Tesi di Dottorato
Permanent URI for this communityTesi di Dottorato
Browse
3 results
Search Results
Item Requirements engineering for complex systems(2017-07-26) Gallo, Teresa; Saccà, Domenico; Furfaro, Angelo; Garro, Alfredo; Crupi, FeliceRequirements Engineering (RE) is a part of Software Engineering and, in general, of System Engineering. RE aims to help in building software which satis es the user needs, eliciting, documenting, validating and maintaining the requirements that a software has to adequately satisfy. During its 30 years of RE history, its importance has been perceived with various degrees, from being the most important activity, well formalized and de ned in big complete documents which were the bible of the software project, to the opposite side where it has been reduced to just an informal activity, volatile, never formalized, not at all maintained, because ever changing. The need for well managing requirements is extremely important, mainly for complex systems which involve great investments of resources and/or cannot be easily substituted. A system can be complex because it is realized by the collaboration of a numerous and heterogeneous set of stakeholders, as for example in a big industrial research project, often co-funded with public resources, where usually many partners, with di erent backgrounds and languages must cooperate for reaching the project goals. Furthermore, a system can be complex because it constitutes the IT system of an Enterprise, which has been grown, along the time, by adding many pieces of software, integrated in many and di erent ways; the IT system is often distributed, ubiquitously interoperates on many computers, and behaves as a whole big system, though developed by many software providers, at di erent times, with di erent technologies and tools. The complexity of these systems is highly considered for several critical industrial domains where features of real-time and fault-tolerance are vital, such as automotive, railway, avionics, satellite, health care and energy; in these domains a great variety of systems are usually designed and developed by organizing and integrating existing components that pool their resources and capabilities to create a new system which is able to o er more functionalities and performances than those o ered by the simple sum of its components. Typically, the design and management of such systems, best known as System of Systems (SoS), have properties not immediately de ned, derived and easily analyzed starting from the properties of their stand-alone parts. For these reasons, SoS requires suitably engineered methods, tools and techniques, for managing requirements and any other construction process phase, with the aim to minimize whichever risk of fail. However, every complex IT system, even though it does not deal with a critical domain, but it supports the core business of an enterprise, must be well governed to avoid the risk of becoming rapidly inadequate to its role. This risk becomes high when many uncontrolled IT developments, aimed at supporting requirements changes, accumulate. In fact, as the complexity grows up, the IT system might become too expensive to maintain and then it should be retired and substituted after some too short time, often with big and underestimated di culties. For these reasons, complex systems must be governed during their evolution, both from the point of view of 'which application is where and why', and from the point of view of the supported requirements, that is 'which need is supported by each application and for whom'. This governance would facilitate the knowledge, the management, the essentialness and the maintenance of the complex systems, by allowing e cient support and a long-lasting system, with the consequence of minimizing waste of costs and inadequacy of the support for core business of the enterprise. This work addresses mainly the issue of governing systems which are complex because either they are the result of the collaboration of many di erent stakeholders (e.g. are big co-funded R&D projects) or they are Enterprise Information Systems (EIS) (e.g. IT system of medium/large enterprises). In this direction, a new goal-oriented requirements methodology, named GOReM, was de ned which has speci c features useful for the addressed issues. In addition a new approach, ResDevOps, has been conceived, that allows to re ne the government of the requirements of an EIS which is continuously improved, and which increases and evolves along the time. The thesis presents the framework of state of the art in which these activities found their collocation, together with a set of case studies which were developed inside some real projects, mainly big projects of R&D which have seen involved the University of Calabria, but also some cases in real industrial projects. The main results were published and were included in international conference proceedings and a manuscript is in press on an international journal.Item Anomalies in cyber security: detection, prevention and simulation approaches(2018-07-03) Argento, Luciano; Crupi, Felice; Furfaro, Angelo; Angiulli, FabrizioWith themassive adoption of the Internet both our private andworking life has drastically changed. The Internet has introduced new ways to communicate and complete every day tasks. Organisations of any kind have taken their activities online to achieve many advantages, e.g. commercial organisations can reach more customers with proper marketing. However, the Internet has also brought various drawbacks and one of these concerns cyber security issues. Whenever an entity (e.g. a person or company) connects to the Internet it immediately becomes a potential target of cyber threats, i.e. malicious activities that take place in cyberspace. Examples of cyber threats are theft of intellectual property and denial of service attacks. Many efforts have been spent to make the Internet perhaps the most revolutionary communication tool ever created, but unfortunately little has been done to design it in a secure fashion. Since the massive adoption of the Internet we have witnessed a huge number of threats, perpetrated by many different actors such as criminal organisations, disgruntled workers and even people with little expertise, thanks to the existence of attack toolkits. On top of that, cyber threats are constantly going through a steady evolution process and, as a consequence, they