Sharif Digital Repository

Spreading networks and increasing their complexity has complicated the task of security analysis. Accordingly, automatic verification approaches have received more attention recently. In this paper, we modeled a network including a set of hosts (clients and servers) using the process algebra CSP in order to verify the Transmission Control Protocol (TCP) behavior against an active intruder. The model is verified using the FDR tool and as a result, some attack scenarios violating the security are found. The scenarios showes how an intruder can compromise the server trust to its clients. As the model is modular, extendable, and scalable, more complex attack scenarios (combination of simple... 

Vulnerabilities are now part of all software systems. To handle vulnerabilities, many approaches have been proposed till now. Many of these approaches try to analyze vulnerabilities based on model checking techniques. However, the models used in these approaches handle authorized and unauthorized rules separately. This basically cause in weaker modeling abilities and consequently weaker vulnerability analysis. From authorized and unauthorized rules, we mean those emanated from access control model and those originated from vulnerabilities respectively. Currently, a new general graph-based protection system concentrating on vulnerabilities called VGBPS is proposed to overcome the mentioned... 

With continuous technology downscaling, the rate of radiation induced soft errors is rapidly increasing. Fast and accurate soft error vulnerability analysis in early design stages plays an important role in cost-effective reliability improvement. However, existing solutions are suitable for either regular (a.k.a address-based such as memory hierarchy) or irregular (random logic such as functional units and control logic) structures, failing to provide an accurate system-level analysis. In this paper, we propose a hybrid approach integrating architecture-level and logic-level techniques to accurately estimate the vulnerability of all regular and irregular structures within a microprocessor.... 

Modeling and analyzing information system vulnerabilities help predict possible attacks to computer networks using vulnerabilities information and the network configuration. In this paper, we propose a comprehensive approach to analyze network vulnerabilities in order to answer the safety problem focusing on vulnerabilities. The approach which is called Vulnerability Take Grant (VTG) is a graph-based model consists of subject/objects as nodes and rights/relations as edges to represent the system protection state. Each node may have properties including single vulnerabilities such as buffer overflow. We use the new concept of vulnerability rewriting rule to specify the requirements and... 

The distributed nature and complexity of computer networks and various services provided via them, makes the networks vulnerable to numerous attacks. The TCP/IP presumptions which are based on using this protocol to provide a simple, open communication infrastructure in an academic and collaborative environment, causes this protocol lack of built-in mechanisms for authentication, integrity and privacy. Even though in the last few years a more systematic approach to TCP/IP network security problem has been followed, a formal approach to this problem is lacking. In this paper, we propose using Description Logics as a formal model which could be used to analyze TCP/IP networks against attacks.... 

Purpose: This paper aims to propose a novel matrix-based systematic approach for vulnerability assessment. Design/methodology/approach: The proposed method consists of two major steps. First, the power network is modeled as a topological combination of edges (transmission lines, transformers, etc.) and nodes (buses, substations, etc.). The second step is to use an axiomatic design-based index for topology analysis. This index is based on the systematic counting of possible routes from the start (generators) to destination (loads), considering load importance, before and after a disruption. Findings: The effectiveness of the proposed method is demonstrated through an illustrative example and... 

In this paper, the vulnerability of large-dimensional dynamic networks to false data injections is analysed. The malicious data can manipulate input injection at the control nodes and affect the outputs of the network. The objective is to analyse and quantify the potential vulnerability of the dynamics by such adversarial inputs when the opponents try to avoid being detected as much as possible. A joint set of most effective actuation nodes and most vulnerable target nodes are introduced with minimal detectability by the monitoring system. Detection of this joint set of actuation-target nodes is carried out by introducing a Gramian-based measure and reformulating the vulnerability problem as... 

In recent years, STT-RAMs have been proposed as a promising replacement for SRAMs in on-chip caches. Although STT-RAMs benefit from high-density, non-volatility, and low-power characteristics, high rates of read disturbances and write failures are the major reliability problems in STTRAM caches. These disturbance/failure rates are directly affected not only by workload behaviors, but also by process variations. Several studies characterized the reliability of STTRAM caches just for one cell, but vulnerability of STT-RAM caches cannot be directly derived from these models. This paper extrapolates the reliability characteristics of one STTRAM cell presented in previous studies to the... 

Increasing use of networks and their complexity make the task of security analysis more and more complicated. Accordingly, automatic verification approaches have received more attention recently. In this paper, we investigate applying of an actor-based language based on reactive objects for analyzing a network environment communicating via Transport Protocol Layer (TCP). The formal foundation of the language and available tools for model checking provide us with formal verification support. Having the model of a typical network including client and server, we show how an attacker may combine simple attacks to construct a complex multiphase attack. We use Rebeca language to model the network... 

Purpose: This paper aims to propose a novel matrix-based systematic approach for vulnerability assessment. Design/methodology/approach: The proposed method consists of two major steps. First, the power network is modeled as a topological combination of edges (transmission lines, transformers, etc.) and nodes (buses, substations, etc.). The second step is to use an axiomatic design-based index for topology analysis. This index is based on the systematic counting of possible routes from the start (generators) to destination (loads), considering load importance, before and after a disruption. Findings: The effectiveness of the proposed method is demonstrated through an illustrative example and... 

With the increasing number and complexity of network attacks, the demand for automatic vulnerability analysis tools has increased. The prerequisite of making these tools is to have a formal and precise model of network configurations and vulnerabilities. Utilizing this model, network administrators can analyze the effects of vulnerabilities on the network and complex attack scenarios can be detected before happening. In this paper, we present a general logic-based framework for modeling network configurations and topologies. Then, a number of important and wide-spread network vulnerabilities are modeled as general inference rules based on the framework definitions. We implemented the...