Emil Lupu

Evolution of Attacks, Threat Models and Solutions for Virtualized Systems

ACM DL Author-ize serviceEvolution of Attacks, Threat Models, and Solutions for Virtualized Systems

Daniele Sgandurra, Emil Lupu, ACM Computing Surveys (CSUR), Volume 48 Issue 3, Article No. 46, February 2016

Abstract: Virtualization technology enables Cloud providers to efficiently use their computing services and resources. Even if the benefits in terms of performance, maintenance, and cost are evident, however, virtualization has also been exploited by attackers to devise new ways to compromise a system. To address these problems, research security solutions have evolved considerably over the years to cope with new attacks and threat models. In this work, we review the protection strategies proposed in the literature and show how some of the solutions have been invalidated by new attacks, or threat models, that were previously not considered. The goal is to show the evolution of the threats, and of the related security and trust assumptions, in virtualized systems that have given rise to complex threat models and the corresponding sophistication of protection strategies to deal with such attacks. We also categorize threat models, security and trust assumptions, and attacks against a virtualized system at the different layers—in particular, hardware, virtualization, OS, and application.

Download citation (BibTeX format)

Exact Inference Techniques for the Dynamic Analysis of Attack Graphs

Attack graphs are a powerful tool for security risk assessment by analysing network vulnerabilities and the paths attackers can use to compromise valuable network resources. The uncertainty about the attacker’s behaviour and capabilities make Bayesian networks suitable to model attack graphs to perform static and dynamic analysis. Previous approaches have focused on the formalization of traditional attack graphs into a Bayesian model rather than proposing mechanisms for their analysis. In this paper we propose to use efficient algorithms to make exact inference in Bayesian attack graphs, enabling the static and dynamic network risk assessments. To support the validity of our proposed approach we have performed an extensive experimental evaluation on synthetic Bayesian attack graphs with different topologies, showing the computational advantages in terms of time and memory use of the proposed techniques when compared to existing approaches.

Luis Muñoz-González, Daniele Sgandurra, Martín Barrere, and Emil C. Lupu: Exact Inference Techniques for the Dynamic Analysis of Attack Graphs. arXiv preprint: arXiv:1510.02427. October, 2015.

Konstantina Spanaki

Konstantina joined Imperial College Business School as a Research Associate in 2014. Her main research interests focus on topics of IT adoption, business integration and information management. She worked on joint projects between this group and the Business School in particular on value aspects of data and adoption of cloud security services. Konstantina is now a Lecturer at School of Business and Economics, Loughborough University.

 

Andrea Paudice

Andrea joined us from the University of Naples as a first year PhD student on the HiPEDS CDT.

Erisa Karafili

Erisa joined us after a PhD at the University of Verona and a Post-Doc at the Technical University of Denmark. She worked on Data Sharing Agreements and Argumentation and Logic Programming techniques applied to Security.

Rodrigo Vieira Steiner

Rodrigo was a PhD student in the RISS group working on attestation techniques for sensor networks. He currently works in Brazil.

Sharing Data Through Confidential Clouds: An Architectural Perspective

Cloud and mobile are two major computing paradigms that are rapidly converging. However, these models still lack a way to manage the dissemination and control of personal and business-related data. To this end, we propose a framework to control the sharing, dissemination and usage of data based on mutually agreed Data Sharing Agreements (DSAs). These agreements are enforced uniformly, and end-to-end, both on Cloud and mobile platforms, and may reflect legal, contractual or user-defined preferences. We introduce an abstraction layer that makes available the enforcement functionality across different types of nodes whilst hiding the distribution of components and platform specifics. We also discuss a set of different types of nodes that may run such a layer.

 Daniele Sgandurra, Francesco Di Cerbo, Slim Trabelsi, Fabio Martinelli, and Emil Lupu: Sharing Data Through Confidential Clouds: An Architectural PerspectiveIn proceedings of the 1st International Workshop on TEchnical and LEgal aspects of data pRivacy and SEcurity, 2015 IEEE/ACM, pp. 58-61, DOI: 10.1109/TELERISE.2015.19. Bibtex.

