The FI problem (1)
description
Transcript of The FI problem (1)
Identification of
Feature Denial of Services
Rui Gustavo CrespoTechnical University of Lisbon/ Portugal
2/15Identification of Feature Denial of Services
The FI problem (1)
Mobile and Multimedia Telecommunication Services extend basic services of Telephony, Email, WWW and other media with features. Single and multimedia features reveal FI-Feature Interaction.
Feature: functionality unit perceived as having a self-contained functional role (ex: Email filterMessage, Telephony voiceMail, WWW refresh)Interaction: undesirable behaviour revealed by features when subscribed together, while alone working fine.
3/15Identification of Feature Denial of Services
The FI problem (2)
Example of a feature interaction
decryptMessageforwardMessage
SK
PK
&x.!%w$&
4/15Identification of Feature Denial of Services
The FI problem (3)
Undesired behaviour :Message sent in clear!
Suppose one party subscribes to decryptMessage and forwardMessage features.
PK
&x.!%w$&
A) Ciphered message arrives
SK
B) Message is decrypted
C) Message is sent forward
Mobility may increase FIs (ex: RemailMessage-anonymous status may be lost, due to lack of service when user moves from one location to another).
5/15Identification of Feature Denial of Services
3 major focus on FI research: Detection: identification of pairs candidate of FI. Avoidance: intervene at protocol/design stages to prevent FI occur. Resolution: actions to correct detected FI.
I. Research on FI detection focus on schemes to represent features (automaton, petri-nets, process
algebra, temporal logics,...), and
methods to check if a given pair of features is likely to interact (model checking, simulation, theorem proving, security analysis,...)
II. Avoidance unfeasable in Internet/Mobile networks, due to
distributed control
multi-vendor / multi-provider environments.
The FI problem (4)
6/15Identification of Feature Denial of Services
III. Proposed resolver: install a FeatureManager in every node
The FI problem (5)
Message to FM contain the list of actions executed by all features candidate for execution.
Advice based on formulas with Interdiction operator over Action featuresRequests Conditions Restriction
Application
Feat. A Feat. N…FM
API
Commands
Extra
information
Advice
Incoming/Outgoing messages
Message FORMULAS
7/15Identification of Feature Denial of Services
The FI problem (6)
Example of resolutions (over 7 actions) Resolution by simple interdiction
Example: CW + CFB – first call waits, all others are forwardForward(_dest) Wait(_init) one_hold(_init) I Forward(_dest)Forward(_dest) Wait(_init) one_hold(_init) I Wait(_dest)
Resolution by priority Example: filterMessage priority higher then Read
Accept(_init) Deny(_init) I Accept(_init)
Resolution may request collaboration between several FMs, e.g. permission Example: for parental control
Accept(_init) perm(_init) I Accept(_init)
8/15Identification of Feature Denial of Services
The FI problem (7)
Formulas are checked and interdicted actions are removed.
Cost of FI resolution is linear to the number of formulas.
System still works in case of FM breakdown.When FM breaks, or information cannot be transmitted across networks, default values may be established for predicates (ex: negation of a permission).
9/15Identification of Feature Denial of Services
The FDS problem
If all features are marked for removal, then a FDS-”feature denial of services” occurs.
A.Usually, feature denial is unacceptable!Example: filterMessage(bob) and forwardMessage(charles)
subscribed, with 3 formulasAccept(_init) perm(_init) I Accept(_init) # access control
Forward(_dest) perm(_init) I Forward(_dest) # access control
Deny(_init) emergency(_init) I Deny(_dest) # emergency must pass
An emergency call from BOB results in a FDS!
B.However, sometimes feature denial is required!Example: two parties subscribe forwardMessage to each other
Forward(_dest) loop(_init) I Forward(_dest)
FDS stops message looping
10/15Identification of Feature Denial of Services
The algorithm (1)
We must identify the cases when a non-empty set of interdiction formulas result in a FDS!
Inputs: A non-empty set of Interdiction formulas, and A non-empty set of all possible actions.
1.Generate one DS tree Each node contains an unique subset of actions. Link from an upper level to a lower level nodes
corresponds to an action removal.
11/15Identification of Feature Denial of Services
The algorithm (2)
DS tree example for F={A,C,D,F}
• Nodes represent elementsFkC#
{A,C,D,F}
{C,D,F} {A,D,F} {A,C,F} {A,C,D}
{A,C}{A,D}{A,F}{D,F} {C,F} {C,D}
{F} {D}
{ }
{C} {A}
12/15Identification of Feature Denial of Services
The algorithm (3)
DS tree contains same nodes as Pascal triangle and partial order (2F).
2.FDS detection: Scan all non-empty DS nodes. Starting from a non-empty DS node
Label branch to a lower level node with the predicates required for the formula satisfaction, only if the conjunction of all predicates upwards does not raise a contradiction!Note: removing A then B is equal to removing B then A.
If reached a non-empty leaf, expand DS tree by removing one of the actions (predicates may not hold, or may be those selected while transversing the path)
FDS occurs when previous step leads to an empty leaf!
13/15Identification of Feature Denial of Services
The algorithm (4)
Example for {D,F}
(2) Forward(_dest) perm(_init) I Forward(_dest)(3) Deny(_init) emergency(_init) I Deny(_dest)
{ }
(3), emergency(_init)
Expand non-empty DS node
{D,F}
{D}
(2),perm(_init)
{F}
14/15Identification of Feature Denial of Services
The algorithm (5)
Cost of FDS identification:Cost of DS tree creation: O(2F)
Cost of interdiction formula application:On average, for each action removal there are P/F
interdiction formulas. In a Pascal triangle, the number of branches
between rows N and N+1 is N+1. The sum of a linear series is quadratic.F is small, hence PI and the cost is O(I2).
Total cost for FDS algorithm is O(2FI2)
15/15Identification of Feature Denial of Services
Conclusions
Mobile systems off a large number of features. Feature Interaction is inevitable, which may lead to
customer displeasure! FI resolution by interdiction may lead to Feature Denial
of Service. Every FDS must be classified, and actions exercised to
correct unacceptable occurrences!
Thank you!Questions?