Nessos cluster meeting
-
Upload
fcleary -
Category
Technology
-
view
337 -
download
0
description
Transcript of Nessos cluster meeting
![Page 1: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/1.jpg)
A GENERAL FRAMEWORK FOR SECURITY-AWARE ANALYSIS
OF SERVICES
Leanid Krautsevich, Fabio Martinelli and Artsiom Yautsiukhin
CNR
![Page 2: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/2.jpg)
Motivation
Graph Building
Semirings
Selection the best process
Interoperability
Conclusion
OutlineOutlineOutlineOutline
![Page 3: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/3.jpg)
Many security metrics and trust metrics for assessment
Services are composed in run-time and security and trust must be taken into account
Provide a uniform framework for analysis of different metrics.
MotivationMotivationMotivationMotivation
![Page 4: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/4.jpg)
Business
Process
Process
algebraProcess Flow
Tree
Transformation of BP to a treeTransformation of BP to a treeTransformation of BP to a treeTransformation of BP to a tree
![Page 5: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/5.jpg)
Transformation of BP to a treeTransformation of BP to a treeTransformation of BP to a treeTransformation of BP to a tree
![Page 6: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/6.jpg)
S=<A, , , 0, 1>
A is a set of elements and 0,1 A
- additive operation over A.
Commutative
Associative
0 – its unit element. a 0 = a = 0 a
- multiplicative operation over A.
Distributive over the additive operation
1 – its unit element. a 1 = a = 1 a
0 - its annihilator: . a 0 = 0 = 0 a
SemiringsSemiringsSemiringsSemirings
∈
![Page 7: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/7.jpg)
Risk = <R+, min, + , ,0>
min() – associative and commutative
min(a, )=a
+ - distributive over min
a + 0 =a
a + =
Probability of attacks, trust = <[0,1], max, × , 0, 1 >
Minimal number of attacks = <N+, min, + , ,0>
Maximal Latency = < R+, max, min, 0, >
Security metrics as semiringsSecurity metrics as semiringsSecurity metrics as semiringsSecurity metrics as semirings
∞
∞
∞
∞
∞
![Page 8: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/8.jpg)
- select the best alternative
- aggregate values
![Page 9: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/9.jpg)
Problems:
Find the best case (the best BP)
Find the worst case (the BP which can be guaranteed)
Selection of concrete services
…
Solutions for semirings already exist.
AnalysisAnalysisAnalysisAnalysis
![Page 10: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/10.jpg)
Quantitative <R+, min, + , ,0>
Qualitative <D, +’, x’ , 0, 1>
D = {high, medium, low}
+’ =high < medium < low
x’ = risk matrix
0 = high, 1 = low
InteroperabilityInteroperabilityInteroperabilityInteroperability
∞
![Page 11: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/11.jpg)
Semirings is a useful technique for assessment of BP
Semirings help to perform various types of analysis
Semirings also may help to analyse BP when different metrics are used
ConclusionConclusionConclusionConclusion
![Page 12: Nessos cluster meeting](https://reader033.fdocuments.net/reader033/viewer/2022060106/54c300b54a7959fd708b4589/html5/thumbnails/12.jpg)
Improve the transformation process in order to deal with non-deterministic choice.
Consider different metrics
Consider different types of analysis applicable for semirings
Investigate deeply interoperability relations between various metrics
Future workFuture workFuture workFuture work