TY - GEN
T1 - OACAL
T2 - 2021 IEEE Symposium Series on Computational Intelligence, SSCI 2021
AU - Jiang, Pengcheng
AU - Tei, Kenji
N1 - Publisher Copyright:
© 2021 IEEE.
PY - 2021
Y1 - 2021
N2 - Users interacting with a system through UI are typically obliged to perform their actions in a pre-determined order, to successfully achieve certain functional goals. However, such obligations are often not followed strictly by users, which may lead to the violation to security properties, especially in security-critical systems. To improve the security with the awareness of unexpected user behaviors, a system can be redesigned to a more robust one by changing the order of actions in its specification. Meanwhile, we anticipate that the functionalities would remain consistent following the modifications. In this paper, we propose an efficient algorithm to automatically produce specification revisions tackling the attack scenarios caused by weakened user obligations. By our algorithm, all the revisions would be generated to maintain the integrity of the functionalities using a novel recomposition approach. Then, the eligible revisions that can satisfy the security requirements would be efficiently spotted by a hybrid approach combining model checking and machine learning techniques. We evaluate our algorithm by comparing its performance with a state-of-the-art approach regarding their coverage and searching speed of the desirable revisions.
AB - Users interacting with a system through UI are typically obliged to perform their actions in a pre-determined order, to successfully achieve certain functional goals. However, such obligations are often not followed strictly by users, which may lead to the violation to security properties, especially in security-critical systems. To improve the security with the awareness of unexpected user behaviors, a system can be redesigned to a more robust one by changing the order of actions in its specification. Meanwhile, we anticipate that the functionalities would remain consistent following the modifications. In this paper, we propose an efficient algorithm to automatically produce specification revisions tackling the attack scenarios caused by weakened user obligations. By our algorithm, all the revisions would be generated to maintain the integrity of the functionalities using a novel recomposition approach. Then, the eligible revisions that can satisfy the security requirements would be efficiently spotted by a hybrid approach combining model checking and machine learning techniques. We evaluate our algorithm by comparing its performance with a state-of-the-art approach regarding their coverage and searching speed of the desirable revisions.
KW - Machine learning
KW - Model checking
KW - Specification
KW - System security
KW - User behavior
UR - http://www.scopus.com/inward/record.url?scp=85125793287&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85125793287&partnerID=8YFLogxK
U2 - 10.1109/SSCI50451.2021.9660106
DO - 10.1109/SSCI50451.2021.9660106
M3 - Conference contribution
AN - SCOPUS:85125793287
T3 - 2021 IEEE Symposium Series on Computational Intelligence, SSCI 2021 - Proceedings
BT - 2021 IEEE Symposium Series on Computational Intelligence, SSCI 2021 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 5 December 2021 through 7 December 2021
ER -