-
Querying Fault and Attack Trees: Property Specification on a Water Network
Authors:
Stefano M. Nicoletti,
Milan Lopuhaä-Zwakenberg,
E. Moritz Hahn,
Mariëlle Stoelinga
Abstract:
We provide an overview of three different query languages whose objective is to specify properties on the highly popular formalisms of fault trees (FTs) and attack trees (ATs). These are BFL, a Boolean Logic for FTs, PFL, a probabilistic extension of BFL and ATM, a logic for security metrics on ATs. We validate the framework composed by these three logics by applying them to the case study of a wa…
▽ More
We provide an overview of three different query languages whose objective is to specify properties on the highly popular formalisms of fault trees (FTs) and attack trees (ATs). These are BFL, a Boolean Logic for FTs, PFL, a probabilistic extension of BFL and ATM, a logic for security metrics on ATs. We validate the framework composed by these three logics by applying them to the case study of a water distribution network. We extend the FT for this network - found in the literature - and we propose to model the system under analysis with the Fault Trees/Attack Trees (FT/ATs) formalism, combining both FTs and ATs in a unique model. Furthermore, we propose a novel combination of the showcased logics to account for queries that jointly consider both the FT and the AT of the model, integrating influences of attacks on failure probabilities of different components. Finally, we extend the domain specific language for PFL with novel constructs to capture the interplay between metrics of attacks - e.g., "cost", success probabilities - and failure probabilities in the system.
△ Less
Submitted 29 January, 2024;
originally announced January 2024.
-
Considerations on Approaches and Metrics in Automated Theorem Generation/Finding in Geometry
Authors:
Pedro Quaresma,
Pierluigi Graziani,
Stefano M. Nicoletti
Abstract:
The pursue of what are properties that can be identified to permit an automated reasoning program to generate and find new and interesting theorems is an interesting research goal (pun intended). The automatic discovery of new theorems is a goal in itself, and it has been addressed in specific areas, with different methods. The separation of the "weeds", uninteresting, trivial facts, from the "whe…
▽ More
The pursue of what are properties that can be identified to permit an automated reasoning program to generate and find new and interesting theorems is an interesting research goal (pun intended). The automatic discovery of new theorems is a goal in itself, and it has been addressed in specific areas, with different methods. The separation of the "weeds", uninteresting, trivial facts, from the "wheat", new and interesting facts, is much harder, but is also being addressed by different authors using different approaches. In this paper we will focus on geometry. We present and discuss different approaches for the automatic discovery of geometric theorems (and properties), and different metrics to find the interesting theorems among all those that were generated. After this description we will introduce the first result of this article: an undecidability result proving that having an algorithmic procedure that decides for every possible Turing Machine that produces theorems, whether it is able to produce also interesting theorems, is an undecidable problem. Consequently, we will argue that judging whether a theorem prover is able to produce interesting theorems remains a non deterministic task, at best a task to be addressed by program based in an algorithm guided by heuristics criteria. Therefore, as a human, to satisfy this task two things are necessary: an expert survey that sheds light on what a theorem prover/finder of interesting geometric theorems is, and - to enable this analysis - other surveys that clarify metrics and approaches related to the interestingness of geometric theorems. In the conclusion of this article we will introduce the structure of two of these surveys - the second result of this article - and we will discuss some future work.
△ Less
Submitted 22 January, 2024;
originally announced January 2024.
-
Using i-vectors for subject-independent cross-session EEG transfer learning
Authors:
Jonathan Lasko,
Jeff Ma,
Mike Nicoletti,
Jonathan Sussman-Fort,
Sooyoung Jeong,
William Hartmann
Abstract:
Cognitive load classification is the task of automatically determining an individual's utilization of working memory resources during performance of a task based on physiologic measures such as electroencephalography (EEG). In this paper, we follow a cross-disciplinary approach, where tools and methodologies from speech processing are used to tackle this problem. The corpus we use was released pub…
▽ More
Cognitive load classification is the task of automatically determining an individual's utilization of working memory resources during performance of a task based on physiologic measures such as electroencephalography (EEG). In this paper, we follow a cross-disciplinary approach, where tools and methodologies from speech processing are used to tackle this problem. The corpus we use was released publicly in 2021 as part of the first passive brain-computer interface competition on cross-session workload estimation. We present our approach which used i-vector-based neural network classifiers to accomplish inter-subject cross-session EEG transfer learning, achieving 18% relative improvement over equivalent subject-dependent models. We also report experiments showing how our subject-independent models perform competitively on held-out subjects and improve with additional subject data, suggesting that subject-dependent training is not required for effective cognitive load determination.
