, France Abstract In this note we show that the
More informationSoftwaretechnik. Lecture 13: Design by Contract. Peter Thiemann University of Freiburg, Germany
Softwaretechnik Lecture 13: Design by Contract Peter Thiemann University of Freiburg, Germany 25.06.2012 Table of Contents Design by Contract Contracts for Procedural Programs Contracts for Object-Oriented
More informationIntroduction to Cybersecurity Cryptography (Part 4)
Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message
More informationSoftwaretechnik. Lecture 13: Design by Contract. Peter Thiemann University of Freiburg, Germany
Softwaretechnik Lecture 13: Design by Contract Peter Thiemann University of Freiburg, Germany 25.06.2012 Table of Contents Design by Contract Contracts for Procedural Programs Contracts for Object-Oriented
More informationSystems analysis. Behaviour, architecture L E C T U R E. Ing. Zuzana Bělinová, Ph.D. Lecture 2. Systems engineering. Veronika Vlčková, Zuzana Bělinová
L E C T U R E 2 Systems analysis Behaviour, architecture Ing. Zuzana Bělinová, Ph.D. LECTURE OVERVIEW System behaviour Genetic code System architecture BEHAVIOUR Way of achieving goals Set of processes
More informationProvable security. Michel Abdalla
Lecture 1: Provable security Michel Abdalla École normale supérieure & CNRS Cryptography Main goal: Enable secure communication in the presence of adversaries Adversary Sender 10110 10110 Receiver Only
More information1 Descriptions of Function
Wide-Area Wind Generation Forecasting 1 Descriptions of Function All prior work (intellectual property of the company or individual) or proprietary (non-publicly available) work should be so noted. 1.1
More informationQuantum Wireless Sensor Networks
Quantum Wireless Sensor Networks School of Computing Queen s University Canada ntional Computation Vienna, August 2008 Main Result Quantum cryptography can solve the problem of security in sensor networks.
More informationAuthentication Codes and Algebraic Curves
Authentication Codes and Algebraic Curves Chaoping Xing Abstract. We survey a recent application of algebraic curves over finite fields to the constructions of authentication codes. 1. Introduction Authentication
More informationD2E GIS Coordination Initiative Functional Transformation Kick-Off Meeting
D2E GIS Coordination Initiative Functional Transformation Kick-Off Meeting GIS Functional Transformation Kick-Off Meeting May 13, 2008 D2E GIS Coordination Initiative Functional Transformation Kick-Off
More informationGeografisk information Referensmodell. Geographic information Reference model
SVENSK STANDARD SS-ISO 19101 Fastställd 2002-08-09 Utgåva 1 Geografisk information Referensmodell Geographic information Reference model ICS 35.240.70 Språk: engelska Tryckt i september 2002 Copyright
More informationReliable Cooperative Sensing in Cognitive Networks
Reliable Cooperative Sensing in Cognitive Networks (Invited Paper) Mai Abdelhakim, Jian Ren, and Tongtong Li Department of Electrical & Computer Engineering, Michigan State University, East Lansing, MI
More informationEverything is Quantum. Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL
Everything is Quantum Our mission is to keep KPN reliable & secure and trusted by customers, partners and society part of the vital infra of NL Contents Whats the problem? Surveillance Problem / Weak Crypto
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 7, 2015 CPSC 467, Lecture 11 1/37 Digital Signature Algorithms Signatures from commutative cryptosystems Signatures from
More informationLecture 2: Perfect Secrecy and its Limitations
CS 4501-6501 Topics in Cryptography 26 Jan 2018 Lecture 2: Perfect Secrecy and its Limitations Lecturer: Mohammad Mahmoody Scribe: Mohammad Mahmoody 1 Introduction Last time, we informally defined encryption
More informationJAC Conjunction Assessment
