Multi-representational security analysis
Author(s)
Kang, Eunsuk; Milicevic, Aleksandar; Jackson, Daniel
DownloadMulti-representational.pdf (515.8Kb)
OPEN_ACCESS_POLICY
Open Access Policy
Creative Commons Attribution-Noncommercial-Share Alike
Terms of use
Metadata
Show full item recordAbstract
Security attacks often exploit flaws that are not anticipated in an abstract design, but are introduced inadvertently when high-level interactions in the design are mapped to low-level behaviors in the supporting platform. This paper proposes a multi-representational approach to security analysis, where models capturing distinct (but possibly overlapping) views of a system are automatically composed in order to enable an end-to-end analysis. This approach allows the designer to incrementally explore the impact of design decisions on security, and discover attacks that span multiple layers of the system. This paper describes Poirot, a prototype implementation of the approach, and reports on our experience on applying Poirot to detect previously unknown security flaws in publicly deployed systems.
Date issued
2016-11Department
Massachusetts Institute of Technology. Computer Science and Artificial Intelligence LaboratoryJournal
Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2016
Publisher
Association for Computing Machinery (ACM)
Citation
Kang, Eunsuk, et al. "Multi-Representational Security Analysis." FSE 2016 Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, 13-19 November, 2016, Seattle, Washington, ACM Press, 2016, pp. 181–92.
Version: Author's final manuscript
ISSN
978-1-4503-4218-6