Multi-representational security modeling and analysis
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.
MetadataShow full item record
Many security attacks arise from unanticipated behaviors that are inadvertently introduced by the system designer at various stages of the development. This thesis proposes a multi-representational approach to security modeling and analysis, where models capturing distinct (but possibly overlapping) views of a system are automatically composed in order to enable an end-to-end analysis. This approach allows the designer to incrementally explore the impact of design decisions on security, and discover attacks that span multiple layers of the system. The thesis also introduces Poirot, a prototype implementation of the approach, and reports on the application of Poirot to detect previously unknown security flaws in publicly deployed systems.
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2016.Cataloged from PDF version of thesis.Includes bibliographical references (pages 103-109).
DepartmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Massachusetts Institute of Technology
Electrical Engineering and Computer Science.