Multilevel Modeling of Secure Systems in QoP-ML  book cover
1st Edition

Multilevel Modeling of Secure Systems in QoP-ML

ISBN 9781482202557
Published June 10, 2015 by Auerbach Publications
262 Pages 53 B/W Illustrations

SAVE ~ $23.00
was $115.00
USD $92.00

Prices & shipping based on shipping country


Book Description

In order to perform effective analysis of today’s information security systems, numerous components must be taken into consideration. This book presents a well-organized, consistent solution created by the author, which allows for precise multilevel analysis of information security systems and accounts for all of the significant details.

Enabling the multilevel modeling of secure systems, the quality of protection modeling language (QoP-ML) approach provides for the abstraction of security systems while maintaining an emphasis on quality protection. This book introduces the basis of the QoP modeling language along with all the advanced analysis modules, syntax, and semantics. It delineates the steps used in cryptographic protocols and introduces a multilevel protocol analysis that expands current understanding.

  • Introduces quality of protection evaluation of IT Systems
  • Covers the financial, economic, and CO2 emission analysis phase
  • Supplies a multilevel analysis of Cloud-based data centers
  • Details the structures for advanced communication modeling and energy analysis
  • Considers security and energy efficiency trade-offs for the protocols of wireless sensor network architectures
  • Includes case studies that illustrate the QoP analysis process using the QoP-ML
  • Examines the robust security metrics of cryptographic primitives
  • Compares and contrasts QoP-ML with the PL/SQL, SecureUML, and UMLsec approaches by means of the SEQUAL framework

The book explains the formal logic for representing the relationships between security mechanisms in a manner that offers the possibility to evaluate security attributes. It presents the architecture and API of tools that ensure automatic analysis, including the automatic quality of protection analysis tool (AQoPA), crypto metrics tool (CMTool), and security mechanisms evaluation tool (SMETool).

The book includes a number of examples and case studies that illustrate the QoP analysis process by the QoP-ML. Every operation defined by QoP-ML is described within parameters of security metrics to help you better evaluate the impact of each operation on your system's security.

Table of Contents

Introduction to Multilevel Modeling of Secure Systems
Model Driven Security
Quality of Protection Models
Multi-Level Analysis Scheme
Model-Based Multi-Level Decision Support System
Structure of the Book

Basis of QoP-ML
Data Types
Equational Rules
Process Types
Message Passing
     Synchronous Communication
Control Operators
     Condition Statement
     Other Structures
Security Metrics
Process Instantiation
QoP-ML Base Algorithms
Experimental Validation of the QoP-ML
Case Study: TLS Handshake Protocol with Secure Data Transmission 
     Protocol Modeling
     Security Metrics Definition 
     Process Instantiation 
     QoP-ML Processing and QoP Evaluation

Quality of Protection Evaluation of Security Mechanisms
Facts and Rules
Evaluation Rules
Inference Rule
Inference Mechanism
Security Attributes
Conflicts between Rules
Evaluation Rules System
QoP Evaluation Process of Security Mechanisms
Background of the Model
Methodology of QoP Evaluation of Security Mechanisms
Case Study: TLS Handshake Protocol
     QoP Modeling 
     Linking Stage
     Configuration Stage
     QoP evaluation Stage 
     QUALITATIVE Estimation
Formal Model Goals Evaluation

Advanced Communication and Energy Efficiency Modeling
     Connection Definition
     Quality of Connections 
     Transmission Time
     Transmission Time – Algorithms Structure
Packet Filtering
     Input and Output Messages
Energy Analysis
Case Study – Multihop Authentication Protocols for WSN
     Direct Join to Sink : DJSorig
     Indirect Protocols to Join the Sink
The WSN Protocols Modeling in QoP-ML
     Protocol Flow
     The Algorithm Structure
     Security Metrics
     Process Instantiation
     WSN protocols Evaluation – Results

Environmental Impact and Financial Costs Analysis
The Financial and Economic Analyses
     Cost of Energy Consumption of the Infrastructure
     Cost of Cooling Infrastructure Utilization
CO2 Emissions Analysis
Case study – Energy and Environmental Impact Analysis of a Data Center
     Role-Based Access Control Model in QoP-ML
     The Analyses

Reputation Analysis in QoP-ML
Security metrics
Case study – Average Reputation System
     The Reputation in the QoP-ML – Protocol Modeling
     Security Metrics Definition
     Reputation Module
     Process Instantiation
     QoP and Reputation Evaluation

Security metrics – Methodology
The model
     Step 1: Information Needs
     Step 2: Elaboration of the Object of Measurement and Attributes
     Step 3: Validation of the Measurement Method
     Step 4: Base Measures Calculations
     Step 5: Validation of Base Measures
     Step 6: Derived Measures Calculations – Optional Step
     Step 7: Validation of Derived Measures – Optional Step
     Step 8: Separation of Indicators
     Step 9: Analysis of Gathered Measurement Results
Case study – Cryptographic Modules
     Step 1: Information Needs
     Step 2: Elaboration of the Object of Measurement and Attributes
     Step 3: Validation of the Measurement Method
     Step 4: Base Measures Specification
     Step 5: Validation of Base Measures
     Step 6 and 7 : Derived Measures Specification and Validation
     Step 8: Separation of Indicators
     Step 9: Analysis of Measurement Results Gathered
Test of Cryptographic Primitives

Tool Support
AQoPA – Automatic Quality of Protection Analysis Tool
     Step 1 – Model Creation
     Step 2 – Security Metrics Definition 
     Step 3 – Scenario Definition
     Step 4 – Simulation
SMETool – Security Mechanisms Evaluation Tool 
     Data Flow Model
Crypto-Metrics Tool (CMTool)
     Data Flow
     Data Flow Model

Functionality and Usability of QoP-ML
Security Modeling Framework
     Semantic Quality
     Syntactic Quality
     Pragmatic Quality
     Methodology Extensions
Assessment of PL/SQL, secureUML and UMLsec
     PL/SQL Security Model
     SecureUML Model
      UMLsec Model
Case Study – RBAC in QoP-ML
     RBAC Security Model Prepared in QoP-ML
     Assessment of the QoP-ML’s Security Model
     Comparison of Security Models in Terms of QoP-ML

Base QoP-ML Algorithms
The Data for QoP Evaluation of TLS Protocol
     The Rules Definition for TLS Cryptographic Protocol
     The Facts Order Definition for the TLS Cryptographic Protocol
     The QoP Evaluation Rules Definition for the TLS Cryptographic Protocol
Algorithms for Advanced Communication
Validation Algorithms for Security Metrics

View More



Bogdan Księżopolski is an assistant professor at the Polish-Japanese Academy of Information Technology in Warsaw and Maria Sklodowska-Curie University in Lublin. He received his M.Sc. in computer physics from Maria Curie-Sklodowska University in Lublin and his Ph.D. in computer science from Polish-Japanese Academy of Information Technology in Warsaw, Poland. His research interests include information security, cryptology, security metrics, security engineering, and cryptographic protocols. He has published over 40 papers on computers security. He is the founder and creator of the Quality of Protection Modeling Language (QoP-ML) which enables multilevel modeling of secure systems.