are getting more and more sophisticated. Nowadays, the cyber security landscape is in a critical condition. It is of utmost importance to keep up with the evolution of cyber threats in order to improve the state of cyber security. We need to adapt existing security solutions to the ever-changing security landscape and devise new ones when needed. The research activities presented in this thesis find their place in this complex scenario. We investigated significant cyber security problems, related to data analysis and anomaly detection, in different areas of research, which are: Hybrid Anomaly Detection Systems; Intrusion Detection Systems; Access Control Systems and Internet of Things. Anomaly detection approaches are very relevant in the field of cyber security. Fraud and intrusion detection arewell-known research areaswhere such approaches are very important. A lot of techniques have been devised, which can be categorised in anomaly and signature based detection techniques. Researchers have also spent much effort on a third category of detection techniques, i.e. hybrid anomaly detection, which combine the two former approaches in order to obtain better detection performances. Towards this direction, we designed a generic framework, called HALF, whose goal is to accommodate multiple mining algorithms of a specific domain and provide a flexible and more effective detection capability. HALF can be easily employed in different application domains such as intrusion detection and steganalysis due to its generality and the support provided for the data analysis process. We analysed two case studies in order to show how HALF can be exploited in practice to implement a Network Intrusion Detection System and a Steganalysis tool. The concept of anomaly is a core element of the research activity conducted in the context of intrusion detection, where an intrusion can be seen as an anomalous activity that might represent a threat to a network or system. Intrusion detection systems constitute a very important class of security tools which have become an invaluable defence wall against cyber threats. In this thesis we present two research results that stemfromissues related to IDSs that resort to the n-grams technique. The starting point of our first contribution is the threat posed by content-based attacks. Their goal is to deliver malicious content to a service in order to exploit its vulnerabilities. This type of attacks has been causing serious damages to both people and organisations over these years. Some of these attacks may exploit web application vulnerabilities to achieve goals such as data theft and privilege escalation, which may lead to enormous financial loss for the victim. IDSs that exploit the n-gram technique have proven to be very effective against this category of cyber threats. However, n-grams may not be sufficient to build reliable models that describe normal and/or malicious traffic. In addition, the presence of an adversarial attacker is not properly addressed by the existing solutions. We devised a novel anomaly-based intrusion detection technique, called PCkAD to detect content-based attacks threatening application level protocols. PCkAD models legitimate traffic on the basis of the spatial distribution of the n−grams occurring in the relevant content of normal traffic and has been designed to be resistant to blending evasion techniques. Indeed, we demonstrate that evading is an intrinsically difficult problem. The experiments conducted to evaluate PCkAD show that it achieves state of the art performances in real attack scenarios and that it performs well against blending attacks. The second contribution concerning intrusion detection investigates issues that may be brought by the employment of the n-gram technique. Many approaches using n-grams have been proposed in literature which typically exploit high order n-grams to achieve good performance. However, because the n-gram domain grows exponentially with respect to the n-gram size, significant issues may arise, from the generation of huge models to overfitting. We present an approach aimed to reduce the size of n-grambased models, which is able build models that contain only a fraction of the original n-grams with little impact on the detection accuracy. The reported experiments, conducted on a real word dataset, show promising results. The research concerning access control systems focused on anomalies that represent attempts of exceeding or misusing access controls to negatively affect the confidentiality, integrity or availability of a target information system. Access control systems are nowadays the first line of defence of modern computing systems. However, their intrinsic static nature hinders autonomously refinement of access rules and adaptation to emerging needs. Advanced attributed-based systems still rely on mainly manual administration approaches and are not effective on preventing insider threat exploiting granted access rights. We introduce a machine learning approach to refine attribute-based access control policies based on behavioural patterns of users’ access to resources. The designed system tailors a learning algorithm upon the decision tree solutions. We analysed a case study and conducted an experiment to show the effectiveness of the system. IoT is the last topic of interest in the present thesis. IoT is showing the potential for impacting several domains, ranging from personal to enterprise environments. IoT applications are designed to improve most aspects of both business and citizens’ lives, however such emerging technology has become an attractive target for cybercriminals. A worrying security problem concerns the presence of many smart devices that have security holes. Researchers are investing their efforts in the evaluation of security properties. Following this direction, we show that it is possible to effectively assess cyber security scenarios involving IoT settings by combining novel virtual environments, agent-based simulation and real devices and then achieving a means that helps prevent anomalous actions fromtaking advantage of security holes for malicious purposes. We demonstrate the effectiveness of the approach through a case study regarding a typical smart home setting.Item Simulation models for the evaluation of detection and defense protocols against cyber attacks(2016-02-19) Molina Valdiviezo, Lorena Paulina; Crupi, Felice; Furfaro, Angelo