Modular Plans for Secure Service Composition

Costa, Gabriele; Degano, Pierpaolo; Martinelli, Fabio

doi:10.1007/978-3-642-16074-5_4

Cited by 4 publications

(7 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…During this process, several analysis on the validity of history expressions can be carried out in order to prevent illegal service compositions. For a description of these techniques we refer the interested reader to [4,12]. Example 9.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Metric-Aware Secure Service Orchestration

Costa¹,

Martinelli

Yautsiukhin

2012

Electron. Proc. Theor. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

Secure orchestration is an important concern in the internet of service. Next to providing the required functionality the composite services must also provide a reasonable level of security in order to protect sensitive data. Thus, the orchestrator has a need to check whether the complex service is able to satisfy certain properties. Some properties are expressed with metrics for precise definition of requirements. Thus, the problem is to analyse the values of metrics for a complex business process.In this paper we extend our previous work on analysis of secure orchestration with quantifiable properties. We show how to define, verify and enforce quantitative security requirements in one framework with other security properties. The proposed approach should help to select the most suitable service architecture and guarantee fulfilment of the declared security requirements.

show abstract

Section: Discussionmentioning

confidence: 99%

“…In this paper we propose an extension of previous work (see [12,13]) on secure service orchestration integrating facilities for composing and verifying security metrics. In particular, we start from the service model proposed by Bartoletti et al [4].…”

Section: Introductionmentioning

confidence: 99%

Metric-Aware Secure Service Orchestration

Costa¹,

Martinelli

Yautsiukhin

2012

Electron. Proc. Theor. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

show abstract

“…A number of languages for the definition and orchestration of services have been put forward, see, e.g., [6,12,26,9,2]. Some of these frameworks can automatically generate service compositions that satisfy functional or security goals.…”

Section: Related Workmentioning

confidence: 99%

“…Constants for nodes and networks are assigned to distinct identifiers, i.e., positive numbers (lines 2-6), while time constants are mapped to specific, possibly overlapping minutes of the scenario duration (line 8). 12 Functions (lines 10-12) are slightly more complex. They consist of a finite composition of conditional statements (if-then-else, ite) testing the value of (some of) the formal parameters of a function to decide the result.…”

Section: K Otherwisementioning

confidence: 99%

Automating the Generation of Cyber Range Virtual Scenarios with VSDL

Costa¹,

Russo²,

Armando³

2020

Preprint

Self Cite

View full text Add to dashboard Cite

A cyber range is an environment used for training security experts and testing attack and defence tools and procedures. Usually, a cyber range simulates one or more critical infrastructures that attacking (red) and defending (blue) teams must compromise and protect, respectively. The infrastructure can be physically assembled, but much more convenient is to rely on the Infrastructure as a Service (IaaS) paradigm. Although some modern technologies support the IaaS, the design and deployment of scenarios of interest is mostly a manual operation. As a consequence, it is a common practice to have a cyber range hosting few (sometimes only one), consolidated scenarios. However, reusing the same scenario may significantly reduce the effectiveness of the training and testing sessions.In this paper we propose a framework for automating the definition and deployment of arbitrarily complex cyber range scenarios. The framework relies on the virtual scenario description language (VSDL), i.e., a domain-specific language for defining high-level features of the desired infrastructure while hiding low-level details. The semantics of VSDL is given in terms of constraints that must be satisfied by the virtual infrastructure. These constraints are then submitted to a SMT solver for checking the satisfiability of the specification. If satisfiable, the specification gives rise to a model that is automatically converted to a set of deployment scripts to be submitted to the IaaS provider.

show abstract

“…However, we argue that their solutions are still incomplete in terms of modeling program behavior as their models take only into account sequences of operations in a program. In our view, program behavior is better represented by a history of states mutated in order during program execution [6]. To be specific, every computational step in a program is a transition from one state to another.…”

Section: Introductionmentioning

confidence: 99%

Data Embedding Scheme for Efficient Program Behavior Modeling With Neural Networks

Ahn

Bae

et al. 2022

IEEE Trans. Emerg. Top. Comput. Intell.

View full text Add to dashboard Cite

As modern programs grow in size and complexity, the importance of program behavior modeling is emerging in various areas. Because of the large amount of data generated by a target program and the difficulty of runtime analysis, previous works in these areas employ deep learning. However, they did not sufficiently consider the input of a target program, since, in our view, program behavior is a history of computational steps consisting of a function and its input arguments. A naive, intuitive way to embed the value of x as it is in a vector representation creates a tremendously large vector size. Instead, we found that all the values inducing the same runtime behavior can be represented as one identical characteristic value (CV). In this paper, we show that not only can a characteristic value sequence replace the argument input, but it is also efficient to use it as an input vector for a neural network. This efficiency comes from modeling the whole program with multiple LSTM-RNN models and reducing the input space of the neural network. To demonstrate the effectiveness of this replacement, we performed experiments on the problem of program behavior anomaly detection. Our results show that our model achieves better detection performance compared to previous models and similar detection performance even with smaller model sizes. We also provide a visualization of the embedded vectors extracted from the embedding layer in the neural network model to prove that the CV sequence well represents the arguments.

show abstract

Modular Plans for Secure Service Composition

Cited by 4 publications

References 19 publications

Metric-Aware Secure Service Orchestration

Metric-Aware Secure Service Orchestration

Automating the Generation of Cyber Range Virtual Scenarios with VSDL

Data Embedding Scheme for Efficient Program Behavior Modeling With Neural Networks

Contact Info

Product

Resources

About