Visible to the public Biblio

Filters: Keyword is security condition  [Clear All Filters]
2021-03-04
Algehed, M., Flanagan, C..  2020.  Transparent IFC Enforcement: Possibility and (In)Efficiency Results. 2020 IEEE 33rd Computer Security Foundations Symposium (CSF). :65—78.

Information Flow Control (IFC) is a collection of techniques for ensuring a no-write-down no-read-up style security policy known as noninterference. Traditional methods for both static (e.g. type systems) and dynamic (e.g. runtime monitors) IFC suffer from untenable numbers of false alarms on real-world programs. Secure Multi-Execution (SME) promises to provide secure information flow control without modifying the behaviour of already secure programs, a property commonly referred to as transparency. Implementations of SME exist for the web in the form of the FlowFox browser and as plug-ins to several programming languages. Furthermore, SME can in theory work in a black-box manner, meaning that it can be programming language agnostic, making it perfect for securing legacy or third-party systems. As such SME, and its variants like Multiple Facets (MF) and Faceted Secure Multi-Execution (FSME), appear to be a family of panaceas for the security engineer. The question is, how come, given all these advantages, that these techniques are not ubiquitous in practice? The answer lies, partially, in the issue of runtime and memory overhead. SME and its variants are prohibitively expensive to deploy in many non-trivial situations. The natural question is why is this the case? On the surface, the reason is simple. The techniques in the SME family all rely on the idea of multi-execution, running all or parts of a program multiple times to achieve noninterference. Naturally, this causes some overhead. However, the predominant thinking in the IFC community has been that these overheads can be overcome. In this paper we argue that there are fundamental reasons to expect this not to be the case and prove two key theorems: (1) All transparent enforcement is polynomial time equivalent to multi-execution. (2) All black-box enforcement takes time exponential in the number of principals in the security lattice. Our methods also allow us to answer, in the affirmative, an open question about the possibility of secure and transparent enforcement of a security condition known as Termination Insensitive Noninterference.

2020-07-16
Xiao, Jiaping, Jiang, Jianchun.  2018.  Real-time Security Evaluation for Unmanned Aircraft Systems under Data-driven Attacks*. 2018 13th World Congress on Intelligent Control and Automation (WCICA). :842—847.

With rapid advances in the fields of the Internet of Things and autonomous systems, the network security of cyber-physical systems(CPS) becomes more and more important. This paper focuses on the real-time security evaluation for unmanned aircraft systems which are cyber-physical systems relying on information communication and control system to achieve autonomous decision making. Our problem formulation is motivated by scenarios involving autonomous unmanned aerial vehicles(UAVs) working continuously under data-driven attacks when in an open, uncertain, and even hostile environment. Firstly, we investigated the state estimation method in CPS integrated with data-driven attacks model, and then proposed a real-time security scoring algorithm to evaluate the security condition of unmanned aircraft systems under different threat patterns, considering the vulnerability of the systems and consequences brought by data attacks. Our simulation in a UAV illustrated the efficiency and reliability of the algorithm.