△ Less
Submitted 16 January, 2024;
originally announced January 2024.
-
ATM: a Logic for Quantitative Security Properties on Attack Trees
Authors:
Stefano M. Nicoletti,
Milan Lopuhaä-Zwakenberg,
E. Moritz Hahn,
Mariëlle Stoelinga
Abstract:
Critical infrastructure systems - for which high reliability and availability are paramount - must operate securely. Attack trees (ATs) are hierarchical diagrams that offer a flexible modelling language used to assess how systems can be attacked. ATs are widely employed both in industry and academia but - in spite of their popularity - little work has been done to give practitioners instruments to…
▽ More
Critical infrastructure systems - for which high reliability and availability are paramount - must operate securely. Attack trees (ATs) are hierarchical diagrams that offer a flexible modelling language used to assess how systems can be attacked. ATs are widely employed both in industry and academia but - in spite of their popularity - little work has been done to give practitioners instruments to formulate queries on ATs in an understandable yet powerful way. In this paper we fill this gap by presenting ATM, a logic to express quantitative security properties on ATs. ATM allows for the specification of properties involved with security metrics that include "cost", "probability" and "skill" and permits the formulation of insightful what-if scenarios. To showcase its potential, we apply ATM to the case study of a CubeSAT, presenting three different ways in which an attacker can compromise its availability. We showcase property specification on the corresponding attack tree and we present theory and algorithms - based on binary decision diagrams - to check properties and compute metrics of ATM-formulae.
△ Less
Submitted 17 May, 2024; v1 submitted 17 September, 2023;
originally announced September 2023.
-
PFL: a Probabilistic Logic for Fault Trees
Authors:
Stefano M. Nicoletti,
Milan Lopuhaä-Zwakenberg,
E. Moritz Hahn,
Mariëlle Stoelinga
Abstract:
Safety-critical infrastructures must operate in a safe and reliable way. Fault tree analysis is a widespread method used for risk assessment of these systems: fault trees (FTs) are required by, e.g., the Federal Aviation Administration and the Nuclear Regulatory Commission. In spite of their popularity, little work has been done on formulating structural queries about FT and analyzing these, e.g.,…
▽ More
Safety-critical infrastructures must operate in a safe and reliable way. Fault tree analysis is a widespread method used for risk assessment of these systems: fault trees (FTs) are required by, e.g., the Federal Aviation Administration and the Nuclear Regulatory Commission. In spite of their popularity, little work has been done on formulating structural queries about FT and analyzing these, e.g., when evaluating potential scenarios, and to give practitioners instruments to formulate queries on FTs in an understandable yet powerful way. In this paper, we aim to fill this gap by extending BFL [32], a logic that reasons about Boolean FTs. To do so, we introduce a Probabilistic Fault tree Logic (PFL). PFL is a simple, yet expressive logic that supports easier formulation of complex scenarios and specification of FT properties that comprise probabilities. Alongside PFL, we present LangPFL, a domain specific language to further ease property specification. We showcase PFL and LangPFL by applying them to a COVID-19 related FT and to a FT for an oil/gas pipeline. Finally, we present theory and model checking algorithms based on binary decision diagrams (BDDs).
△ Less
Submitted 1 June, 2024; v1 submitted 30 March, 2023;
originally announced March 2023.
-
BFL: a Logic to Reason about Fault Trees
Authors:
Stefano M. Nicoletti,
E. Moritz Hahn,
Marielle Stoelinga
Abstract:
Safety-critical infrastructures must operate safely and reliably. Fault tree analysis is a widespread method used to assess risks in these systems: fault trees (FTs) are required - among others - by the Federal Aviation Authority, the Nuclear Regulatory Commission, in the ISO26262 standard for autonomous driving and for software development in aerospace systems. Although popular both in industry a…
▽ More
Safety-critical infrastructures must operate safely and reliably. Fault tree analysis is a widespread method used to assess risks in these systems: fault trees (FTs) are required - among others - by the Federal Aviation Authority, the Nuclear Regulatory Commission, in the ISO26262 standard for autonomous driving and for software development in aerospace systems. Although popular both in industry and academia, FTs lack a systematic way to formulate powerful and understandable analysis queries. In this paper, we aim to fill this gap and introduce Boolean Fault tree Logic (BFL), a logic to reason about FTs. BFL is a simple, yet expressive logic that supports easier formulation of complex scenarios and specification of FT properties. Alongside BFL, we present model checking algorithms based on binary decision diagrams (BDDs) to analyse specified properties in BFL, patterns and an algorithm to construct counterexamples. Finally, we propose a case-study application of BFL by analysing a COVID19-related FT.
