Advertisement

A Uniform Approach to Security and Fault-Tolerance Specification and Analysis

  • Gabriele Lenzini
  • Fabio Martinelli
  • Ilaria Matteucci
  • Stefania Gnesi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5835)

Abstract

The availability of techniques for dependability specification and analysis is essential for the design and the implementation of trustworthy software architectures. Today’s software architectures are usually designed following the principle of component-based software engineering, they are open and networked, and dependable software architectures are required to be both secure and fault-tolerant. Traditional methods of dependability analysis of software architectures must evolve as well to keep on supporting the software engineering practice. This step is not straightforward. Methods and tools for the specification and analysis of fault-tolerance are usually independent from those available in security, while a unified approach would reinforce proving the overall systems’ trustworthiness. This paper demonstrates that, in certain cases, a uniform approach between fault-tolerance and security is possible. We propose to check dependability properties against an unspecified environment that plays the same role as a malicious intruder in security. Then, we show how two security analysis techniques, related to partial model checking and to generalized non-interference, can be applied to verify a family of fault-tolerance properties. A running example illustrates the applicability of the proposed approaches.

Keywords

Fault Tolerance Security Software Architecture Formal Analysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Andersen, H.R.: Verification of Temporal Properties of Concurrent Systems. PhD thesis, Department of Computer Science, Aarhus University, Denmark (1993)Google Scholar
  2. 2.
    Andersen, H.R.: Partial model checking (extended abstract). In: Proc. of 10th Annual IEEE Symposium on Logic in Computer Science, San Diego, California, USA, 26-29 June 1995, pp. 398–407. IEEE Computer Society Press, Los Alamitos (1995)Google Scholar
  3. 3.
    Andersen, H.R., Lind-Nielsen, J.: Partial model checking of modal equations: A survey. Software Tools for Technology Transfer 2(3), 242–259 (1999)MATHCrossRefGoogle Scholar
  4. 4.
    Bernardeschi, C., Fantechi, A., Gnesi, S.: Model checking fault tolerant systems. Software Testing, Verification and Reliability 12, 1–25 (2002)CrossRefGoogle Scholar
  5. 5.
    Bernardeschi, C., Fantechi, A., Simoncini, L.: Formally verifying fault tolerant system designs. The Computer Journal 3(43), 191–205 (2000)CrossRefGoogle Scholar
  6. 6.
    Bhat, G., Cleaveland, R.: Efficient model checking via the equational μ-calculus. In: Proc., 11th Annual IEEE Symposium on Logic in Computer Science, New Brunswick, NJ, USA, July 27-30, pp. 304–312. IEEE Computer Society Press, Los Alamitos (1996)CrossRefGoogle Scholar
  7. 7.
    Bondarev, E.R.V., Chaudron, M.R.V., de With, P.H.N.: Carat: a toolkit for design and performance analysis of component-based embedded systems. In: Proc. of Design, Automation, and Test in Europe (DATE), Nice, France, April 21, pp. 1024–1029 (2007)Google Scholar
  8. 8.
    Bradfield, J., Stirling, C.: Handbook of Process Algebra, chapter Modal Logics and μ-calculi: an introduction, pp. 293–332. Elsevier, North-Holland (2001)Google Scholar
  9. 9.
    Cachin, C., Poritz, J.A.: Secure intrusion-tolerant replication on the internet. In: Proc. of the Int. Conf. on Dependable Systems and Networks (DSN 2002), Bethesda, MD, USA, June 23-26, pp. 167–176. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
  10. 10.
    Chevochot, P., Puaut, I.: Experimental evaluation of the fail-silent behavior of a distributed real-time run-time support built from COTS components. In: Proc. of the Int. Conference on Dependable Systems and Networks (DSN 2001), Göteborg, Sweden, July 1-4, pp. 304–313. IEEE Computer Society, Los Alamitos (2001)CrossRefGoogle Scholar
  11. 11.
