SlideShare a Scribd company logo

Engineering Topology Aware Adaptive Security: Preventing Requirements Violations at Runtime

Download as PPTX, PDF
L
Liliana Pasquale

Adaptive security systems aim to protect critical assets in the face of changes in their operational environment. We have argued that incorporating an explicit representation of the environment’s topology enables reasoning on the location of assets being protected and the proximity of potentially harmful agents. This paper proposes to engineer topology aware adaptive security systems by identifying violations of security requirements that may be caused by topological changes, and selecting a set of security controls that prevent such violations. Our approach focuses on physical topologies; it maintains at runtime a live representation of the topology which is updated when assets or agents move, or when the structure of the physical space is altered. When the topology changes, we look ahead at a subset of the future system states. These states are reachable when the agents move within the physical space. If security requirements can be violated in future system states, a configuration of security controls is proactively applied to prevent the system from reaching those states. Thus, the system continuously adapts to topological stimuli, while maintaining requirements satisfaction. Security requirements are formally expressed using a propositional temporal logic, encoding spatial properties in Computation Tree Logic (CTL). The Ambient Calculus is used to represent the topology of the operational environment - including location of assets and agents - as well as to identify future system states that are reachable from the current one. The approach is demonstrated and evaluated using a substantive example concerned with physical access control.

Engineering
1 of 44
Engineering Topology Aware Adaptive Security: Preventing Requirements Violations at Runtime Christos Tsigkanos1, Liliana Pasquale2, Claudio Menghi1, Carlo Ghezzi1, Bashar Nuseibeh2,3 1Politecnico di Milano 2Lero 3The Open University
Motivation Engineering adaptive security systems that continue to protect critical assets in the face of changes in their operational environment. Analysis Environment (Topology) Monitoring Planning System Security Controls Execution Security Requirements X
Topology Structure of space Location of objects and agents • Proximity • Reachability
Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas.
Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas.
Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas. Placement of physical objects and agents.
Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas. Placement of physical objects and agents.
Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas. Placement of physical objects and agents. Proximity Colocation in the same physical area.
Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas. Placement of physical objects and agents. Proximity Colocation in the same physical area. Reachability Accessibility of a physical agent/object to physical areas/objects.
Topology Helps Identify Relevant Security Concerns Security Concern Topological Concept Assets Agent, Object Threat Agent Attack Topology Structure and Relationships Vulnerability Characteristic of an object or area Security Control Location of assets and vulnerabilities
Topology Helps Identify Relevant Security Concerns Security Concern Topological Concept Assets Agent, Object Threat Agent Attack Topology Structure and Relationships Vulnerability Characteristic of an object or area Security Control Location of assets and vulnerabilities
Topology Helps Identify Relevant Security Concerns Security Concern Topological Concept Assets Agent, Object Threat Agent Attack Topology Structure and Relationships Vulnerability Characteristic of an object or area Security Control Location of assets and vulnerabilities
Topology Helps Identify Relevant Security Concerns Security Concern Topological Concept Assets Agent, Object Threat Agent Attack Topology Structure and Relationships Vulnerability Characteristic of an object or area Security Control Location of assets and vulnerabilities
Topology Helps Identify Relevant Security Concerns Security Concern Topological Concept Assets Agent, Object Threat Agent Attack Topology Structure and Relationships Vulnerability Characteristic of an object or area Security Control Location of assets and vulnerabilities Forbid access to O6.
… But Topology Changes Topology changes determined by agents/assets movements may facilitate different attacks and render enabled security controls ineffective.
Topology Changes Examples (1/2) Topology change: Potential threat: Bob enters office O6 Eve can access O6 and eavesdrop the safe’s key code
Topology Changes Examples (1/2) Topology change: Potential threat: Bob enters office O6 Eve can access O6 and eavesdrop the safe’s key code
Topology Changes Examples (2/2) Topology change: Potential threat: A valuable server is placed in office O2 Mallory can tamper with the server Server
Topology Changes Examples (2/2) Topology change: Potential threat: A valuable server is placed in office O2 Mallory can tamper with the server Server
Topology Aware Adaptive Security How to engineer the activities of the MAPE loop to reconfigure security controls at runtime when topology changes
Engineering Topology Aware Adaptive Security
Modeling the Topology of the Environment Ambient Calculus … how we use it? For Example: A2[ Eve | Bob | O5 | O6[ Safe ] | O7 ] • Locations, Agents and Assets are specific kinds of Ambients • Agents can move spontaneously depending on their current location
Monitoring
Monitoring The topology model is updated after changes in the environment are detected. For Example: if Eve moves to room O6 A2[ Eve | Bob | O5 | O6[ Safe ] | O7 ] A2[ Bob | O5 | O6[ Eve | Safe ] | O7 ]
Threat Analysis
Threat Analysis Identify violations of security requirements that can take place in future evolutions of the topology model. 1. Generation of future topological configurations 2. Identification of security requirements violations
Generation of Future Topological Configurations
Generation of Future Topological Configurations
Generation of Future Topological Configurations
Threat Analysis Identify violations of security requirements that can take place in future evolutions of the topology model. 1. Generation of future topological configurations 2. Identification of security requirements violations
Specifying Requirements Computation Tree Logic • Branching time logic • Semantics in terms of states and paths For example: Never Bob with another agent in room O6
Identification of Requirements Violations Security Requirement:
Planning
Planning Select security controls that prevent security requirements violations Remove future paths of execution that should not be reached – Progressively pruning the LTS until violating states do not exists – Ensuring satisfaction of other requirements
Planning X X X
Planning Functional Requirement:
Planning X X
Planning Functional Requirement:
Execution
Execution Revoke from agents the permission to access to specific areas depending on the pruned LTS transitions In our example … Pruned LTS Transition: <Eve in O6> Security Control: Revoke from Eve access to O6
Evaluation Applicability Prototype Realisation – Analysis • Ambient Calculus model checking • Domain-specific heuristics – Planning • Security controls selection Expressiveness  Permission  Prohibition X Obligation X Dispensation
Conclusion & Future Work Conclusion A systematic approach to engineer adaptive security systems – Formal representation of the physical topology – Identification of security requirements violations by model checking – Selection of security controls that prevent violations of security requirements Future Work • Investigate applicability to Cyber-Physical Systems • Further evaluate the approach with practitioners
Questions?
Engineering Topology Aware Adaptive Security: Preventing Requirements Violations at Runtime