△ Less
Submitted 1 June, 2024; v1 submitted 29 August, 2022;
originally announced August 2022.
-
Forensics for Microsoft Teams
Authors:
Marco Nicoletti,
Massimo Bernaschi
Abstract:
Microsoft Teams is a collaboration and communication platform developed by Microsoft that replaces and extends Microsoft Skype for Business. It differs from Skype for Business by the fact that it exists only as part of the Microsoft 365 products whereas Skype for Business can be deployed completely or partly on-premise. During the pandemic emergency in 2020 and 2021 Microsoft Teams has increased d…
▽ More
Microsoft Teams is a collaboration and communication platform developed by Microsoft that replaces and extends Microsoft Skype for Business. It differs from Skype for Business by the fact that it exists only as part of the Microsoft 365 products whereas Skype for Business can be deployed completely or partly on-premise. During the pandemic emergency in 2020 and 2021 Microsoft Teams has increased dramatically its base of users as most of the meetings and the communications had to be conducted in virtual environments by users working remotely. Microsoft Teams allows users to collaborate sending and sharing information virtually with anyone internal or external to the an organization with PCs and mobile devices, therefore it requires a careful review of all the security configurations and procedures within the organization. Microsoft Teams infrastructure can also be integrated with PSTN telephone services, natively within the Microsoft 365 services or by integrating other PSTN service providers. Therefore, its architecture extends the perimeter that could be exploited for an attack. Microsoft Teams features can also be extended by Apps. There are hundreds of Apps developed by Microsoft and by other companies to address the various needs of modern collaboration. "Walkie Talkie", one of those Apps, transforms the Teams client installed in a mobile phone into a Walkie Talkie communication device for registered users. The goal of this paper is to describe different Teams' usage scenarios and to analyse Teams' PSTN and Teams' Walkie Talkie communication scenarios describing forensics procedures to investigate inappropriate users' conduct.
△ Less
Submitted 13 September, 2021;
originally announced September 2021.
-
Model-based Joint Analysis of Safety and Security: Survey and Identification of Gaps
Authors:
Stefano M. Nicoletti,
Marijn Peppelman,
Christina Kolb,
Mariëlle Stoelinga
Abstract:
We survey the state-of-the-art on model-based formalisms for safety and security joint analysis, where safety refers to the absence of unintended failures, and security to absence of malicious attacks. We conduct a thorough literature review and - as a result - we consider fourteen model-based formalisms and compare them with respect to several criteria: (1) Modelling capabilities and Expressivene…
▽ More
We survey the state-of-the-art on model-based formalisms for safety and security joint analysis, where safety refers to the absence of unintended failures, and security to absence of malicious attacks. We conduct a thorough literature review and - as a result - we consider fourteen model-based formalisms and compare them with respect to several criteria: (1) Modelling capabilities and Expressiveness: which phenomena can be expressed in these formalisms? To which extent can they capture safety-security interactions? (2) Analytical capabilities: which analysis types are supported? (3) Practical applicability: to what extent have the formalisms been used to analyze small or larger case studies? Furthermore, (1) we present more precise definitions for safety-security dependencies in tree-like formalisms; (2) we showcase the potential of each formalism by modelling the same toy example from the literature and (3) we present our findings and reflect on possible ways to narrow highlighted gaps. In summary, our key findings are the following: (1) the majority of approaches combine tree-like formal models; (2) the exact nature of safety-security interaction is still ill-understood and (3) diverse formalisms can capture different interactions; (4) analyzed formalisms merge modelling constructs from existing safety- and security-specific formalisms, without introducing ad hoc constructs to model safety-security interactions, or (5) metrics to analyze trade offs. Moreover, (6) large case studies representing safety-security interactions are still missing.
△ Less
Submitted 23 October, 2023; v1 submitted 11 June, 2021;
originally announced June 2021.