PhD Students

We are always looking for outstanding PhD students passionate about computer security and resilience for enterprise systems, large-scale infrastructures, or cyber-physical environments. The Department of Computing at Imperial College has a number of PhD studentships. Please check that your application meets the minimum entry requirements specified by the College before applying. Please don’t hesitate to contact (Professor Emil Lupu) if you would like to work with our group and include in your email a CV, transcripts, and examples of work that you have done e.g. papers or MSc/Bc thesis even if in draft form.

Topics of interest include:

  • The resilience of Cyber-Physical Systems
  • Robust information fusion
  • Topics at the intersection of security and safety.
  • The security of AR/VR environments.
  • Designing security in very resource constrained environments e.g. implantable medical sensors.
  • Adversarial Machine Learning with focus on: practical problems, toolchains for robustness, attack detection.

Compositional Reliability Analysis for Probabilistic Component Automata

In this paper we propose a modelling formalism, Probabilistic Component Automata (PCA), as a probabilistic extension to Interface Automata to represent the probabilistic behaviour of component-based systems. The aim is to support composition of component-based models for both behaviour and non-functional properties such as reliability. We show how addi- tional primitives for modelling failure scenarios, failure handling and failure propagation, as well as other algebraic operators, can be combined with models of the system architecture to automatically construct a system model by composing models of its subcomponents. The approach is supported by the tool LTSA-PCA, an extension of LTSA, which generates a composite DTMC model. The reliability of a particular system configuration can then be automatically analysed based on the corresponding composite model using the PRISM model checker. This approach facilitates configurability and adaptation in which the software configuration of components and the associated composition of component models are changed at run time.

P. Rodrigues, E. Lupu and J. Kramer,  Compositional Reliability Analysis for Probabilistic Component Automata, to appear in International Workshop on Modelling in Software Engineering (MiSE), Florence, May 16-17, 2015.

On Re-Assembling Self-Managed Components

Self-managed systems need to adapt to changes in requirements and in operational conditions. New components or services may become available, others may become unreliable or fail. Non-functional aspects, such as reliability or other quality-of- service parameters usually drive the selection of new architectural configurations. However, in existing approaches, the link between non-functional aspects and software models is established through manual annotations that require human intervention on each re-configuration and adaptation is enacted through fixed rules that require anticipation of all possible changes. We propose here a methodology to automatically re-assemble services and component-based applications to preserve their reliability. To achieve this we define architectural and behavioural models that are composable, account for non-functional aspects and correspond closely to the implementation. Our approach enables autonomous components to locally adapt and control their inter- nal configuration whilst exposing interface models to upstream components.

P. Rodrigues, J. Kramer and E. Lupu,  On Re-Assembling Self-Managed Components, to appear in International Symposium on Integrated Network and Service Management (IM), Ottawa, May 11-15, 2015

Martín Barrère

Martín Barrère
Martín Barrère

Martín has recently joined the group after receiving a PhD degree in Computer Science from the University of Lorraine, France, in 2014. His current research work focuses on intelligent protection mechanisms for cloud environments at run-time. His topics of interest include computer security, autonomic computing, vulnerability management, mobile and cloud computing, distributed computing, digital evidence and forensics, formal models and languages, Linux-based systems and TCP/IP networks administration, Java technologies, logic and database systems.

Luis Muñoz González

Luis is a Research Associate in the Department of Computing at Imperial College London. He received his PhD from University Carlos III of Madrid (Spain) where he proposed novel Gaussian process models for non-stationary and heteroscedastic regression. His background includes machine learning and cyber-security. His current research interests are adversarial machine learning and security risk assessment with attack graph models. You can find more details about his current research activities and contact information at his personal web page, Google Scholar profile or Researchgate.

Federico Morini

Federico received his MSc in Engineering in Computer Science from University of Ferrara. He joined the group in 2014 and is working towards a PHD. He is interested in Protocol Modelling, in particular applied to SCADA Networks. His work is focused on listening to the communication between two hosts and trying to extract information on the message format and state machine of the protocol.