Recommended

Network topologies
Network topologiesNetwork topologies
Network topologiesNorah Saad
 
Sophos - Fundamentals - Certfied Engineer
Sophos - Fundamentals - Certfied EngineerSophos - Fundamentals - Certfied Engineer
Sophos - Fundamentals - Certfied EngineerWojciech (Voy-tec) Grajewski
 
Network Topologies
Network TopologiesNetwork Topologies
Network TopologieseShikshak
 
NETWORK TOPOLOGIES (NETWORK TOPOLOGY)
NETWORK TOPOLOGIES (NETWORK TOPOLOGY)NETWORK TOPOLOGIES (NETWORK TOPOLOGY)
NETWORK TOPOLOGIES (NETWORK TOPOLOGY)𝖆𝖑𝖕𝖍𝖆 𝖆𝖑𝖕𝖍𝖆
 
Network topology
Network topologyNetwork topology
Network topologylekshmik
 
Topology presentation
Topology presentationTopology presentation
Topology presentationJobaida Nahar
 
Network topology.ppt
Network topology.pptNetwork topology.ppt
Network topology.pptSiddique Ibrahim
 
Access control
Access controlAccess control
Access controlarj_presenter
 

Recommended

Network topologies
Network topologiesNetwork topologies
Network topologiesNorah Saad
 
Sophos - Fundamentals - Certfied Engineer
Sophos - Fundamentals - Certfied EngineerSophos - Fundamentals - Certfied Engineer
Sophos - Fundamentals - Certfied EngineerWojciech (Voy-tec) Grajewski
 
Network Topologies
Network TopologiesNetwork Topologies
Network TopologieseShikshak
 
NETWORK TOPOLOGIES (NETWORK TOPOLOGY)
NETWORK TOPOLOGIES (NETWORK TOPOLOGY)NETWORK TOPOLOGIES (NETWORK TOPOLOGY)
NETWORK TOPOLOGIES (NETWORK TOPOLOGY)𝖆𝖑𝖕𝖍𝖆 𝖆𝖑𝖕𝖍𝖆
 
Network topology
Network topologyNetwork topology
Network topologylekshmik
 
Topology presentation
Topology presentationTopology presentation
Topology presentationJobaida Nahar
 
Network topology.ppt
Network topology.pptNetwork topology.ppt
Network topology.pptSiddique Ibrahim
 
Access control
Access controlAccess control
Access controlarj_presenter
 
Dynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeDynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeMahsa Teimourikia
 
Global Services for Global Science March 2023.pptx
Global Services for Global Science March 2023.pptxGlobal Services for Global Science March 2023.pptx
Global Services for Global Science March 2023.pptxIan Foster
 
Spatial Studio is an Important analytic tool.pdf
Spatial Studio is an Important analytic tool.pdfSpatial Studio is an Important analytic tool.pdf
Spatial Studio is an Important analytic tool.pdfNicholas Toscano
 
Innoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and moreInnoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and moreElizabeth Steiner
 
Logic for security
Logic for security Logic for security
Logic for security rainoftime
 
Executable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security PoliciesExecutable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security Policiesijwmn
 
Rbi final report
Rbi final reportRbi final report
Rbi final reportRicardo Torres Tufiño
 
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshAutomated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshMatt Turner
 
Scalable and Cost-Effective Model-Based Software Verification and Testing
Scalable and Cost-Effective Model-Based Software Verification and TestingScalable and Cost-Effective Model-Based Software Verification and Testing
Scalable and Cost-Effective Model-Based Software Verification and TestingLionel Briand
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgJohn M. Kennedy
 
Transfer Learning for Performance Analysis of Highly-Configurable Software
Transfer Learning for Performance Analysis of Highly-Configurable SoftwareTransfer Learning for Performance Analysis of Highly-Configurable Software
Transfer Learning for Performance Analysis of Highly-Configurable SoftwarePooyan Jamshidi
 
Threat modeling demystified
Threat modeling demystifiedThreat modeling demystified
Threat modeling demystifiedPriyanka Aash
 
Risks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsRisks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsMahsa Teimourikia
 
SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...
SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...
SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...SMART Infrastructure Facility
 
An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...Marina Riga
 
Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...
Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...
Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...Society of Women Engineers
 
Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...
Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...
Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...Cynapsys It Hotspot
 
SECURITY PLANNING DESIGN (SESSION 3).ppt
SECURITY PLANNING DESIGN (SESSION 3).pptSECURITY PLANNING DESIGN (SESSION 3).ppt
SECURITY PLANNING DESIGN (SESSION 3).pptMajor K. Subramaniam Kmaravehlu
 
Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018Dinis Cruz
 
Iso 27001
Iso 27001Iso 27001
Iso 27001jooo king
 
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdfAlexander Litvinenko
 
21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docx21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docxrahulmanepalli02
 

