Leonardo Montecchi

Continuous and Transparent User Identity Verification for Secure Internet Services

Session management in distributed Internet services is traditionally based on username and password, explicit logouts and mechanisms of user session expiration using classic timeouts. Emerging biometric solutions allow substituting username and password with biometric data during session establishment, but in such an approach still a single verification is deemed sufficient, and the identity of a user is considered immutable during the entire session. Additionally, the length of the session timeout may impact on the usability of the service and consequent client satisfaction. This paper explores promising alternatives offered by applying biometrics in the management of sessions. A secure protocol is defined for perpetual authentication through continuous user verification. The protocol determines adaptive timeouts based on the quality, frequency and type of biometric data transparently acquired from the user. The functional behavior of the protocol is illustrated through Matlab simulations, while model-based quantitative analysis is carried out to assess the ability of the protocol to contrast security attacks exercised by different kinds of attackers. Finally, the current prototype for PCs and Android smartphones is discussed.

Dependability Concerns in Model-Driven Engineering

Model-Driven engineering (MDE) aims to elevate models in the engineering process to a central role in the specification, design, integration, validation, and operation of a system. MDE is becoming a widely used approach within the dependability domain: the system, together with its main dependability-related characteristics, is represented by engineering language models, while automatic transformations are used to generate the analysis models for the dependability analyses. This paper discusses the dependability concerns that should be captured by engineering languages for dependability analysis. It motivates and defines a conceptual model where the specific dependability aspects related to specific dependability analyses can be consistently and unambiguously merged, also detailing the part of the conceptual model supporting state-based dependability analysis methods. Then, it introduces a new intermediate dependability model that acts as a bridge between the high-level engineering language and the low-level dependability analysis formalism, and we discuss its features and its expressive power showing its application for the modelling of a simple but representative case-study.

Towards a MDE Transformation Workflow for Dependability Analysis

In the last ten years, Model Driven Engineering (MDE) approaches have been extensively used for the analysis of extra-functional properties of complex systems, like safety, dependability, security, predictability, quality of service. To this purpose, engineering languages (like UML and AADL) have been extended with additional features to model the required non-functional attributes, and transformations have been used to automatically generate the analysis models to be solved by appropriate analysis tools. In most of the available works, however, the transformations are not inte grated into a more general development process, aimed to support both domain-specific design analysis and verification of extra-functional properties. In this paper we explore this research direction presenting a transformation work flow for dependability analysis that is part of an industrial-quality infrastructure for the specification, analysis and verification of extra-functional properties, currently under development within the ARTEMIS-JU CHESS project. Specifically, the paper provides the following major contributions: i) definition of the required transformation steps to automatically assess the system dependability properties starting from the CHESS Modeling Language, ii) definition of a new Intermediate Dependability Model (IDM) acting as a bridge between the CHESS Modeling Language and the low-level analysis models, iii) definition of transformations from the CHESS Modeling Language to IDM models.

Quantitative security evaluation of a multi-biometric authentication system

Biometric authentication systems verify the identity of users by relying on their distinctive traits, like fingerprint, face, iris, signature, voice, etc. Biometrics is commonly perceived as a strong authentication method; in practice several well-known vulnerabilities exist, and security aspects should be carefully considered, especially when it is adopted to secure the access to applications controlling critical systems and infrastructures. In this paper we perform a quantitative security evaluation of the CASHMA multi-biometric authentication system, assessing the security provided by different system configurations against attackers with different capabilities. The analysis is performed using the ADVISE modeling formalism, a formalism for security evaluation that extends attack graphs; it allows to combine information on the system, the attacker, and the metrics of interest to produce quantitative results. The obtained results provide useful insight on the security offered by the different system configurations, and demonstrate the feasibility of the approach to model security threats and countermeasures in real scenarios.

Model-based Evaluation of Scalability and Security Tradeoffs: a Case Study on a Multi-Service Platform

Abstract Current ICT infrastructures are characterized by increasing requirements of reliability, security, performance, availability, adaptability. A relevant issue is represented by the scalability of the system with respect to the increasing number of users and applications, thus requiring a careful dimensioning of resources. Furthermore, new security issues to be faced arise from exposing applications and data to the Internet, thus requiring an attentive analysis of potential threats and the identification of stronger security mechanisms to be implemented, which may produce a negative impact on system performance and scalability properties. The paper presents a model-based evaluation of scalability and security tradeoffs of a multi-service web-based platform, by evaluating how the introduction of security mechanisms may lead to a degradation of performance properties. The evaluation focuses on the OPENNESS platform, a web-based platform providing different kind of services, to different categories of users. The evaluation aims at identifying the bottlenecks of the system, under different configurations, and assess the impact of security countermeasures which were identified by a thorough threat analysis activity previously carried out on the target system. The modeling activity has been carried out using the Stochastic Activity Networks (SANs) formalism, making full use of its characteristics of modularity and reusability. The analysis model is realized through the composition of a set of predefined template models, which facilitates the construction of the overall system model, and the evaluation of different configuration by composing them in different ways.

