Phillip J. Brooke

Metamodel-based model conformance and multiview consistency checking

Model-driven development, using languages such as UML and BON, often makes use of multiple diagrams (e.g., class and sequence diagrams) when modeling systems. These diagrams, presenting different views of a system of interest, may be inconsistent. A metamodel provides a unifying framework in which to ensure and check consistency, while at the same time providing the means to distinguish between valid and invalid models, that is, conformance. Two formal specifications of the metamodel for an object-oriented modeling language are presented, and it is shown how to use these specifications for model conformance and multiview consistency checking. Comparisons are made in terms of completeness and the level of automation each provide for checking multiview consistency and model conformance. The lessons learned from applying formal techniques to the problems of metamodeling, model conformance, and multiview consistency checking are summarized.

Fault trees for security system design and analysis

The academic literature concerning fault tree analysis relates almost entirely to the design and development of safety-critical systems. This paper illustrates how similar techniques can be applied to the design and analysis of security-critical systems. The application of this technique is illustrated in an example inspired by a current public-key cryptosystem.

Principles for modeling language design

Modeling languages, like programming languages, need to be designed if they are to be practical, usable, accepted, and of lasting value. We present principles for the design of modeling languages. To arrive at these principles, we consider the intended use of modeling languages. We conject that the principles are applicable to the development of new modeling languages, and for improving the design of existing modeling languages that have evolved, perhaps through a process of unification. The principles are illustrated and explained by several examples, drawing on object-oriented and mathematical modeling languages.

Agile development of secure web applications

A secure system is one that is protected against specific undesired outcomes.Delivering a secure system, and particularly a secure web application, is not easy.Integrating general-purpose information systems development methods withsecurity development activities could be a useful means to surmount thesedifficulties Agile processes, such as Extreme Programming, are of increasing interest insoftware development. Most significantly for web applications, agile processesencourage and embrace requirements change, which is a desirable characteristicfor web application development.In this paper, we present an agile process to deliver secure web applications.The contribution of the research is not the development of a new method or processthat addresses security concerns. Rather, we investigate general-purpose informationsystemdevelopment methods (e.g., Feature-Driven Development (FDD)) and mature security methods, namely risk analysis, and integrate them to address the development of secure web applications. The key features of our approach are(1) a process capable of dealing with the key challenges of web applicationsdevelopment, namely decreasing life-cycle times and frequently changing requirements; and (2) an iterative approach to risk analysis that integrates security design throughout the development process.

Friend-assisted intrusion detection and response mechanisms for mobile ad hoc networks

Nowadays, a commonly used wireless network (i.e., Wi-Fi) operates with the aid of a fixed infrastructure (i.e., an access point) to facilitate communication between nodes. The need for such a fixed supporting infrastructure limits the adaptability and usability of the wireless network, especially in situations where the deployment of such an infrastructure is impractical. Recent advancements in computer network introduced a new wireless network, known as a mobile ad hoc network (MANET), to overcome the limitations. Often referred as a peer to peer network, the network does not have any fixed topology, and through its multi hop routing facility, each node can function as a router, thus communication between nodes becomes available without the need of a supporting fixed router or an access point. However, these useful facilities come with big challenges, particularly with respect to providing security. A comprehensive analysis of attacks and existing security measures suggested that MANET are not immune to a colluding blackmail because such a network comprises autonomous and anonymous nodes. This paper addresses MANET security issues by proposing a novel intrusion detection system based upon a friendship concept, which could be used to complement existing prevention mechanisms that have been proposed to secure MANETs. Results obtained from the experiments proved that the proposed concepts are capable of minimising the problem currently faced in MANET intrusion detection system (IDS). Through a friendship mechanism, the problems of false accusations and false alarms caused by blackmail attackers in intrusion detection and response mechanisms can be eliminated.

A Novel Approach to the Detection of Cheating in Multiplayer Online Games

Modern online multiplayer games are complex heterogeneous distributed systems comprised of servers and untrusted clients, which are often engineered under considerable commercial pressures. Under these conditions, security breaches allowing clients to employ illegal behaviours have become common; current commercial approaches have limited capabilities for reacting rapidly to such threats. This paper presents an approach to the detection of a cheating player, and describes a proof-of-concept system designed to detect cheating play (specifically wall-hacking) through the analysis of player behaviour. This approach differs from current methods in that it does not rely on knowledge about specific vulnerabilities and their method of exploitation in order to protect the system, but instead monitors player behaviour for indications of cheating play. Statistical evidence is presented which shows that the proof-of-concept correctly distinguishes between most cheating and non-cheating players.

Towards an insider threat prediction specification language

Purpose – This paper presents the process of constructing a language tailored to describing insider threat incidents, for the purposes of mitigating threats originating from legitimate users in an IT infrastructure.Design/methodology/approach – Various information security surveys indicate that misuse by legitimate (insider) users has serious implications for the health of IT environments. A brief discussion of survey data and insider threat concepts is followed by an overview of existing research efforts to mitigate this particular problem. None of the existing insider threat mitigation frameworks provide facilities for systematically describing the elements of misuse incidents, and thus all threat mitigation frameworks could benefit from the existence of a domain specific language for describing legitimate user actions.Findings – The paper presents a language development methodology which centres upon ways to abstract the insider threat domain and approaches to encode the abstracted information into lan...

FPTC: Automated Safety Analysis for Domain-Specific Languages

Critical systems must be shown to be acceptably safe to deploy and use in their environment. The size, scale, heterogeneity, and distributed nature of these increasingly complex systems makes them difficult to verify and analyse. Additionally, domain experts use a variety of languages to model and build their systems. We present an automated safety analysis technique, Fault Propagation and Transformation Analysis, and explain how it can be used for automatically calculating the failure behaviour of an entire system from the failure behaviours of its components. We outline an implementation of the technique in the Epsilon model management platform, allowing it to be used with state-of-the-art model management languages and tools, and making it applicable to a variety of different domain-specific modelling languages.

A CSP model of Eiffel’s SCOOP

The current informal semantics of the simple concurrent object-oriented programming (SCOOP) mechanism for Eiffel is described. We construct and discuss a model using the process algebra CSP. This model gives a more formal semantics for SCOOP than existed previously.We implement the model mechanically via a new tool called CSPsim. We examine two semantic variations of SCOOP: when and how far to pass locks, and when to wait for child calls to complete. We provide evidence that waiting for child calls to complete both unnecessarily reduces parallelism without any increase in safety and increases deadlocks involving callbacks.Through the creation and analysis of the model, we identify a number of ambiguities relating to reservations and the underlying run-time system and propose means to resolve them.

Extreme programming security practices

Current practice suggests that security is considered through all stages of the software development life cycle, and that a risk-based and plan-driven approach is best suited to establish security criteria. Based on experience in applying security practices, this paper proposes two new security practices, security training and a fundamental security architecture, for applying Extreme Programming.