More Related Content

Similar to Engineering Topology Aware Adaptive Security: Preventing Requirements Violations at Runtime

Dynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeDynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeMahsa Teimourikia
 
Global Services for Global Science March 2023.pptx
Global Services for Global Science March 2023.pptxGlobal Services for Global Science March 2023.pptx
Global Services for Global Science March 2023.pptxIan Foster
 
Spatial Studio is an Important analytic tool.pdf
Spatial Studio is an Important analytic tool.pdfSpatial Studio is an Important analytic tool.pdf
Spatial Studio is an Important analytic tool.pdfNicholas Toscano
 
Innoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and moreInnoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and moreElizabeth Steiner
 
Logic for security
Logic for security Logic for security
Logic for security rainoftime
 
Executable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security PoliciesExecutable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security Policiesijwmn
 
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshAutomated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshMatt Turner
 
Scalable and Cost-Effective Model-Based Software Verification and Testing
Scalable and Cost-Effective Model-Based Software Verification and TestingScalable and Cost-Effective Model-Based Software Verification and Testing
Scalable and Cost-Effective Model-Based Software Verification and TestingLionel Briand
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgJohn M. Kennedy
 
Transfer Learning for Performance Analysis of Highly-Configurable Software
Transfer Learning for Performance Analysis of Highly-Configurable SoftwareTransfer Learning for Performance Analysis of Highly-Configurable Software
Transfer Learning for Performance Analysis of Highly-Configurable SoftwarePooyan Jamshidi
 
Threat modeling demystified
Threat modeling demystifiedThreat modeling demystified
Threat modeling demystifiedPriyanka Aash
 
Risks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsRisks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsMahsa Teimourikia
 
SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...
SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...
SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...SMART Infrastructure Facility
 
An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...Marina Riga
 
Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...
Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...
Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...Society of Women Engineers
 
Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...
Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...
Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...Cynapsys It Hotspot
 
Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018Dinis Cruz
 

Similar to Engineering Topology Aware Adaptive Security: Preventing Requirements Violations at Runtime (20)

Dynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental KnowledgeDynamic Security Modeling in Risk Management Using Environmental Knowledge
Dynamic Security Modeling in Risk Management Using Environmental Knowledge
 
Global Services for Global Science March 2023.pptx
Global Services for Global Science March 2023.pptxGlobal Services for Global Science March 2023.pptx
Global Services for Global Science March 2023.pptx
 
Spatial Studio is an Important analytic tool.pdf
Spatial Studio is an Important analytic tool.pdfSpatial Studio is an Important analytic tool.pdf
Spatial Studio is an Important analytic tool.pdf
 
Innoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and moreInnoslate's Ontology - LML, SysML, DoDAF, and more
Innoslate's Ontology - LML, SysML, DoDAF, and more
 
Logic for security
Logic for security Logic for security
Logic for security
 
Executable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security PoliciesExecutable Security Policies: Specification and Validation of Security Policies
Executable Security Policies: Specification and Validation of Security Policies
 
Rbi final report
Rbi final reportRbi final report
Rbi final report
 
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service MeshAutomated Cloud-Native Incident Response with Kubernetes and Service Mesh
Automated Cloud-Native Incident Response with Kubernetes and Service Mesh
 
Scalable and Cost-Effective Model-Based Software Verification and Testing
Scalable and Cost-Effective Model-Based Software Verification and TestingScalable and Cost-Effective Model-Based Software Verification and Testing
Scalable and Cost-Effective Model-Based Software Verification and Testing
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
 
Transfer Learning for Performance Analysis of Highly-Configurable Software
Transfer Learning for Performance Analysis of Highly-Configurable SoftwareTransfer Learning for Performance Analysis of Highly-Configurable Software
Transfer Learning for Performance Analysis of Highly-Configurable Software
 
Threat modeling demystified
Threat modeling demystifiedThreat modeling demystified
Threat modeling demystified
 
Risks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access ControlsRisks in Smart Environments and Adaptive Access Controls
Risks in Smart Environments and Adaptive Access Controls
 
SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...
SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...
SMART Seminar Series: "Trusted Autonomous Systems as System of Systems". Pres...
 
An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...
 
Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...
Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...
Technology Insertion: A Well-Grounded Approach to Implementing Out of this Wo...
 
Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...
Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...
Présentation noura baccar " Innovation on Indoor GeoLocalization Applications...
 
SECURITY PLANNING DESIGN (SESSION 3).ppt
SECURITY PLANNING DESIGN (SESSION 3).pptSECURITY PLANNING DESIGN (SESSION 3).ppt
SECURITY PLANNING DESIGN (SESSION 3).ppt
 
Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018Using security to drive chaos engineering - April 2018
Using security to drive chaos engineering - April 2018
 
Iso 27001
Iso 27001Iso 27001
Iso 27001
 

Recently uploaded

litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdfAlexander Litvinenko
 
21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docx21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docxrahulmanepalli02
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Ramkumar k
 
Seizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networksSeizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networksIJECEIAES
 
SLIDESHARE PPT-DECISION MAKING METHODS.pptx
SLIDESHARE PPT-DECISION MAKING METHODS.pptxSLIDESHARE PPT-DECISION MAKING METHODS.pptx
SLIDESHARE PPT-DECISION MAKING METHODS.pptxCHAIRMAN M
 
What is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, FunctionsWhat is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, FunctionsVIEW
 
handbook on reinforce concrete and detailing
handbook on reinforce concrete and detailinghandbook on reinforce concrete and detailing
handbook on reinforce concrete and detailingAshishSingh1301
 
Final DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualFinal DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualBalamuruganV28
 