JAC Conjunction Assessment SSA Operators Workshop Denver, Colorado November 3-5, 2016 François LAPORTE Operational Flight Dynamics CNES Toulouse Francois.Laporte@cnes.fr SUMMARY CA is not an easy task:
More informationDynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics
Dynamic Semantics Operational Semantics Denotational Semantic Dynamic Semantics Operational Semantics Operational Semantics Describe meaning by executing program on machine Machine can be actual or simulated
More informationHoare Logic (I): Axiomatic Semantics and Program Correctness
Hoare Logic (I): Axiomatic Semantics and Program Correctness (Based on [Apt and Olderog 1991; Gries 1981; Hoare 1969; Kleymann 1999; Sethi 199]) Yih-Kuen Tsay Dept. of Information Management National Taiwan
More informationApproximation Metrics for Discrete and Continuous Systems
University of Pennsylvania ScholarlyCommons Departmental Papers (CIS) Department of Computer & Information Science May 2007 Approximation Metrics for Discrete Continuous Systems Antoine Girard University
More informationProbabilistic Model Checking and Strategy Synthesis for Robot Navigation
Probabilistic Model Checking and Strategy Synthesis for Robot Navigation Dave Parker University of Birmingham (joint work with Bruno Lacerda, Nick Hawes) AIMS CDT, Oxford, May 2015 Overview Probabilistic
More informationDVClub Europe Formal fault analysis for ISO fault metrics on real world designs. Jörg Große Product Manager Functional Safety November 2016
DVClub Europe Formal fault analysis for ISO 26262 fault metrics on real world designs Jörg Große Product Manager Functional Safety November 2016 Page 1 11/27/2016 Introduction Functional Safety The objective
More informationConceptual Modeling: How to Connect Architecture Overview and Design Details?
Conceptual Modeling: How to Connect Architecture Overview and Design Details? by Gerrit Muller USN-NISE, TNO-ESI e-mail: gaudisite@gmail.com www.gaudisite.nl Abstract Today s Smart systems are highly complex,
More informationQuantifying Information Flow for Dynamic Secrets
Quantifying Information Flow for Dynamic Secrets Piotr (Peter) Mardziel, Mário S. Alvim, + Michael Hicks, and Michael R. Clarkson University of Maryland, College Park, + Universidade Federal de Minas Gerais,
More informationCOS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017
COS433/Math 473: Cryptography Mark Zhandry Princeton University Spring 2017 Previously on COS 433 Takeaway: Crypto is Hard Designing crypto is hard, even experts get it wrong Just because I don t know
More informationUndecidability in Epistemic Planning
Undecidability in Epistemic Planning Thomas Bolander, DTU Compute, Tech Univ of Denmark Joint work with: Guillaume Aucher, Univ Rennes 1 Bolander: Undecidability in Epistemic Planning p. 1/17 Introduction
More informationAbstract Interpretation from a Topological Perspective
(-: / 1 Abstract Interpretation from a Topological Perspective David Schmidt Kansas State University www.cis.ksu.edu/ schmidt Motivation and overview of results (-: / 2 (-: / 3 Topology studies convergent
More informationLecture 10: NMAC, HMAC and Number Theory
CS 6903 Modern Cryptography April 13, 2011 Lecture 10: NMAC, HMAC and Number Theory Instructor: Nitesh Saxena Scribes: Anand Desai,Manav Singh Dahiya,Amol Bhavekar 1 Recap 1.1 MACs A Message Authentication
More informationTransactions on Information and Communications Technologies vol 18, 1998 WIT Press, ISSN
GIS in the process of road design N.C. Babic, D. Rebolj & L. Hanzic Civil Engineering Informatics Center, University ofmaribor, Faculty of Civil Engineering, Smetanova 17, 2000 Maribor, Slovenia. E-mail:
More informationLecture th January 2009 Fall 2008 Scribes: D. Widder, E. Widder Today s lecture topics
