Checking secure information flow in Java bytecode by code transformation and standard bytecode verification

A method is presented for checking secure information flow in Java bytecode, assuming a multilevel security policy that assigns security levels to the objects. The method exploits the type‐level abstract interpretation of standard bytecode verification to detect illegal information flows. We define an algorithm transforming the original code into another code in such a way that a typing error detected by the Verifier on the transformed code corresponds to a possible illicit information flow in the original code. We present a prototype tool that implements the method and we show an example of application. Copyright © 2004 John Wiley & Sons, Ltd.     

A framework for formal analysis and simulative evaluation of security attacks in wireless sensor networks

Journal of Computer Virology and Hacking Techniques - When designing Wireless Sensor Networks it is important to analyze their security risks and provide adequate solutions for protecting them from...     

A Petri nets semantics for data flow networks

This work presents a truly concurrent operational semantics for nondeterministic data flow networks. We introduce a model, the df-process, which is a notion similar to that of non-sequential process for a Petri net: a df-process is defined as a mapping from an occurrence net K to a data flow net N, such that the places and the transitions of K are mapped onto the channels and the nodes of N. A df-process contains, by means of some labelling of the places, information on the value and the order in which data flow through the channels during a computation. Df-processes for a data flow network are characterized in an abstract way by a set of properties and in general a df-process corresponds to a set of computations of the network. We give a way to build the df-process corresponding to a computation incrementally at each event occurrence: a main result of the paper is that the incremental construction yields exactly the same set of df-processes as abstractly defined. We also show that df-processes are compositional. The model is intended to be used by distributed systems designers: it contains enough information to be a guideline for the designer and to be a base to develop dynamic checking tools. We outline how df-processes can be used in the design phase of a system.Research supported in part by Progetto Coordinato CNR ANATRA     

Verifying data secure flow in AUTOSAR models

This paper presents an approach for enhancing the design phase of AUTOSAR models when security annotations are required. The approach is based on information flow analysis and abstract interpretation. The analysis evaluates the correctness of the model by assessing if the flow of data is secure with respect to causal data dependencies within the model. To find these dependencies an exhaustive search through the model would be required. Abstract interpretation is used as a trade-off between the precision and complexity of the analysis. The approach also provides annotated models without oversizing the set of annotations.     

SRAM-Based FPGA Systems for Safety-Critical Applications：A Survey on Design Standards and Proposed Methodologies

As the ASIC design cost becomes affordable only for very large-scale productions, the FPGA technology is currently becoming the leading technology for those applications that require a small-scale prod...     

A Formal Verification Environment for Railway Signaling System Design

A fundamental problem in the design and development of embedded control systems is the verification of safety requirements. Formal methods, offering a mathematical way to specify and analyze the behavior of a system, together with the related support tools can successfully be applied in the formal proof that a system is safe. However, the complexity of real systems is such that automated tools often fail to formally validate such systems.This paper outlines an experience on formal specification and verification carried out in a pilot project aiming at the validation of a railway computer based interlocking system. Both the specification and the verification phases were carried out in the JACK (Just Another Concurrency Kit) integrated environment. The formal specification of the system was done by means of process algebra terms. The formal verification of the safety requirements was done first by giving a logical specification of such safety requirements, and then by means of model checking algorithms. Abstraction techniques were defined to make the problem of safety requirements validation tractable by the JACK environment.     

Formal validation of fault-tolerance mechanisms inside GUARDS

In this paper we report the experiments carried out during the specification and validation of the fault-tolerance mechanisms developed in the European project Generic Upgradable Architecture for Real-time Dependable Systems (GUARDS). These mechanisms are the components of an architecture developed for embedded safety-critical systems. The validation approach is based on model-checking techniques and exploits the verification methodology supported by the Just Another Concurrency Kit (JACK) environment. The properties that guarantee the desired behaviour of the mechanisms are specified as temporal logic formulae; the JACK model-checker is then used to verify that the behaviour of the mechanisms satisfy such properties also in the presence of faults.     

Formalization and co-simulation of attacks on cyber-physical systems

Journal of Computer Virology and Hacking Techniques - This paper presents a methodology for the formal modeling of security attacks on cyber-physical systems, and the analysis of their effects on...