Monitoring confidentiality by diagnosis techniques | IEEE Conference Publication | IEEE Xplore

Monitoring confidentiality by diagnosis techniques


Abstract:

We are interested in constructing monitors for the detection of confidential information flow in the context of partially observable discrete event systems. We focus on t...Show More

Abstract:

We are interested in constructing monitors for the detection of confidential information flow in the context of partially observable discrete event systems. We focus on the case where the secret information is given as a regular language. We first characterize the set of observations allowing an attacker to infer the secret information. Further, based on the diagnosis of discrete event systems, we provide necessary and sufficient conditions under which detection and prediction of secret information flow can be ensured, and construct a monitor allowing an administrator to detect it.
Date of Conference: 23-26 August 2009
Date Added to IEEE Xplore: 02 April 2015
Print ISBN:978-3-9524173-9-3
Conference Location: Budapest, Hungary

I. Introduction

There has been an increasing interest in research about computer security in the past decades. Indeed, the emergence of web services and the improvements of the possibilities of mobile and embedded systems allow lots of new and interesting features. But some of these services such as online payment, medical information storage or e-voting system may deal with some critical information. In the meantime, having more applications and devices for accessing these services also increases the possibilities for such information to flow. To avoid security breach, using automatic tools based on formal methods for security analysis can be beneficial. In this context, there has been a growing interest in verification [1], [2] and testing of security properties [3] in past years. In order to specify such automatic analysis methods, security properties are generally separated into three different categories: availability (a user can always perform the actions that are allowed by the security policy), integrity (something illegal cannot be performed by a user) and confidentiality (some secret information cannot be inferred by a user) [4].

Contact IEEE to Subscribe

References

References is not available for this document.