0368.4162: Introduction to Cryptography Ran Canetti Lecture 11 12th January 2009 Fall 2008 Scribes: D. Widder, E. Widder Today s lecture topics Introduction to cryptographic protocols Commitments 1 Cryptographic
More informationMethods for the specification and verification of business processes MPB (6 cfu, 295AA)
Methods for the specification and verification of business processes MPB (6 cfu, 295AA) Roberto Bruni http://www.di.unipi.it/~bruni 20 - Workflow modules 1 Object We study Workflow modules to model interaction
More informationIntroduction to Modern Cryptography Lecture 11
Introduction to Modern Cryptography Lecture 11 January 10, 2017 Instructor: Benny Chor Teaching Assistant: Orit Moskovich School of Computer Science Tel-Aviv University Fall Semester, 2016 17 Tuesday 12:00
More informationLecture 04: OCL Semantics
Software Design, Modelling and Analysis in UML Lecture 04: OCL Semantics 2014-10-30 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal 04 2014-10-30 main Albert-Ludwigs-Universität Freiburg, Germany Contents
More informationDGIWG 200. Defence Geospatial Information Framework (DGIF) Overview
DGIWG 200 Defence Geospatial Information Framework (DGIF) Overview Document type: Standard Document date: 28 November 2017 Edition: 2.0.0 Responsible Party: Audience: Abstract: Copyright: Defence Geospatial
More informationThe Swedish National Geodata Strategy and the Geodata Project
The Swedish National Geodata Strategy and the Geodata Project Ewa Rannestig, Head of NSDI Co-ordination Unit, Lantmäteriet, ewa.rannstig@lm.se Ulf Sandgren, Project Manager Geodata Project, Lantmäteriet,
More informationSolution of Exercise Sheet 7
saarland Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University university computer science Solution of Exercise Sheet 7 1 Variants of Modes of Operation Let (K,
More informationAN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM
AN INTRODUCTION TO THE UNDERLYING COMPUTATIONAL PROBLEM OF THE ELGAMAL CRYPTOSYSTEM VORA,VRUSHANK APPRENTICE PROGRAM Abstract. This paper will analyze the strengths and weaknesses of the underlying computational
More informationAutomaten und Formale Sprachen Automata and Formal Languages
WS 2014/15 Automaten und Formale Sprachen Automata and Formal Languages Ernst W. Mayr Fakultät für Informatik TU München http://www14.in.tum.de/lehre/2014ws/afs/ Wintersemester 2014/15 AFS Chapter 0 Organizational
More informationConstructing secure MACs Message authentication in action. Table of contents
Constructing secure MACs Message authentication in action Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents From last time Recall the definition of message
More informationMarie Farrell Supervisors: Dr Rosemary Monahan & Dr James Power Principles of Programming Research Group
EXAMINING REFINEMENT: THEORY, TOOLS AND MATHEMATICS Marie Farrell Supervisors: Dr Rosemary Monahan & Dr James Power Principles of Programming Research Group PROBLEM Different formalisms do not integrate
More informationOn the security of Jhanwar-Barua Identity-Based Encryption Scheme
On the security of Jhanwar-Barua Identity-Based Encryption Scheme Adrian G. Schipor aschipor@info.uaic.ro 1 Department of Computer Science Al. I. Cuza University of Iași Iași 700506, Romania Abstract In
More informationClock Synchronization Procedure
Clock Synchronization Procedure Reference No. xx Revision No. 1 Relevant ISO Control No. 10.10.6 Issue Date: June 19, 2013 Revision Date: June 19, 2013 Approved by: Title: Ted Harvey Director, Technology
More informationFormal Reasoning CSE 331. Lecture 2 Formal Reasoning. Announcements. Formalization and Reasoning. Software Design and Implementation
CSE 331 Software Design and Implementation Lecture 2 Formal Reasoning Announcements Homework 0 due Friday at 5 PM Heads up: no late days for this one! Homework 1 due Wednesday at 11 PM Using program logic
