Abstract:Since many security incidents of networked computing infrastructures arise from inadequate technical management actions, we aim at a method supporting the formal analysis of those implications which administration activities rnay have towards system security. We apply the specification language cTLA which supports the modular description ofprocess systems and facilitates the construction of a modeling framework. The framework defines a generic modeling structure and provides re-usable model elements. Due to cTLA 's connection to the temporal logic of actions TLA, formal analysis can resort to symbolic reasoning. Supplementarily, automated analysis can be applied. We focus here on automated analysis. It is supported by translation of cTLA specifications into suitable model descriptions for the powernd model checking tool SPIN. We outline the utilized methods and tools, and report on the modeling and SPIN-based analysis ofIP-Hijacking.
The management of distributed and embedded service systems is a complex task as the services are exposed to changing environments which have to be reflected by the services' configurations. These configurations are commonly based on abstract management policies. Embedded devices usually lack the resources to perform the necessary computations to derive an actual configuration from an abstract policy. Thus we developed a two phase management approach that splits up the management process into a design-time and a runtime task. At design-time a model of the managed system is created. This model is augmented by high-level, environmentaware management policies that are automatically refined to low-level service configurations using graph-transformation techniques. This phase is based on the concepts of model-based management and on parts of the Generalized Role Based Access Control model to handle the modeling of the environmentaware policies. The runtime phase covers the enforcement of the environment-aware management policies by a set of management services responsible for the setting of suitable service configurations.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.