CLOUD COMPUTING SERVICES - Cloud Reference Modal
CLOUD COMPUTING SERVICES - Cloud Reference ModalCLOUD COMPUTING SERVICES - Cloud Reference Modal
CLOUD COMPUTING SERVICES - Cloud Reference ModalSwarnaSLcse
 
The Entity-Relationship Model(ER Diagram).pptx
The Entity-Relationship Model(ER Diagram).pptxThe Entity-Relationship Model(ER Diagram).pptx
The Entity-Relationship Model(ER Diagram).pptxMANASINANDKISHORDEOR
 
Artificial Intelligence in due diligence
Artificial Intelligence in due diligenceArtificial Intelligence in due diligence
Artificial Intelligence in due diligencemahaffeycheryld
 
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdfInstruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdfEr.Sonali Nasikkar
 
Independent Solar-Powered Electric Vehicle Charging Station
Independent Solar-Powered Electric Vehicle Charging StationIndependent Solar-Powered Electric Vehicle Charging Station
Independent Solar-Powered Electric Vehicle Charging Stationsiddharthteach18
 
Software Engineering Practical File Front Pages.pdf
Software Engineering Practical File Front Pages.pdfSoftware Engineering Practical File Front Pages.pdf
Software Engineering Practical File Front Pages.pdfssuser5c9d4b1
 
Dynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxDynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxMustafa Ahmed
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsMathias Magdowski
 
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas SachpazisSeismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas SachpazisDr.Costas Sachpazis
 
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...josephjonse
 
15-Minute City: A Completely New Horizon
15-Minute City: A Completely New Horizon15-Minute City: A Completely New Horizon
15-Minute City: A Completely New HorizonMorshed Ahmed Rahath
 
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and ToolsMaximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Toolssoginsider
 

Recently uploaded (20)

litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdflitvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
litvinenko_Henry_Intrusion_Hong-Kong_2024.pdf
 
21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docx21P35A0312 Internship eccccccReport.docx
21P35A0312 Internship eccccccReport.docx
 
Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)Theory of Time 2024 (Universal Theory for Everything)
Theory of Time 2024 (Universal Theory for Everything)
 
Seizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networksSeizure stage detection of epileptic seizure using convolutional neural networks
Seizure stage detection of epileptic seizure using convolutional neural networks
 
SLIDESHARE PPT-DECISION MAKING METHODS.pptx
SLIDESHARE PPT-DECISION MAKING METHODS.pptxSLIDESHARE PPT-DECISION MAKING METHODS.pptx
SLIDESHARE PPT-DECISION MAKING METHODS.pptx
 
What is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, FunctionsWhat is Coordinate Measuring Machine? CMM Types, Features, Functions
What is Coordinate Measuring Machine? CMM Types, Features, Functions
 
handbook on reinforce concrete and detailing
handbook on reinforce concrete and detailinghandbook on reinforce concrete and detailing
handbook on reinforce concrete and detailing
 
Final DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualFinal DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manual
 
CLOUD COMPUTING SERVICES - Cloud Reference Modal
CLOUD COMPUTING SERVICES - Cloud Reference ModalCLOUD COMPUTING SERVICES - Cloud Reference Modal
CLOUD COMPUTING SERVICES - Cloud Reference Modal
 
The Entity-Relationship Model(ER Diagram).pptx
The Entity-Relationship Model(ER Diagram).pptxThe Entity-Relationship Model(ER Diagram).pptx
The Entity-Relationship Model(ER Diagram).pptx
 
Artificial Intelligence in due diligence
Artificial Intelligence in due diligenceArtificial Intelligence in due diligence
Artificial Intelligence in due diligence
 
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdfInstruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
Instruct Nirmaana 24-Smart and Lean Construction Through Technology.pdf
 
Independent Solar-Powered Electric Vehicle Charging Station
Independent Solar-Powered Electric Vehicle Charging StationIndependent Solar-Powered Electric Vehicle Charging Station
Independent Solar-Powered Electric Vehicle Charging Station
 
Software Engineering Practical File Front Pages.pdf
Software Engineering Practical File Front Pages.pdfSoftware Engineering Practical File Front Pages.pdf
Software Engineering Practical File Front Pages.pdf
 
Dynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptxDynamo Scripts for Task IDs and Space Naming.pptx
Dynamo Scripts for Task IDs and Space Naming.pptx
 
Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility Applications
 
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas SachpazisSeismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
 
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...8th International Conference on Soft Computing, Mathematics and Control (SMC ...
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
 
15-Minute City: A Completely New Horizon
15-Minute City: A Completely New Horizon15-Minute City: A Completely New Horizon
15-Minute City: A Completely New Horizon
 
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and ToolsMaximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
Maximizing Incident Investigation Efficacy in Oil & Gas: Techniques and Tools
 

Engineering Topology Aware Adaptive Security: Preventing Requirements Violations at Runtime

