ABSTRACT
Opacity is a formal security property that formulates the abilities of a passive observer to infer secret information. Usual opacity studies focus on affirming that a system is either opaque or non-opaque w.r.t. the secret and an observation map. This view, however, fails to reflect that a system may be opaque because of a single non-secret execution among an overwhelming number of secret ones. For this reason, we propose, in this work, to quantify the opacity of a Web service (WS) into a numeral value that measures its security. Our approach consists in defining an opacity degree for the system and its Symbolic Observation Graph (SOG) abstraction. Furthermore, and to ensure its efficiency, we conduct an experimental study.
- Béatrice Bérard, Krishnendu Chatterjee, and Nathalie Sznajder. 2015. Probabilistic opacity for Markov decision processes. Inform. Process. Lett. 115, 1 (2015), 52--59. Google ScholarDigital Library
- Béatrice Bérard, John Mullins, and Mathieu Sassolas. 2015. Quantifying Opacity. Mathematical Structures in Computer Science 25, 2 (2015), 361--403.Google ScholarCross Ref
- Amina Bourouis, Kais Klai, Yamen El Touati, and Nejib Ben Hadj-Alouane. 2015. Checking Opacity of Vulnerable Critical Systems On-The-Fly. International Journal of Information Technology and Web Engineering (IJITWE) 10, 1 (2015), 1--30. Google ScholarDigital Library
- Amina Bourouis, Kais Klai, Yamen El Touati, and Nejib Ben Hadj-Alouane. 2015. Opacity Preserving Abstraction for Web Services and Their Composition Using SOGs. In Web Services (ICWS), 2015 IEEE International Conference on. IEEE, 313--320. Google ScholarDigital Library
- Jeremy W. Bryans, Maciej Koutny, Laurent Mazaré, and Peter Y. A. Ryan. 2005. Opacity generalised to transition systems. In Proceedings of the Third International Conference on Formal Aspects in Security and Trust (FAST'05). Springer-Verlag, Berlin, Heidelberg, 81--95. Google ScholarDigital Library
- Randal E. Bryant. 1992. Symbolic Boolean Manipulation with Ordered Binary-Decision Diagrams. Comput. Surveys 24, 3 (1992), 293--318. Google ScholarDigital Library
- Frank Cassez. 2009. The Dark Side of Timed Opacity. In Proc. of the 3rd International Conference on Information Security and Assurance. 21--30. Google ScholarDigital Library
- Franck. Cassez, Jérémy Dubreil, and Heré Marchand. 2012. Synthesis of Opaque Systems with Static and Dynamic masks. Formal Methods in System Design 40 (2012), 88--115. Google ScholarDigital Library
- Jun Chen, Mariam Ibrahim, and Ratnesh Kumar. 2017. Quantification of secrecy in partially observed stochastic discrete event systems. IEEE Transactions on Automation Science and Engineering 14, 1 (2017), 185--195.Google ScholarCross Ref
- Jérémy Dubreil. 2009. Monitoriting and Supervisory Control for Opacity Properties. Ph.D. Dissertation. University of Rennes 1.Google Scholar
- Jérémy Dubreil, Philippe Darondeau, and Hervé Marchand. 2010. Supervisory Control for Opacity. IEEE Trans. Automat. Contr. 55, 5 (2010).Google ScholarCross Ref
- Yliès Falcone and Heré Marchand. 2010. TAKOS: a Java Toolbox for the Analysis of K-Opacity of Systems. Technical Report. INIRIA.Google Scholar
- Yliès Falcone and Hervé Marchand. 2010. Various Notions of Opacity Verified and Enforced at Runtime. Technical Report. INRIA.Google Scholar
- Serge Haddad, Jean-Michel Ilié, and Kais Klai. 2004. Design and Evaluation of a Symbolic and Abstraction-Based Model Checker. In Automated Technology for Verification and Analysis (ATVA). 196--210.Google Scholar
- Nejib Ben Hadj-Alouane, Stéphane Lafrance, Feng Lin, John Mullins, and Moez Yeddes. 2005. Characterizing intransitive noninterference for 3-domain security policies with observability. IEEE Trans. Automat. Contr. 50, 6 (2005), 920--925.Google ScholarCross Ref
- Christoforos Keroglou and Christoforos N Hadjicostis. 2013. Initial State Opacity in Stochastic DES. In Emerging Technologies & Factory Automation (ETFA), 2013 IEEE 18th Conference on. IEEE, 1--8.Google ScholarCross Ref
- Christoforos Keroglou and Christoforos N Hadjicostis. 2016. Probabilistic system opacity in discrete event systems. In Discrete Event Systems (WODES), 2016 13th International Workshop on. IEEE, 379--384.Google ScholarCross Ref
- K. Klai, N. Hamdi, and N. Ben Hadj-Alouane. 2014. An On-the-Fly Approach for the Verification of Opacity in Critical Systems. In WETICE Conference (WETICE), 2014 IEEE 23rd International. 345--350. Google ScholarDigital Library
- Kais Klai and Laure Petrucci. 2008. Modular Construction of the Symbolic Observation Graph. In 8th International Conference on Application of Concurrency to System Design (ACSD)., Jonathan Billington, Zhenhua Duan, and Maciej Koutny (Eds.). IEEE, 88--97.Google Scholar
- Feng Lin. 2011. Opacity of Discrete Event Systems and its Applications. Automatica 47, 3 (2011), 496 -- 503. Google ScholarDigital Library
- Laurent Mazaré. 2004. Using unification for opacity properties. In Proceedings of WITS (Workshop on Information Technology and Systems), Vol. 4. 165--176.Google Scholar
- John Mullins and Moez Yeddes. 2014. Opacity with Orwellian Observers and Intransitive Non-interference. Discrete Event Dynamic Systems 12 (2014), 344--349.Google Scholar
- Anooshiravan Saboori and Christoforos N Hadjicostis. 2007. Notions of security and opacity in discrete event systems. In Decision and Control, 2007 46th IEEE Conference on. IEEE, 5056--5061.Google ScholarCross Ref
- Anooshiravan Saboori and Christoforos N Hadjicostis. 2010. Probabilistic current-state opacity is undecidable. In Proc. of the 19th Intl. Symposium on Mathematical Theory of Networks and Systems, Budapest, Hungary.Google Scholar
- Geoffrey Smith. 2009. On the foundations of quantitative information flow. In International Conference on Foundations of Software Science and Computational Structures. Springer, 288--302.Google ScholarCross Ref
Index Terms
- Measuring opacity in web services
Recommendations
Opacity Preserving Abstraction for Web Services and Their Composition Using SOGs
ICWS '15: Proceedings of the 2015 IEEE International Conference on Web ServicesAutomatic composition of Web services requires that the providers publish an abstract version of their Web services to a registry. They offer this abstraction instead of the complete web service to ensure the privacy of their internal know-how and trade ...
Opacity light fields: interactive rendering of surface light fields with view-dependent opacity
I3D '03: Proceedings of the 2003 symposium on Interactive 3D graphicsWe present new hardware-accelerated techniques for rendering surface light fields with opacity hulls that allow for interactive visualization of objects that have complex reflectance properties and elaborate geometrical details. The opacity hull is a ...
Checking Opacity of Vulnerable Critical Systems On-The-Fly
Opacity is a security property capturing a system's ability to keep a subset of its behavior hidden from passive, but knowledgeable, observers. In this paper we use the formal definitions of opacity in three of its forms simple opacity, -step weak ...
Comments