    Clark, J.A., Pradhan, D.K.: Fault injection: a method for validating computer-systemdependability. Computer 28(6), 47–56 (1995)CrossRefGoogle Scholar
  12. 12.
    Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specification. ACM Transaction on Programming Languages and Systems 8(2), 244–263 (1986)MATHCrossRefGoogle Scholar
  13. 13.
    Cleaveland, R., Parrow, J., Steffen, B.: The concurrency workbench: A semantics-based tool for the verification of concurrent systems. ACM Transactions on Programming Languages and Systems 15(1), 36–72 (1993)CrossRefGoogle Scholar
  14. 14.
    Daidone, A., Chiaradonna, S., Bondavalli, A.P., Veríssimo: Analysis of a redundant architecture for critical infrastructure protection. In: Architecting Dependable Systems V, pp. 78–100 (2008)Google Scholar
  15. 15.
    Dam, M.: CTL* and ECTL* as fragments of modal μ-calculus. Theoretical Computer Science 126(1), 77–96 (1994)MATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Durante, A., Focardi, R., Gorrieri, R.: CVS: A compiler for the analysis of cryptographic protocols. In: Proc. of the 12th IEEE Computer Security Foundations Workshop (CSFW 1999), Mordano, Italy, June 28-30, pp. 203–212. IEEE Computer Society, Los Alamitos (1999)CrossRefGoogle Scholar
  17. 17.
    Durante, A., Focardi, R., Gorrieri, R.: A compiler for analyzing cryptographic protocols using noninterference. ACM Trans. Softw. Eng. Methodol. 9(4), 488–528 (2000)CrossRefGoogle Scholar
  18. 18.
    Durante, A., Di Pietro, R., Mancini, L.V.: Formal specification for fast automatic IDS training. In: Abdallah, A.E., Ryan, P.Y.A., Schneider, S. (eds.) FASec 2002. LNCS, vol. 2629, pp. 191–204. Springer, Heidelberg (2002)Google Scholar
  19. 19.
    Emerson, E.A., Lei, C.L.: Efficient model checking in fragments of the propositional mu-calculus (extended abstract). In: Proc. of the 1st IEEE Symposium on Logic in Computer Science, Cambridge, MA, USA, June 16-18, pp. 267–278. IEEE Computer Society Press, Los Alamitos (1986)Google Scholar
  20. 20.
    Focardi, R., Gorrieri, R.: A taxonomy of security properties for ccs. In: Proc. 7th IEEE Computer Security Foundations Workshop (CSFW), Franconia, NH, USA, June 14-16, 1994, pp. 126–136. IEEE Computer Society, Los Alamitos (1994)CrossRefGoogle Scholar
  21. 21.
    Focardi, R., Gorrieri, R.: The compositional security checker: A tool for the verification of information flow security properties. IEEE Trans. Software Eng. 23(9), 550–571 (1997)CrossRefGoogle Scholar
  22. 22.
    Focardi, R., Gorrieri, R.: Classification of Security Properties - Part I: Information Flow. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 331–396. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Focardi, R., Gorrieri, R., Martinelli, F.: Classification of Security Properties - Part II: Network Security. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2001. LNCS, vol. 2946, pp. 139–185. Springer, Heidelberg (2004)Google Scholar
  24. 24.
    Focardi, R., Martinelli, F.: A Uniform Approch for the Definition of Security Properties. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 794–813. Springer, Heidelberg (1999)Google Scholar
  25. 25.
    Foley, S.N.: External consistency and the verification of security protocols. In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols 1998. LNCS, vol. 1550, pp. 28–33. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  26. 26.
    Foley, S.N.: A non-functional approach to systems integrity. IEEE Journal on Selected Areas in Communications 21(1), 36–43 (2003)CrossRefMathSciNetGoogle Scholar
  27. 27.
    Gärtner, F.C., Kloppenburg, S.: Consistent detection of global predicates under a weak fault assumption. In: Proc. of the 19th IEEE Symposium on Reliable Distributed Systems (SRDS 2000), Osaka, Japan, 13-16 October 2002, pp. 94–103. IEEE Computer Society, Los Alamitos (2000)CrossRefGoogle Scholar
  28. 28.
    Giannakopoulou, D., Pasareanu, C.S., Barringer, H.: Assumption generation for software component verification. In: Proc. of the 17th IEEE International Conference on Automated Software Engineering (ASE 2002), Edinburgh, Scotland, UK, September 23-27, pp. 3–12. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
