Multi-representational security analysis
Security attacks often exploit flaws that are not anticipated in an abstract design, but are introduced inadvertently when high-level interactions in the design are mapped to low-level behaviors in the supporting platform. This paper proposes a multi-representational approach to security analysis, w...
Main Authors: | , , |
---|---|
Other Authors: | |
Format: | Article |
Language: | en_US |
Published: |
Association for Computing Machinery (ACM)
2018
|
Online Access: | http://hdl.handle.net/1721.1/115491 https://orcid.org/0000-0003-4864-078X |
_version_ | 1811083034718371840 |
---|---|
author | Kang, Eunsuk Milicevic, Aleksandar Jackson, Daniel |
author2 | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory |
author_facet | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Kang, Eunsuk Milicevic, Aleksandar Jackson, Daniel |
author_sort | Kang, Eunsuk |
collection | MIT |
description | Security attacks often exploit flaws that are not anticipated in an abstract design, but are introduced inadvertently when high-level interactions in the design are mapped to low-level behaviors in the supporting platform. This paper proposes a multi-representational approach to security analysis, where models capturing distinct (but possibly overlapping) views of a system are automatically composed in order to enable an end-to-end analysis. This approach allows the designer to incrementally explore the impact of design decisions on security, and discover attacks that span multiple layers of the system. This paper describes Poirot, a prototype implementation of the approach, and reports on our experience on applying Poirot to detect previously unknown security flaws in publicly deployed systems. |
first_indexed | 2024-09-23T12:18:57Z |
format | Article |
id | mit-1721.1/115491 |
institution | Massachusetts Institute of Technology |
language | en_US |
last_indexed | 2024-09-23T12:18:57Z |
publishDate | 2018 |
publisher | Association for Computing Machinery (ACM) |
record_format | dspace |
spelling | mit-1721.1/1154912024-07-19T19:54:04Z Multi-representational security analysis Kang, Eunsuk Milicevic, Aleksandar Jackson, Daniel Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory Jackson, Daniel Security attacks often exploit flaws that are not anticipated in an abstract design, but are introduced inadvertently when high-level interactions in the design are mapped to low-level behaviors in the supporting platform. This paper proposes a multi-representational approach to security analysis, where models capturing distinct (but possibly overlapping) views of a system are automatically composed in order to enable an end-to-end analysis. This approach allows the designer to incrementally explore the impact of design decisions on security, and discover attacks that span multiple layers of the system. This paper describes Poirot, a prototype implementation of the approach, and reports on our experience on applying Poirot to detect previously unknown security flaws in publicly deployed systems. National Science Foundation (U.S.) (Award CRD-0707612) Singapore University of Technology and Design 2018-05-18T17:19:08Z 2018-05-18T17:19:08Z 2016-11 Article http://purl.org/eprint/type/ConferencePaper 978-1-4503-4218-6 http://hdl.handle.net/1721.1/115491 Kang, Eunsuk, et al. "Multi-Representational Security Analysis." FSE 2016 Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 13-19 November, 2016, Seattle, Washington, ACM Press, 2016, pp. 181–92. https://orcid.org/0000-0003-4864-078X en_US http://dx.doi.org/10.1145/2950290.2950356 Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2016 Creative Commons Attribution-Noncommercial-Share Alike http://creativecommons.org/licenses/by-nc-sa/4.0/ application/pdf Association for Computing Machinery (ACM) MIT Web Domain |
spellingShingle | Kang, Eunsuk Milicevic, Aleksandar Jackson, Daniel Multi-representational security analysis |
title | Multi-representational security analysis |
title_full | Multi-representational security analysis |
title_fullStr | Multi-representational security analysis |
title_full_unstemmed | Multi-representational security analysis |
title_short | Multi-representational security analysis |
title_sort | multi representational security analysis |
url | http://hdl.handle.net/1721.1/115491 https://orcid.org/0000-0003-4864-078X |
work_keys_str_mv | AT kangeunsuk multirepresentationalsecurityanalysis AT milicevicaleksandar multirepresentationalsecurityanalysis AT jacksondaniel multirepresentationalsecurityanalysis |