Quantitative Information Flow Control by Construction for Component-Based Systems

• URL: http://arxiv.org/abs/2401.07677v1
• Date: Mon, 15 Jan 2024 13:46:07 GMT
• Title: Quantitative Information Flow Control by Construction for Component-Based Systems
• Authors: Rasmus Carl R{\o}nneberg
• Abstract summary: This paper presents doctoral research in its early stages concerned with creating constructive methods for building secure component-based systems. This research aim at developing a method that allows software architects to develop secure systems from a repository of secure components.
• Score: 0.0
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Secure software architecture is increasingly important in a data-driven world. When security is neglected sensitive information might leak through unauthorized access. To mitigate this software architects needs tools and methods to quantify security risks in complex systems. This paper presents doctoral research in its early stages concerned with creating constructive methods for building secure component-based systems from a quantitative information flow specification. This research aim at developing a method that allows software architects to develop secure systems from a repository of secure components. Planned contributions are refinement rules for secure development of components from a specification and well-formedness rules for secure composition of said components.

Related papers

• Toward Automated Potential Primary Asset Identification in Verilog Designs [4.526103806673449]
  Knowing the security assets in a design is fundamental to downstream security analyses. This paper proposes an automated approach for the initial identification of potential security assets in a Verilog design.
  arXiv  Detail & Related papers  (2025-02-07T04:17:25Z)
• Resilient Cloud cluster with DevSecOps security model, automates a data analysis, vulnerability search and risk calculation [0.0]
  The article presents the main methods of deploying web applications, ways to increase the level of information security at all stages of product development. The cloud cluster was deployed using Terraform and the Jenkins pipeline, which checks program code for vulnerabilities. The algorithm for calculating risk and losses is based on statistical data and the concept of the FAIR information risk assessment methodology.
  arXiv  Detail & Related papers  (2024-12-15T13:11:48Z)
• A Framework for the Security and Privacy of Biometric System Constructions under Defined Computational Assumptions [1.5446015139136167]
  This paper introduces a formal framework for constructing secure and privacy-preserving biometric systems. By leveraging the principles of universal composability, we enable the modular analysis and verification of individual system components.
  arXiv  Detail & Related papers  (2024-11-26T11:10:11Z)
• Specifications: The missing link to making the development of LLM systems an engineering discipline [65.10077876035417]
  We discuss the progress the field has made so far-through advances like structured outputs, process supervision, and test-time compute. We outline several future directions for research to enable the development of modular and reliable LLM-based systems.
  arXiv  Detail & Related papers  (2024-11-25T07:48:31Z)
• Physical and Software Based Fault Injection Attacks Against TEEs in Mobile Devices: A Systemisation of Knowledge [5.6064476854380825]
  Trusted Execution Environments (TEEs) are critical components of modern secure computing. They provide isolated zones in processors to safeguard sensitive data and execute secure operations. Despite their importance, TEEs are increasingly vulnerable to fault injection (FI) attacks.
  arXiv  Detail & Related papers  (2024-11-22T11:59:44Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• Leveraging Traceability to Integrate Safety Analysis Artifacts into the Software Development Process [51.42800587382228]
  Safety assurance cases (SACs) can be challenging to maintain during system evolution. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
  arXiv  Detail & Related papers  (2023-07-14T16:03:27Z)
• A Novel Approach to Identify Security Controls in Source Code [4.598579706242066]
  This paper enumerates a comprehensive list of commonly used security controls and creates a dataset for each one of them. It uses the state-of-the-art NLP technique Bidirectional Representations from Transformers (BERT) and the Tactic Detector from our prior work to show that security controls could be identified with high confidence.
  arXiv  Detail & Related papers  (2023-07-10T21:14:39Z)
• A Model Based Framework for Testing Safety and Security in Operational Technology Environments [0.46040036610482665]
  We propose a model-based testing approach which we consider a promising way to analyze the safety and security behavior of a system under test. The structure of the underlying framework is divided into four parts, according to the critical factors in testing of operational technology environments.
  arXiv  Detail & Related papers  (2023-06-22T05:37:09Z)
• Evaluating Model-free Reinforcement Learning toward Safety-critical Tasks [70.76757529955577]
  This paper revisits prior work in this scope from the perspective of state-wise safe RL. We propose Unrolling Safety Layer (USL), a joint method that combines safety optimization and safety projection. To facilitate further research in this area, we reproduce related algorithms in a unified pipeline and incorporate them into SafeRL-Kit.
  arXiv  Detail & Related papers  (2022-12-12T06:30:17Z)
• Recursively Feasible Probabilistic Safe Online Learning with Control Barrier Functions [60.26921219698514]
  We introduce a model-uncertainty-aware reformulation of CBF-based safety-critical controllers. We then present the pointwise feasibility conditions of the resulting safety controller. We use these conditions to devise an event-triggered online data collection strategy.
  arXiv  Detail & Related papers  (2022-08-23T05:02:09Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• Towards an Interface Description Template for AI-enabled Systems [77.34726150561087]
  Reuse is a common system architecture approach that seeks to instantiate a system architecture with existing components. There is currently no framework that guides the selection of necessary information to assess their portability to operate in a system different than the one for which the component was originally purposed. We present ongoing work on establishing an interface description template that captures the main information of an AI-enabled component.
  arXiv  Detail & Related papers  (2020-07-13T20:30:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.