  29. 29.
    Gnesi, S., Lenzini, G., Martinelli, F.: Applying generalized non deducibility on compositions (gndc) approach in dependability. ENTCS 99, 111–126 (2004)Google Scholar
  30. 30.
    Gnesi, S., Lenzini, G., Martinelli, F.: Logical specification and analysis of fault tolerant systems through partial model checking. ENTCS 118, 57–70 (2005)Google Scholar
  31. 31.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proceedings of the IEEE Symposium on Research in Security and Privacy, pp. 11–20. IEEE Computer Society Press, Los Alamitos (1982)Google Scholar
  32. 32.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1985)MATHGoogle Scholar
  33. 33.
    Inverardi, P., Tivoli, M.: Software architecture for correct components assembly. In: Bernardo, M., Inverardi, P. (eds.) SFM 2003. LNCS, vol. 2804, pp. 92–121. Springer, Heidelberg (2003)Google Scholar
  34. 34.
    Janin, D., Walukiewicz, I.: Automata for the modal μ-calculus and related results. In: Wiedermann, J., Hájek, P. (eds.) MFCS 1995. LNCS, vol. 969. Springer, Heidelberg (1995)Google Scholar
  35. 35.
    Jonsson, E.: An integrated framework for security and dependability. In: Proc. of the New Security Paradigms Workshop, Charlotteville, VA, USA (September 1995)Google Scholar
  36. 36.
    Jonsson, E.: Towards an integrated conceptual model of security and dependability. In: Proc. of the 1st Int. Conference on Availability, Reliability and Security, Vienna, Austria, April 20-22, pp. 646–653. IEEE Computer Society, Los Alamitos (2006)CrossRefGoogle Scholar
  37. 37.
    Jonsson, E., Stromberg, L., Lindskog, S.: On the functional relation between security and dependability impairments. In: Proc. of the New Security Paradigms Workshop, Ontario, Canada (1999)Google Scholar
  38. 38.
    Kozen, D.: Results on the propositional μ−calculus. Theoretical Computer Science 27(3), 333–354 (1983)MATHCrossRefMathSciNetGoogle Scholar
  39. 39.
    Kupferman, O., Vardi, M.Y.: Module checking. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 75–86. Springer, Heidelberg (1996)Google Scholar
  40. 40.
    Lamport, L.: Proving the correctness of multiprocess programs. IEEE Transactions of Software Engineering 7(21), 125–143 (1977)CrossRefMathSciNetGoogle Scholar
  41. 41.
    Lenzini, G.: Integration Techniques in Security and Fault Tolerance. PhD thesis, Univ. Twente (2005)Google Scholar
  42. 42.
    Lenzini, G., Tokmakoff, A., Muskens, J.: Managing trustworthiness in component-based embedded systems. ENTCS 179, 143–155 (2007)Google Scholar
  43. 43.
    Lind-Nielsen, J.: Mudiv: A program performing partial model checking. Master’s thesis, Department of Information Technology, Technical University of Denmark (September 1996)Google Scholar
  44. 44.
    Martinelli, F.: Formal Methods for the Analysis of Open Systems with Applications to Security Properties. PhD thesis, Univ. of Siena (December 1998)Google Scholar
  45. 45.
    Martinelli, F.: Partial Model Checking and Theorem Proving for Ensuring Security Properties. In: Proc. of the 11th IEEE Computer Security Foundations Workshop (CSFW 1998), Rockport, MA, USA, June 9-11, 1998, pp. 44–52. IEEE Computer Society Press, Los Alamitos (1998)Google Scholar
  46. 46.
    Martinelli, F.: Analysis of Security Protocols as Open Systems. Theoretical Computer Science 290(1), 1057–1106 (2003)MATHCrossRefMathSciNetGoogle Scholar
  47. 47.
    Meadows, C., McLean, J.: Security and dependability: Then and now. In: Proc. of Computer Security, Fault Tolerance, and Software Assurance: From Needs to Solutions - Workshop on Computer Security, Dependability, and Assurance, Williamsburg, VA, USA, November 1998, pp. 166–170. IEEE Computer Society, Los Alamitos (1999)CrossRefGoogle Scholar
  48. 48.
    Meadows, C.A.: Applying the dependability paradigm to computer security. In: Proc. of the 1995 workshop on New Security Paradigms, La Jolla, CA, USA, pp. 75–79. IEEE Computer Society, Los Alamitos (1995)CrossRefGoogle Scholar