  • 1. Engineering Topology Aware Adaptive Security: Preventing Requirements Violations at Runtime Christos Tsigkanos1, Liliana Pasquale2, Claudio Menghi1, Carlo Ghezzi1, Bashar Nuseibeh2,3 1Politecnico di Milano 2Lero 3The Open University
  • 2. Motivation Engineering adaptive security systems that continue to protect critical assets in the face of changes in their operational environment. Analysis Environment (Topology) Monitoring Planning System Security Controls Execution Security Requirements X
  • 3. Topology Structure of space Location of objects and agents • Proximity • Reachability
  • 4. Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas.
  • 5. Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas.
  • 6. Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas. Placement of physical objects and agents.
  • 7. Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas. Placement of physical objects and agents.
  • 8. Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas. Placement of physical objects and agents. Proximity Colocation in the same physical area.
  • 9. Physical Topology Structure of space Location of objects and agents • Proximity • Reachability Containment into physical areas. Placement of physical objects and agents. Proximity Colocation in the same physical area. Reachability Accessibility of a physical agent/object to physical areas/objects.
  • 10. Topology Helps Identify Relevant Security Concerns Security Concern Topological Concept Assets Agent, Object Threat Agent Attack Topology Structure and Relationships Vulnerability Characteristic of an object or area Security Control Location of assets and vulnerabilities
  • 11. Topology Helps Identify Relevant Security Concerns Security Concern Topological Concept Assets Agent, Object Threat Agent Attack Topology Structure and Relationships Vulnerability Characteristic of an object or area Security Control Location of assets and vulnerabilities
  • 12. Topology Helps Identify Relevant Security Concerns Security Concern Topological Concept Assets Agent, Object Threat Agent Attack Topology Structure and Relationships Vulnerability Characteristic of an object or area Security Control Location of assets and vulnerabilities
  • 13. Topology Helps Identify Relevant Security Concerns Security Concern Topological Concept Assets Agent, Object Threat Agent Attack Topology Structure and Relationships Vulnerability Characteristic of an object or area Security Control Location of assets and vulnerabilities
  • 14. Topology Helps Identify Relevant Security Concerns Security Concern Topological Concept Assets Agent, Object Threat Agent Attack Topology Structure and Relationships Vulnerability Characteristic of an object or area Security Control Location of assets and vulnerabilities Forbid access to O6.
  • 15. … But Topology Changes Topology changes determined by agents/assets movements may facilitate different attacks and render enabled security controls ineffective.
  • 16. Topology Changes Examples (1/2) Topology change: Potential threat: Bob enters office O6 Eve can access O6 and eavesdrop the safe’s key code
  • 17. Topology Changes Examples (1/2) Topology change: Potential threat: Bob enters office O6 Eve can access O6 and eavesdrop the safe’s key code
  • 18. Topology Changes Examples (2/2) Topology change: Potential threat: A valuable server is placed in office O2 Mallory can tamper with the server Server
  • 19. Topology Changes Examples (2/2) Topology change: Potential threat: A valuable server is placed in office O2 Mallory can tamper with the server Server
  • 20. Topology Aware Adaptive Security How to engineer the activities of the MAPE loop to reconfigure security controls at runtime when topology changes
  • 21. Engineering Topology Aware Adaptive Security
  • 22. Modeling the Topology of the Environment Ambient Calculus … how we use it? For Example: A2[ Eve | Bob | O5 | O6[ Safe ] | O7 ] • Locations, Agents and Assets are specific kinds of Ambients • Agents can move spontaneously depending on their current location
  • 24. Monitoring The topology model is updated after changes in the environment are detected. For Example: if Eve moves to room O6 A2[ Eve | Bob | O5 | O6[ Safe ] | O7 ] A2[ Bob | O5 | O6[ Eve | Safe ] | O7 ]
  • 26. Threat Analysis Identify violations of security requirements that can take place in future evolutions of the topology model. 1. Generation of future topological configurations 2. Identification of security requirements violations
  • 27. Generation of Future Topological Configurations
  • 28. Generation of Future Topological Configurations
  • 29. Generation of Future Topological Configurations
  • 30. Threat Analysis Identify violations of security requirements that can take place in future evolutions of the topology model. 1. Generation of future topological configurations 2. Identification of security requirements violations
  • 31. Specifying Requirements Computation Tree Logic • Branching time logic • Semantics in terms of states and paths For example: Never Bob with another agent in room O6
  • 32. Identification of Requirements Violations Security Requirement:
  • 34. Planning Select security controls that prevent security requirements violations Remove future paths of execution that should not be reached – Progressively pruning the LTS until violating states do not exists – Ensuring satisfaction of other requirements
  • 40. Execution Revoke from agents the permission to access to specific areas depending on the pruned LTS transitions In our example … Pruned LTS Transition: <Eve in O6> Security Control: Revoke from Eve access to O6
  • 41. Evaluation Applicability Prototype Realisation – Analysis • Ambient Calculus model checking • Domain-specific heuristics – Planning • Security controls selection Expressiveness  Permission  Prohibition X Obligation X Dispensation
  • 42. Conclusion & Future Work Conclusion A systematic approach to engineer adaptive security systems – Formal representation of the physical topology – Identification of security requirements violations by model checking – Selection of security controls that prevent violations of security requirements Future Work • Investigate applicability to Cyber-Physical Systems • Further evaluate the approach with practitioners

