350 rub
Journal Highly available systems №2 for 2012 г.
Article in number:
Information flow analysis techniques for development of secure systems which includes embedded systems
Authors:
A.A. Chechulin, V.A. Desnitsky, I.V. Kotenko
Abstract:
Embedded devices provide a wide range of possibilities to malefactors to carry out various attacks, including a direct connection to the interfaces and elements of the device. Resources - limitation entails the complexity of applying the traditional cryptographic or other security methods that are used to protect workstations and servers. Therefore, systems with embedded devices require new approaches for security design solutions that would ensure stability of the system to attack not only by additional protection mechanisms, but also by architecture decisions. One of the ways to achieve this goal is to analyze the system at all stages of design, thus avoiding the architectural defects, which, in turn, reduce the level of protection systems. The paper proposes an integrated approach to the analysis of information flows in systems that include embedded devices. Security-critical information flow analysis can be applied at various levels, including schematic diagrams of electronic circuitry (hardware flows), data flow models of computer software (software flows), and entire communications network layouts (network flows). This paper also considers two ways of information flow analysis of a security-critical system - static and dynamic approach. Dynamic approach allows analyzing information flows by tracking how information actually flows through the system when it is in operation. This is often easy to implement, by inserting sensors and monitors into the system, but has the disadvantage that even if no insecure flows have been observed to date we can never be certain that no security problems will arise in future. Static approach, in turn, carries out by analyzing the structure of the system itself. This has the advantage of providing absolute guarantees about all of the system-s potential behaviors, but it is often computationally expensive and produces "false-positives", i.e., alerts about potential information flows identified statically that never actually occur dynamically. The essential idea of static information flow analysis is to allow an infosec evaluator to see where classified data could propagate when the system is in operation. This is usually done by selecting some point in the system to be a source of high-security data, and then using a connectivity graph model of the system to trace possible pathways for this data. This is sometimes referred to as "taint analysis" and is helpful in evaluating a system-s weak points and mechanisms for protecting data confidentiality and integrity. The primary disadvantages of the approach is that it is computationally expensive for large system models and tends to overapproximate the possible data flow pathways, resulting in false-positive results that can waste an infosec evaluator-s time (although this is preferable to underestimating potential data flow, which could result in security-critical pathways being overlooked). Topological analysis techniques, based on conventional graph theory, and model checking methods are applied for security assessment. The task which is considered in this paper is the part of the security engineering process for embedded devices. An integrated approach to the information flow analysis proposed in the paper allows to enhance the security level of standalone embedded devices and systems containing embedded devices. In contrast to existing approaches, the proposed approach provides a comprehensive evaluation of the system-s security level toward information flows.
Pages: 116-122
References
  1. Десницкий В.А., Котенко И.В., Чечулин А.А. Построение и тестирование безопасных встроенных систем // Труды XII Санкт-Петербургской Междунар. конф. «Региональная информатика» («РИ-2010»). СПОИСУ: СПб., 2011. C. 115-121.
  2. Десницкий В.А., Чечулин А.А. Модели процесса построения безопасных встроенных систем // Системы высокой доступности. 2011. №2. С. 97-101.
  3. Котенко И.В., Десницкий В.А., Чечулин А.А. Исследование технологии проектирования безопасных встроенных систем в проекте Европейского сообщества SecFutur // Защита информации. Инсайд. 2011. №3. С.68-75.
  4. Braghin C., Sharygina N., Barone-Adesi K. A model checking-based approach for security policy verification of mobile systems // Formal Aspects of Computing Journal. 2011. P. 627-648.
  5. Pistoia M., Chandra S., Fink S., Yahav E. A Survey Of Static Analysis Methods For Identifying Security Vulnerabilities In Software Systems // IBM Systems Journal. 2007. P. 2007.
  6. Rae A., Fidge C. Identifying Critical Components During Information Security Evaluations // Journal of Research and Practice in Information Technology. 2005. P. 391-402.
  7. SIFA. http://sifa.sourceforge.net/
  8. McComb T., Wildman L. SIFA: A Tool For Evaluation Of High-Grade Security Devices // Proceedings of the Tenth Australasian Conference on Information Security and Privacy (ACISP 2005). 2005. P. 230-241.
  9. Глоссарий терминов по информационной безопасности. http://www.z-it.ru/usefull-information/glossary
  10. Hedin D., Sabelfeld A. A Perspective on Information-Flow // Control Tools for Analysis and Verification of Software Safety and Security. Marktoberdorf. Germany. 2011.
  11. Sabelfeld A., Myers A. C. Language-based information-flow security // IEEE Journal on Selected Areas in Communications. 2003.
  12. Dalton M., Kannan H., Kozyrakis C. Raksha: A Flexible Information Flow Architecture for Software Security // 34th Intl. Symposium on Computer Architecture (ISCA). 2007.
  13. Tiwari M., Wassel H., Mazloom B., Mysore S., Chong F., and Sherwood T. Complete information flow tracking from the gates up // Proceedings of the 14th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 2009.
  14. Oberg J., Hu W., Irturk A., Tiwari M., Sherwood T., Kastner R. Theoretical Analysis of Gate Level Information Flow Tracking // Proceedings of the 47th Design Automation Conference (DAC). 2010.
  15. Sprintson A., El Rouayheb S., Georghiades C. A New Construction Method for Networks from Matroids // Proceedings of the 2009 IEEE international conference on Symposium on Information Theory (ISIT'09). 2009.
  16. Agaskar A., He T., Tong L. Distributed Detection of Multi-hop Information Flows with Fusion Capacity Constraints // IEEE Transactions on Signal Processing. 2010. V. 58. №6. P. 3373-3383.
  17. Baier C., Katoen J.-P. Principles of Model Checking. The MIT Press. 2008. 984 p.
  18. SecFutur project website. http://secfutur.eu