Executable Models to Support Automated Software FMEA

Safety analysis is increasingly important for a wide class of systems. In the automotive field, the recent ISO26262 standard foresees safety analysis to be performed at system, hardware, and software levels. Failure Modes and Effects Analysis (FMEA) is an important step in any safety analysis process, and its application at hardware and system levels has been extensively addressed in the literature. Conversely, its application to software architectures is still to a large extent an open problem, especially concerning its integration into a general certification process. The approach we propose in this paper aims at performing semi-automated FMEA on component-based software architectures described in UML. The foundations of our approach are model-execution and fault-injection at model-level, which allows us to compare the nominal and faulty system behaviors and thus assess the effectiveness of safety countermeasures. Besides introducing the detailed workflow for SW FMEA, the work in this paper focuses on the process for obtaining an executable model from a component-based software architecture specified in UML.

System-of-Systems to Support Mobile Safety Critical Applications: Open Challenges and Viable Solutions

A dramatic shift in system complexity is occurring, bringing monolithic system designs to be progressively replaced by modular approaches. In the latest years, this trend has been emphasized by the system of systems (SoS) concept, in which a complex system or application is the result of the integration of many independent, autonomous constituent systems (CS), brought together in order to satisfy a global goal under certain rules of engagement. The overall behavior of the SoS, emerging from such complex interactions and dependencies, poses several threats in terms of dependability, timeliness, and security, due to the challenging operating and environmental conditions caused by mobility, wireless connectivity, and the use of off-the-shelf components. Referring to our experience in mobile safety-critical applications gained from three different research projects, in this paper, we illustrate the challenges and benefits posed by the adoption of an SoS approach in designing, developing, and maintaining mobile safety-critical applications, and we report on some possible solutions.

Modeling QoE in Dependable Tele-Immersive Applications: A Case Study of World Opera

With the advent of recent technological advances, more demanding tele-immersive applications have started to emerge. In the World Opera application, artists from different opera houses across the globe can participate in a single united performance, and interact almost as if they were co-located. One of the main design challenges in this application domain is to assess to what extent the inevitable failures of some of the numerous and complex hardware, software, and network components affect the quality of experience for the user. This challenge cannot be addressed by traditional system-centric methods for dependability evaluation, which do not take personalized user perspective into account when considering meaningful and acceptable degradation of services. In this paper, we propose a novel method to assess the quality of experience in presence of failures, based on a new metric called perceived reliability. The method takes the human perspective into account and allows considering factors such as human perception of video and audio, characteristics of the audience, as well as performance elements and artistic content. This method can help system designers and engineers compare architectural variants and determine the dependability budget. We show the feasibility of our method by applying it to a World Opera performance. To this end, we construct a SAN-based model and run simulations in the Möbius framework. The obtained results provide useful guidelines for system engineers towards improving the quality of experience of World Opera performances despite the presence of failures.

Evolving a Software Products Line for E-commerce Systems: a Case Study

Software Product Lines engineering is a technique that explores systematic reuse of software artifacts in large scale to implement applications that share a common domain and have some customized features. For improving Product Line Architecture evolution, it is advisable to develop Software Product Lines using a modular structure. This demand can be satisfied by an aspect-oriented and component-based feature-architecture method that integrates components, aspects and variation point aspect-connectors. This approach allows minimization of feature scattering in the architectural model and supports modular modelling of crosscutting features. A case study mapping major features of significant e-commerce systems operating in Brazil and other countries was performed to evaluate this approach. The assessment of our solution was performed comparing its stability and modularity with other two approaches. Our results indicate that change impact in the architectural model is reduced when using our solution in the context of Software Product Lines evolution.

Towards a UML Profile for Privacy-Aware Applications

Personal information is continuously gathered and processed by modern web applications. Due to regulation laws and to protect the privacy of users, customers, and business partners, such information must be kept private. A recurring problem in constructing web applications and services that protect privacy is the insufficient resources for documenting them. As web applications must be developed consistently with the statements of the privacy policy in order to enforce them, a structured documentation is necessary to model privacy protection during application design. To contribute with solutions to this problem, in this paper we propose a UML profile for privacy-aware applications. This profile helps building UML models that specify and structure particular concepts of privacy and, consequently, improve privacy definition and enforcement. After introducing the main privacy concepts, we describe how they are represented in the UML language. The profiles ability to model statements of realistic privacy policies is then demonstrated on a case study.