Editor's Notes

  1. This work was done in collaboration with researchers from Politecnico di Milano: … and with Bashar Nuseibeh from Lero and the Open University
  2. The main challenge our work tries to address is to engineer adaptive security systems that continue to protect critical assets in the face of changes in their operational environment. They do so by performing the activities of the MAPE adaptation loop. In particular, adaptive security systems monitor and analyse their operational environment in order to detect possible future violations of security requirements and identify and deploy security controls aimed to prevent the potential violations identified during the analysis. incorporating an explicit representation of the environment’s topology enables reasoning about both structural and semantic awareness of important contextual characteristics that can affect security Concerns and therefore engineering more effective adaptive security systems.
  3. In a general sense, topology refers to the study of shapes and spaces, including properties such as connectedness and boundary Make it clear that topology represents the structure of the space plus some additional properties. Remember to mention that space can be both physical and digital
  4. For this paper we focused on physical topologies. Here it is an example of a floor plan of a university building, where we have areas, rooms, agents and objects. A representation of the topology identifies the structure of space and the location of objects and agents in that space. A physical topology represents the location of physical agents (e.g., humans, robots) and objects in a physical environment (e.g., a building) and their structural relationships (e.g., agents-objects proximity). Figure ?? shows a representation of the physical topology of a corporate building that is composed of rooms R1, R2 and R3. This topology also represents physical objects, such as lab equipment (e.g., microscope M) and a desktop (D) that are located in rooms R2 and R3, respectively, and human agents such as a visitor (V) and an employee (E). In this example, a containment relationship exists if an area contains objects/agents (e.g., room R1 contains agents V and E, or the building belongs to a specific department). A proximity relationship identifies the distance between two agents/objects or whether these are simply co-located in the same area. In this example, a visitor is co-located with an employee. A reachability relationship expresses if an agent can access another area or reach an object from a specific location. For example, room R2 can be accessed by the employee and the visitor who are in room R1, or M can be reached by those agents who are in room R2. For a physical topology, accessibility always requires agents-objects proximity.
  5. Here there is an example of physical topology and explain exactly each element! In a general sense, topology refers to the study of shapes and spaces, including properties such as connectedness and boundary. A representation of the topology identifies the structure of space and the location of objects and agents in that space. A physical topology represents the location of physical agents (e.g., humans, robots) and objects in a physical environment (e.g., a building) and their structural relationships (e.g., agents-objects proximity). Figure ?? shows a representation of the physical topology of a corporate building that is composed of rooms R1, R2 and R3. This topology also represents physical objects, such as lab equipment (e.g., microscope M) and a desktop (D) that are located in rooms R2 and R3, respectively, and human agents such as a visitor (V) and an employee (E). In this example, a containment relationship exists if an area contains objects/agents (e.g., room R1 contains agents V and E, or the building belongs to a specific department). A proximity relationship identifies the distance between two agents/objects or whether these are simply co-located in the same area. In this example, a visitor is co-located with an employee. A reachability relationship expresses if an agent can access another area or reach an object from a specific location. For example, room R2 can be accessed by the employee and the visitor who are in room R1, or M can be reached by those agents who are in room R2. For a physical topology, accessibility always requires agents-objects proximity.
  6. Here there is an example of physical topology and explain exactly each element! In a general sense, topology refers to the study of shapes and spaces, including properties such as connectedness and boundary. A representation of the topology identifies the structure of space and the location of objects and agents in that space. A physical topology represents the location of physical agents (e.g., humans, robots) and objects in a physical environment (e.g., a building) and their structural relationships (e.g., agents-objects proximity). Figure ?? shows a representation of the physical topology of a corporate building that is composed of rooms R1, R2 and R3. This topology also represents physical objects, such as lab equipment (e.g., microscope M) and a desktop (D) that are located in rooms R2 and R3, respectively, and human agents such as a visitor (V) and an employee (E). In this example, a containment relationship exists if an area contains objects/agents (e.g., room R1 contains agents V and E, or the building belongs to a specific department). A proximity relationship identifies the distance between two agents/objects or whether these are simply co-located in the same area. In this example, a visitor is co-located with an employee. A reachability relationship expresses if an agent can access another area or reach an object from a specific location. For example, room R2 can be accessed by the employee and the visitor who are in room R1, or M can be reached by those agents who are in room R2. For a physical topology, accessibility always requires agents-objects proximity.
  7. Here there is an example of physical topology and explain exactly each element! In a general sense, topology refers to the study of shapes and spaces, including properties such as connectedness and boundary. A representation of the topology identifies the structure of space and the location of objects and agents in that space. A physical topology represents the location of physical agents (e.g., humans, robots) and objects in a physical environment (e.g., a building) and their structural relationships (e.g., agents-objects proximity). Figure ?? shows a representation of the physical topology of a corporate building that is composed of rooms R1, R2 and R3. This topology also represents physical objects, such as lab equipment (e.g., microscope M) and a desktop (D) that are located in rooms R2 and R3, respectively, and human agents such as a visitor (V) and an employee (E). In this example, a containment relationship exists if an area contains objects/agents (e.g., room R1 contains agents V and E, or the building belongs to a specific department). A proximity relationship identifies the distance between two agents/objects or whether these are simply co-located in the same area. In this example, a visitor is co-located with an employee. A reachability relationship expresses if an agent can access another area or reach an object from a specific location. For example, room R2 can be accessed by the employee and the visitor who are in room R1, or M can be reached by those agents who are in room R2. For a physical topology, accessibility always requires agents-objects proximity.