More informationMetrics for Data Uniformity of User Scenarios through User Interaction Diagrams
Metrics for Data Uniformity of User Scenarios through User Interaction Diagrams Douglas Hiura Longo and Patrícia Vilain Informatics and Statistics Department, Federal University of Santa Catarina, Florianopolis,
More informationThe Joplin Tornado: Lessons Learned from the NIST Investigation
February 4, 2014 AMS Annual Meeting The Joplin Tornado: Lessons Learned from the NIST Investigation Franklin T. Lombardo, NIST Erica Kuligowski, NIST Marc Levitan, NIST Long Phan, NIST David Jorgensen,
More informationAuthenticated Encryption Mode for Beyond the Birthday Bound Security
Authenticated Encryption Mode for Beyond the Birthday Bound Security Tetsu Iwata Nagoya University iwata@cse.nagoya-u.ac.jp Africacrypt 2008, Casablanca, Morocco June 11, 2008 Blockcipher plaintext M key
More informationInternational Conference Analysis and Management of Changing Risks for Natural Hazards November 2014 l Padua, Italy
Abstract Code: B01 Assets mapping products in support of preparedness and prevention measures (examples from Germany, Italy and France) Marc Mueller, Thierry Fourty, Mehdi Lefeuvre Airbus Defence and Space,
More informationTECHNICAL WORKING GROUP ITWG GUIDELINE ON IN-FIELD APPLICATIONS OF HIGH- RESOLUTION GAMMA SPECTROMETRY FOR ANALYSIS OF SPECIAL NUCLEAR MATERIAL
NUCLE A R FORENSIC S INTERN ATION A L TECHNICAL WORKING GROUP ITWG GUIDELINE ON IN-FIELD APPLICATIONS OF HIGH- RESOLUTION GAMMA SPECTROMETRY FOR ANALYSIS OF SPECIAL NUCLEAR MATERIAL This document was designed
More informationWMO/WWRP FDP: INCA CE
WMO/WWRP FDP: INCA CE Yong Wang ZAMG, Austria This project is implemented through the CENTRAL EUROPE Programme co-financed by the ERDF INCA CE: implementation over Central Europe A Nowcasting Initiative
More informationUNESCO World Heritage Centre - Arab States Unit
UNESCO World Heritage Centre - Arab States Unit Post-Conflict Reconstruction in the Middle East Context and in the Old City of Aleppo in Particular UNESCO Headquarter, 18-19 June 2015 ACTION PLAN resulting
More informationAPPLICATION OF ELLIPTIC CURVES IN CRYPTOGRAPHY-A REVIEW
APPLICATION OF ELLIPTIC CURVES IN CRYPTOGRAPHY-A REVIEW Savkirat Kaur Department of Mathematics, Dev Samaj College for Women, Ferozepur (India) ABSTRACT Earlier, the role of cryptography was confined to
More informationChapter 2 : Perfectly-Secret Encryption
COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 2 : Perfectly-Secret Encryption 1 2.1 Definitions and Basic Properties We refer to probability
More informationInvariant Patterns for Program Reasoning
Invariant Patterns for Program Reasoning Andrew Ireland and Bill J. Ellis and Tommy Ingulfsen School of Mathematical & Computer Sciences Heriot-Watt University, Edinburgh, Scotland, UK a.ireland@hw.ac.uk
More informationPassword Cracking: The Effect of Bias on the Average Guesswork of Hash Functions
Password Cracking: The Effect of Bias on the Average Guesswork of Hash Functions Yair Yona, and Suhas Diggavi, Fellow, IEEE Abstract arxiv:608.0232v4 [cs.cr] Jan 207 In this work we analyze the average
More informationFlexible Group Key Exchange with On Demand Computation of Subgroup Keys
Flexible Group Key Exchange with On Demand Computation of Subgroup Keys Michel Abdalla 1, Celine Chevalier 2, Mark Manulis 3, David Pointcheval 1 1 École Normale Supérieure CNRS INRIA, Paris, France 2
More informationFormal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers
Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur PROOFS 2016 August
More informationLecture 24: MAC for Arbitrary Length Messages. MAC Long Messages
Lecture 24: MAC for Arbitrary Length Messages Recall Previous lecture, we constructed MACs for fixed length messages The GGM Pseudo-random Function (PRF) Construction Given. Pseudo-random Generator (PRG)
More information