JSW 2012 Vol.7(7): 1488-1495 ISSN: 1796-217X
doi: 10.4304/jsw.7.7.1488-1495
doi: 10.4304/jsw.7.7.1488-1495
Probabilistic Attack Scenarios to Evaluate Policies over Communication Protocols
Samir Ouchani, Yosr Jarraya, Otmane Ait Mohamed and Mourad Debbabi
Computer Security Laboratory (CLS), Hardware Verification Group (HVG)
Concordia Universiy, Montreal, Canada
Abstract—Security is an important non-functional requirement that should be analyzed in any system or software that is potentially exposed to security threats. Since we can’t manage what we don’t measure, it is not enough to address only the qualitative assessment of security. In this paper, we propose a novel approach that leads to a qualitative and quantitative analysis of communication protocols. Our approach is based on probabilistic model-checking and probabilistic attack scenarios. To the best of our knowledge, the present work is the first initiative that combines these two techniques in the verification of security of communication protocol. Considering that security attacks are random in nature, we quantify this randomness using probability values denoting the likelihoods of attacks to occur. The composed model formed by the attack scenario and the system model is then analyzed using the probabilistic model-checker PRISM against a set of security and performance requirements. As a case study, we demonstrated the applicability of our approach on Secure Real-time Transport Protocol over Real- Time Streaming Protocol (RTSP/SRTP).
Abstract—Security is an important non-functional requirement that should be analyzed in any system or software that is potentially exposed to security threats. Since we can’t manage what we don’t measure, it is not enough to address only the qualitative assessment of security. In this paper, we propose a novel approach that leads to a qualitative and quantitative analysis of communication protocols. Our approach is based on probabilistic model-checking and probabilistic attack scenarios. To the best of our knowledge, the present work is the first initiative that combines these two techniques in the verification of security of communication protocol. Considering that security attacks are random in nature, we quantify this randomness using probability values denoting the likelihoods of attacks to occur. The composed model formed by the attack scenario and the system model is then analyzed using the probabilistic model-checker PRISM against a set of security and performance requirements. As a case study, we demonstrated the applicability of our approach on Secure Real-time Transport Protocol over Real- Time Streaming Protocol (RTSP/SRTP).
Cite: Samir Ouchani, Yosr Jarraya, Otmane Ait Mohamed and Mourad Debbabi, "Probabilistic Attack Scenarios to Evaluate Policies over Communication Protocols," Journal of Software vol. 7, no. 7, pp. 1488-1495, 2012.
General Information
ISSN: 1796-217X (Online)
Frequency: Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKI, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsweditorialoffice@gmail.com
-
Mar 01, 2024 News!
Vol 19, No 1 has been published with online version [Click]
-
Jan 04, 2024 News!
JSW will adopt Article-by-Article Work Flow
-
Apr 01, 2024 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Apr 01, 2024 News!
Papers published in JSW Vol 18, No 1- Vol 18, No 6 have been indexed by DBLP [Click]
-
Nov 02, 2023 News!
Vol 18, No 4 has been published with online version [Click]