  49. 49.
    Mei-Chen, H., Tsai, T.K., Iyer, R.K.: Fault injection techniques and tools. Computer 30(4), 75–82 (1997)CrossRefGoogle Scholar
  50. 50.
    Milner, R.: Communication and Concurrency. International Series in Computer Science. Prentice Hall, Englewood Cliffs (1989)MATHGoogle Scholar
  51. 51.
    Muskens, J., Chaudron, M.: Integrity management in component based systems. In: Proc. of the 30th EUROMICRO Conference, Rennes, France, September 1-3, 2004, pp. 611–619. IEEE Computer Society Press, Los Alamitos (2004)CrossRefGoogle Scholar
  52. 52.
    De Nicola, R., Fantechi, A., Gnesi, S., Ristori, G.: An action-based framework for verifying logical and behavioural properties of concurrent systems. Computer Networks and ISDN Systems 25(7), 761–778 (1993)MATHCrossRefGoogle Scholar
  53. 53.
    De Nicola, R., Vaandrager, F.W.: Three logics for branching bisimulation. J. ACM 42(2), 458–487 (1995)MATHCrossRefGoogle Scholar
  54. 54.
    Ramasamy, H.V., Pandey, P., Cukier, M., Sanders, H.: Experiences with building an intrusion-tolerant group communication system. Softw. Pract. Exper. 6(38), 639–666 (2008)CrossRefGoogle Scholar
  55. 55.
    Roscoe, A.W.: Model-checking CSP. Prentice Hall International (UK) Ltd., Englewood Cliffs (1994)Google Scholar
  56. 56.
    Serrano, D., Maña, A., Sotirious, A.D.: Towards security patterns. In: Proc. of the 2008 19th International Conference on Database and Expert Systems Application, pp. 287–291. IEEE Computer Society, Los Alamitos (2008)CrossRefGoogle Scholar
  57. 57.
    Simpson, A., Woodcock, J., Davis, J.: Safety through security. In: Proc. of the 9th Int. Workshop on Software Specification and Design, Ise-Shima (Isobe), Japan, April 16-18, 1998, pp. 18–23. IEEE Computer Society, Los Alamitos (1998)Google Scholar
  58. 58.
    Stavridou, V., Dutertre, B.: From security to safety and back. In: Proc. of Computer Security, Fault Tolerance, and Software Assurance: From Needs to Solutions - Workshop II, Williamsburg, VA, November 11-13 (1998)Google Scholar
  59. 59.
    Stavridou, V., Riemenschneider, R.A.: Provably dependable software architectures. In: Proc. of the 3rd Int. Workshop on Software Architecture, Orlando, FL, USA, pp. 133–136. ACM, New York (1998)CrossRefGoogle Scholar
  60. 60.
    Su, R., Chaudron, M.R.V.: Self-adjusting component-based fault management. In: EUROMICRO Conference, pp. 118–125 (2006)Google Scholar
  61. 61.
    Su, R., Chaudron, M.R.V., Lukkien, J.J.: Adaptive runtime fault management for service instances in component-based software applications. IET Software 1(1), 18–28 (2007)CrossRefGoogle Scholar
  62. 62.
    Majumdar, R., Henzinger, T.A., Kupferman, O.: On the universal and existential fragments of the μ-calculus. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 49–64. Springer, Heidelberg (2003)Google Scholar
  63. 63.
    Tanenbaum, A.S., van Steen, M.: Distributed Systems: Principles and Paradigms. In: Fault Tolerance ch.7. Prentice Hall, Englewood Cliffs (2002)Google Scholar
  64. 64.
    Veríssimo, P., Neves, N.F., Correia, M., Deswarte, Y., Bondavalli, A., Kalam, A.A., Daidone, A.: The CRUTIAL architecture for critical information infrastructures. In: Architecting Dependable Systems V, pp. 1–27 (2008)Google Scholar
  65. 65.
    Veríssimo, P., Neves, N.F., Correira, M.: The CRUTIAL reference critical information infrastructure architecture: a blueprint. Int. J. System of Systems Engineering 1(1:2), 78–95 (2008)CrossRefGoogle Scholar
  66. 66.
    Weber, D.G.: Formal specification of fault tolerance and its relation to computer security. In: Proc. of the 5th Int. Workshop on Software Specification and Design, pp. 273–277. ACM, New York (1989)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Gabriele Lenzini
    • 1
  • Fabio Martinelli
    • 2
  • Ilaria Matteucci
    • 2
  • Stefania Gnesi
    • 3
  1. 1.NovayEnschedeThe Netherlands
  2. 2.IIT C.N.R.PisaItaly
  3. 3.ISTI C.N.R.PisaItaly

Personalised recommendations