  8. Here there is an example of physical topology and explain exactly each element! In a general sense, topology refers to the study of shapes and spaces, including properties such as connectedness and boundary. A representation of the topology identifies the structure of space and the location of objects and agents in that space. A physical topology represents the location of physical agents (e.g., humans, robots) and objects in a physical environment (e.g., a building) and their structural relationships (e.g., agents-objects proximity). Figure ?? shows a representation of the physical topology of a corporate building that is composed of rooms R1, R2 and R3. This topology also represents physical objects, such as lab equipment (e.g., microscope M) and a desktop (D) that are located in rooms R2 and R3, respectively, and human agents such as a visitor (V) and an employee (E). In this example, a containment relationship exists if an area contains objects/agents (e.g., room R1 contains agents V and E, or the building belongs to a specific department). A proximity relationship identifies the distance between two agents/objects or whether these are simply co-located in the same area. In this example, a visitor is co-located with an employee. A reachability relationship expresses if an agent can access another area or reach an object from a specific location. For example, room R2 can be accessed by the employee and the visitor who are in room R1, or M can be reached by those agents who are in room R2. For a physical topology, accessibility always requires agents-objects proximity.
  9. Here there is an example of physical topology and explain exactly each element! In a general sense, topology refers to the study of shapes and spaces, including properties such as connectedness and boundary. A representation of the topology identifies the structure of space and the location of objects and agents in that space. A physical topology represents the location of physical agents (e.g., humans, robots) and objects in a physical environment (e.g., a building) and their structural relationships (e.g., agents-objects proximity). Figure ?? shows a representation of the physical topology of a corporate building that is composed of rooms R1, R2 and R3. This topology also represents physical objects, such as lab equipment (e.g., microscope M) and a desktop (D) that are located in rooms R2 and R3, respectively, and human agents such as a visitor (V) and an employee (E). In this example, a containment relationship exists if an area contains objects/agents (e.g., room R1 contains agents V and E, or the building belongs to a specific department). A proximity relationship identifies the distance between two agents/objects or whether these are simply co-located in the same area. In this example, a visitor is co-located with an employee. A reachability relationship expresses if an agent can access another area or reach an object from a specific location. For example, room R2 can be accessed by the employee and the visitor who are in room R1, or M can be reached by those agents who are in room R2. For a physical topology, accessibility always requires agents-objects proximity.
  10. Threats can arise from malicious agents. Attacks are actions performed by an agent to harm an asset that exploit topology structure and relationships. Security controls: depend on the location of assets and vulnerabilities Vulnerabilities: capabilities offered by a physical/digital object that can be exploited by a malicious agent to harm an asset. Taking into account the topology of an operational environment can radically change the way we identify security concerns for engineering secure systems. Some security concerns, such as vulnerabilities, threats and attacks, can also depend on the locations of human and software agents, who can harm valuable assets placed in their vicinity. Threats can arise from malicious agents while attack vectors represent the possible sequences of actions that can be performed by an agent to harm an asset depending on the topology structure and relationships. Vulnerabilities can be considered as capabilities offered by a physical or digital object, which can be exploited to harm an asset. The current topology state can give an indication of when a vulnerability can be exploited, for example, if an is agent is co-located with the same vulnerable object and has the capability to exploit it.
  11. Threats can arise from malicious agents. Attacks are actions performed by an agent to harm an asset that exploit topology structure and relationships. Security controls: depend on the location of assets and vulnerabilities Vulnerabilities: capabilities offered by a physical/digital object that can be exploited by a malicious agent to harm an asset. Taking into account the topology of an operational environment can radically change the way we identify security concerns for engineering secure systems. Some security concerns, such as vulnerabilities, threats and attacks, can also depend on the locations of human and software agents, who can harm valuable assets placed in their vicinity. Threats can arise from malicious agents while attack vectors represent the possible sequences of actions that can be performed by an agent to harm an asset depending on the topology structure and relationships. Vulnerabilities can be considered as capabilities offered by a physical or digital object, which can be exploited to harm an asset. The current topology state can give an indication of when a vulnerability can be exploited, for example, if an is agent is co-located with the same vulnerable object and has the capability to exploit it.
  12. Threats can arise from malicious agents. Attacks are actions performed by an agent to harm an asset that exploit topology structure and relationships. Security controls: depend on the location of assets and vulnerabilities Vulnerabilities: capabilities offered by a physical/digital object that can be exploited by a malicious agent to harm an asset. Taking into account the topology of an operational environment can radically change the way we identify security concerns for engineering secure systems. Some security concerns, such as vulnerabilities, threats and attacks, can also depend on the locations of human and software agents, who can harm valuable assets placed in their vicinity. Threats can arise from malicious agents while attack vectors represent the possible sequences of actions that can be performed by an agent to harm an asset depending on the topology structure and relationships. Vulnerabilities can be considered as capabilities offered by a physical or digital object, which can be exploited to harm an asset. The current topology state can give an indication of when a vulnerability can be exploited, for example, if an is agent is co-located with the same vulnerable object and has the capability to exploit it.
  13. Threats can arise from malicious agents. Attacks are actions performed by an agent to harm an asset that exploit topology structure and relationships. Security controls: depend on the location of assets and vulnerabilities Vulnerabilities: capabilities offered by a physical/digital object that can be exploited by a malicious agent to harm an asset. Taking into account the topology of an operational environment can radically change the way we identify security concerns for engineering secure systems. Some security concerns, such as vulnerabilities, threats and attacks, can also depend on the locations of human and software agents, who can harm valuable assets placed in their vicinity. Threats can arise from malicious agents while attack vectors represent the possible sequences of actions that can be performed by an agent to harm an asset depending on the topology structure and relationships. Vulnerabilities can be considered as capabilities offered by a physical or digital object, which can be exploited to harm an asset. The current topology state can give an indication of when a vulnerability can be exploited, for example, if an is agent is co-located with the same vulnerable object and has the capability to exploit it.
