Multilevel Modeling of Secure Systems in QoP-ML: 1st Edition (Hardback) book cover

Multilevel Modeling of Secure Systems in QoP-ML

1st Edition

By Bogdan Księżopolski

Auerbach Publications

262 pages | 53 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781482202557
pub: 2015-06-10
SAVE ~$22.00
$110.00
$88.00
x
eBook (VitalSource) : 9780429167645
pub: 2015-06-10
from $55.00


FREE Standard Shipping!

Description

In order to perform effective analysis of today’s information security systems, numerous components must be taken into consideration. This book presents a well-organized, consistent solution created by the author, which allows for precise multilevel analysis of information security systems and accounts for all of the significant details.

Enabling the multilevel modeling of secure systems, the quality of protection modeling language (QoP-ML) approach provides for the abstraction of security systems while maintaining an emphasis on quality protection. This book introduces the basis of the QoP modeling language along with all the advanced analysis modules, syntax, and semantics. It delineates the steps used in cryptographic protocols and introduces a multilevel protocol analysis that expands current understanding.

  • Introduces quality of protection evaluation of IT Systems
  • Covers the financial, economic, and CO2 emission analysis phase
  • Supplies a multilevel analysis of Cloud-based data centers
  • Details the structures for advanced communication modeling and energy analysis
  • Considers security and energy efficiency trade-offs for the protocols of wireless sensor network architectures
  • Includes case studies that illustrate the QoP analysis process using the QoP-ML
  • Examines the robust security metrics of cryptographic primitives
  • Compares and contrasts QoP-ML with the PL/SQL, SecureUML, and UMLsec approaches by means of the SEQUAL framework

The book explains the formal logic for representing the relationships between security mechanisms in a manner that offers the possibility to evaluate security attributes. It presents the architecture and API of tools that ensure automatic analysis, including the automatic quality of protection analysis tool (AQoPA), crypto metrics tool (CMTool), and security mechanisms evaluation tool (SMETool).

The book includes a number of examples and case studies that illustrate the QoP analysis process by the QoP-ML. Every operation defined by QoP-ML is described within parameters of security metrics to help you better evaluate the impact of each operation on your system's security.

Table of Contents

Introduction to Multilevel Modeling of Secure Systems

Model Driven Security

Quality of Protection Models

Multi-Level Analysis Scheme

Model-Based Multi-Level Decision Support System

Structure of the Book

Basis of QoP-ML

Data Types

Functions

Equational Rules

Process Types

Message Passing

Synchronous Communication

Control Operators

Condition Statement

Repetition

Other Structures

Security Metrics

Process Instantiation

QoP-ML Base Algorithms

Experimental Validation of the QoP-ML

Case Study: TLS Handshake Protocol with Secure Data Transmission

Protocol Modeling

Security Metrics Definition

Process Instantiation

QoP-ML Processing and QoP Evaluation

Quality of Protection Evaluation of Security Mechanisms

Facts and Rules

Evaluation Rules

Inference Rule

Inference Mechanism

Security Attributes

Conflicts between Rules

Evaluation Rules System

QoP Evaluation Process of Security Mechanisms

Background of the Model

Methodology of QoP Evaluation of Security Mechanisms

Case Study: TLS Handshake Protocol

QoP Modeling

Linking Stage

Configuration Stage

QoP evaluation Stage

QUALITATIVE Estimation

Formal Model Goals Evaluation

Advanced Communication and Energy Efficiency Modeling

Topology

Connection Definition

Quality of Connections

Transmission Time

Transmission Time – Algorithms Structure

Packet Filtering

Channels

Input and Output Messages

Routing

Energy Analysis

Case Study – Multihop Authentication Protocols for WSN

Direct Join to Sink : DJSorig

Indirect Protocols to Join the Sink

The WSN Protocols Modeling in QoP-ML

Functions

Equations

Channels

Protocol Flow

The Algorithm Structure

Security Metrics

Process Instantiation

WSN protocols Evaluation – Results

Environmental Impact and Financial Costs Analysis

The Financial and Economic Analyses

Cost of Energy Consumption of the Infrastructure

Cost of Cooling Infrastructure Utilization

CO2 Emissions Analysis

Case study – Energy and Environmental Impact Analysis of a Data Center

Scenario

Role-Based Access Control Model in QoP-ML

The Analyses

Reputation Analysis in QoP-ML

Functions

Security metrics

Modules

Case study – Average Reputation System

The Reputation in the QoP-ML – Protocol Modeling

Security Metrics Definition

Reputation Module

Process Instantiation

QoP and Reputation Evaluation

Security metrics – Methodology

The model

Step 1: Information Needs

Step 2: Elaboration of the Object of Measurement and Attributes

Step 3: Validation of the Measurement Method

Step 4: Base Measures Calculations

Step 5: Validation of Base Measures

Step 6: Derived Measures Calculations – Optional Step

Step 7: Validation of Derived Measures – Optional Step

Step 8: Separation of Indicators

Step 9: Analysis of Gathered Measurement Results

Case study – Cryptographic Modules

Step 1: Information Needs

Step 2: Elaboration of the Object of Measurement and Attributes

Step 3: Validation of the Measurement Method

Step 4: Base Measures Specification

Step 5: Validation of Base Measures

Step 6 and 7 : Derived Measures Specification and Validation

Step 8: Separation of Indicators

Step 9: Analysis of Measurement Results Gathered

Test of Cryptographic Primitives

Tool Support

AQoPA – Automatic Quality of Protection Analysis Tool

Step 1 – Model Creation

Step 2 – Security Metrics Definition

Step 3 – Scenario Definition

Step 4 – Simulation

SMETool – Security Mechanisms Evaluation Tool

Data Flow Model

Crypto-Metrics Tool (CMTool)

Data Flow

Data Flow Model

Functionality and Usability of QoP-ML

Security Modeling Framework

Semantic Quality

Syntactic Quality

Pragmatic Quality

Methodology Extensions

Assessment of PL/SQL, secureUML and UMLsec

PL/SQL Security Model

SecureUML Model

UMLsec Model

Case Study – RBAC in QoP-ML

RBAC Security Model Prepared in QoP-ML

Assessment of the QoP-ML’s Security Model

Comparison of Security Models in Terms of QoP-ML

Summary

Appendix

BNF of QoP-ML

Base QoP-ML Algorithms

The Data for QoP Evaluation of TLS Protocol

The Rules Definition for TLS Cryptographic Protocol

The Facts Order Definition for the TLS Cryptographic Protocol

The QoP Evaluation Rules Definition for the TLS Cryptographic Protocol

Algorithms for Advanced Communication

Validation Algorithms for Security Metrics

References

Index

About the Author

Bogdan Ksiezopolski is an assistant professor at the Polish-Japanese Academy of Information Technology in Warsaw and Maria Sklodowska-Curie University in Lublin. He received his M.Sc. in computer physics from Maria Curie-Sklodowska University in Lublin and his Ph.D. in computer science from Polish-Japanese Academy of Information Technology in Warsaw, Poland. His research interests include information security, cryptology, security metrics, security engineering, and cryptographic protocols. He has published over 40 papers on computers security. He is the founder and creator of the Quality of Protection Modeling Language (QoP-ML) which enables multilevel modeling of secure systems.

Subject Categories

BISAC Subject Codes/Headings:
COM051230
COMPUTERS / Software Development & Engineering / General
COM053000
COMPUTERS / Security / General
COM083000
COMPUTERS / Security / Cryptography