  14. Threats can arise from malicious agents. Attacks are actions performed by an agent to harm an asset that exploit topology structure and relationships. Security controls: depend on the location of assets and vulnerabilities Vulnerabilities: capabilities offered by a physical/digital object that can be exploited by a malicious agent to harm an asset. Taking into account the topology of an operational environment can radically change the way we identify security concerns for engineering secure systems. Some security concerns, such as vulnerabilities, threats and attacks, can also depend on the locations of human and software agents, who can harm valuable assets placed in their vicinity. Threats can arise from malicious agents while attack vectors represent the possible sequences of actions that can be performed by an agent to harm an asset depending on the topology structure and relationships. Vulnerabilities can be considered as capabilities offered by a physical or digital object, which can be exploited to harm an asset. The current topology state can give an indication of when a vulnerability can be exploited, for example, if an is agent is co-located with the same vulnerable object and has the capability to exploit it.
  15. The Ambient Calculus is a process algebra having a special focus on mobility [6]. An ambient is an abstract entity that can model different elements both in a physical space (e.g., agents and locations) and in a digital space (e.g., programming scopes and variables) [17]. Ambients reside in a hierarchy of locations and form a tree structure that can be dynamically re-configured when they exercise a set of capabilities (actions), such as in , out , and open . In this work, a fragment of the Ambient Calculus is considered where the communication primitives and the open capability are neglected.
  16. The Ambient Calculus is a process algebra having a special focus on mobility [6]. An ambient is an abstract entity that can model different elements both in a physical space (e.g., agents and locations). Ambients reside in a hierarchy of locations and form a tree structure that can be dynamically re-configured when they exercise a set of capabilities (actions), such as in , out , and open . In this work, a fragment of the Ambient Calculus is considered where the communication primitives and the open capability are neglected.
  17. The Ambient Calculus is a process algebra having a special focus on mobility [6]. An ambient is an abstract entity that can model different elements both in a physical space (e.g., agents and locations) and in a digital space (e.g., programming scopes and variables) [17]. Ambients reside in a hierarchy of locations and form a tree structure that can be dynamically re-configured when they exercise a set of capabilities (actions), such as in , out , and open . In this work, a fragment of the Ambient Calculus is considered where the communication primitives and the open capability are neglected.
  18. The Ambient Calculus is a process algebra having a special focus on mobility [6]. An ambient is an abstract entity that can model different elements both in a physical space (e.g., agents and locations) and in a digital space (e.g., programming scopes and variables) [17]. Ambients reside in a hierarchy of locations and form a tree structure that can be dynamically re-configured when they exercise a set of capabilities (actions), such as in , out , and open . In this work, a fragment of the Ambient Calculus is considered where the communication primitives and the open capability are neglected.
  19. The Ambient Calculus is a process algebra having a special focus on mobility [6]. An ambient is an abstract entity that can model different elements both in a physical space (e.g., agents and locations) and in a digital space (e.g., programming scopes and variables) [17]. Ambients reside in a hierarchy of locations and form a tree structure that can be dynamically re-configured when they exercise a set of capabilities (actions), such as in , out , and open . In this work, a fragment of the Ambient Calculus is considered where the communication primitives and the open capability are neglected.
  20. Labelled Transition System [9] (LTS) is a modelling formalism used to describe systems and their evolution in terms of states and transitions.
  21. The Ambient Calculus is a process algebra having a special focus on mobility [6]. An ambient is an abstract entity that can model different elements both in a physical space (e.g., agents and locations) and in a digital space (e.g., programming scopes and variables) [17]. Ambients reside in a hierarchy of locations and form a tree structure that can be dynamically re-configured when they exercise a set of capabilities (actions), such as in , out , and open . In this work, a fragment of the Ambient Calculus is considered where the communication primitives and the open capability are neglected.
  22. The Ambient Calculus is a process algebra having a special focus on mobility [6]. An ambient is an abstract entity that can model different elements both in a physical space (e.g., agents and locations) and in a digital space (e.g., programming scopes and variables) [17]. Ambients reside in a hierarchy of locations and form a tree structure that can be dynamically re-configured when they exercise a set of capabilities (actions), such as in , out , and open . In this work, a fragment of the Ambient Calculus is considered where the communication primitives and the open capability are neglected.
  23. It is a branching time logic characterised by state and path formulae. State formulae are specified over a set of atomic propositions While path formulae must be satisfied by at least one path or on all paths
  24. The Ambient Calculus is a process algebra having a special focus on mobility [6]. An ambient is an abstract entity that can model different elements both in a physical space (e.g., agents and locations) and in a digital space (e.g., programming scopes and variables) [17]. Ambients reside in a hierarchy of locations and form a tree structure that can be dynamically re-configured when they exercise a set of capabilities (actions), such as in , out , and open . In this work, a fragment of the Ambient Calculus is considered where the communication primitives and the open capability are neglected.
  25. The Ambient Calculus is a process algebra having a special focus on mobility [6]. An ambient is an abstract entity that can model different elements both in a physical space (e.g., agents and locations) and in a digital space (e.g., programming scopes and variables) [17]. Ambients reside in a hierarchy of locations and form a tree structure that can be dynamically re-configured when they exercise a set of capabilities (actions), such as in , out , and open . In this work, a fragment of the Ambient Calculus is considered where the communication primitives and the open capability are neglected.
  26. The Ambient Calculus is a process algebra having a special focus on mobility [6]. An ambient is an abstract entity that can model different elements both in a physical space (e.g., agents and locations) and in a digital space (e.g., programming scopes and variables) [17]. Ambients reside in a hierarchy of locations and form a tree structure that can be dynamically re-configured when they exercise a set of capabilities (actions), such as in , out , and open . In this work, a fragment of the Ambient Calculus is considered where the communication primitives and the open capability are neglected.
  27. The Ambient Calculus is a process algebra having a special focus on mobility [6]. An ambient is an abstract entity that can model different elements both in a physical space (e.g., agents and locations) and in a digital space (e.g., programming scopes and variables) [17]. Ambients reside in a hierarchy of locations and form a tree structure that can be dynamically re-configured when they exercise a set of capabilities (actions), such as in , out , and open . In this work, a fragment of the Ambient Calculus is considered where the communication primitives and the open capability are neglected.