Abstract
Security decisions are often made on the basis of a comparison of two or more alternatives. Is it better go with design A or design B? Which security policy is best for my needs? What combination of defensive mitigations provide the best protection from attack? Implicit in such comparisons are ordering relations \(\preceq \) among the alternatives. Such ordering relations crop up in numerous security formalisms. This paper studies preorders that arise in three formalisms for very different domains of security: attack trees, Copland specifications of layered attestations, and cryptographic protocols. While these three areas of study appear to be very different in subject matter and form, we identify a common construction for defining preorders that arise in them. This new perspective unlocks novel connections that should allow insights in one domain to bear fruit in the others as well.
This paper is dedicated to Joshua Guttman in gratitude for what he has taught me. He has helped me to become a better researcher and to search out the essence of an idea. He has also taught me the importance of non-total orderings! This paper is presented in that spirit.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Recall that we are working in an order that is dual to the one used in [6]. In comparing with that work, the reader must substitute \(\iota \) with \(\phi \) (and vice versa) and similarly for \(\mathcal {I}\) and \(\mathcal {F}\).
- 2.
For technical reasons, we must restrict ourselves to injective homomorphisms only.
References
Adão, P., Focardi, R., Guttman, J.D., Luccio, F.L.: Localizing firewall security policies. In: 2016 IEEE 29th Computer Security Foundations Symposium (CSF), pp. 194–209 (2016). https://doi.org/10.1109/CSF.2016.21
Davey, B.A., Priestley, H.A.: Introduction to Lattices and Order, 2 edn. Cambridge University Press (2002). https://doi.org/10.1017/CBO9780511809088
Guttman, J.D.: Establishing and preserving protocol security goals. J. Comput. Secur. 22(2), 203–267 (2014). https://doi.org/10.3233/JCS-140499
Helble, S.C., Kretz, I.D., Loscocco, P.A., Ramsdell, J.D., Rowe, P.D., Alexander, P.: Flexible mechanisms for remote attestation. ACM Trans. Priv. Secur. 24(4) (2021). https://doi.org/10.1145/3470535
Horne, R.: The consistency and complexity of multiplicative additive system virtual. Sci. Ann. Comput. Sci. 25(2), 245–316 (2015). https://doi.org/10.7561/SACS.2015.2.245
Horne, R., Mauw, S., Tiu, A.: Semantics for specialising attack trees based on linear logic. Fundam. Informaticae 153(1–2), 57–86 (2017). https://doi.org/10.3233/FI-2017-1531
Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 339–353. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18467-8_23
Plotkin, G.D.: A power domain construction. SIAM J. Comput. 5(3), 452–487 (1976). https://doi.org/10.1137/0205035
Ramsdell, J.D.: Deducing security goals from shape analysis sentences. CoRR abs/1204.0480 (2012)
Ramsdell, J.D., Guttman, J.D., Liskov, M.D., Rowe, P.D.: The CPSA specification: A reduction system for searching for shapes in cryptographic protocols (2012)
Ramsdell, J.D., et al.: Orchestrating layered attestations. In: Nielson, F., Sands, D. (eds.) POST 2019. LNCS, vol. 11426, pp. 197–221. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17138-4_9
Rowe, P.D.: Confining adversary actions via measurement. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 150–166. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46263-9_10
Rowe, P.D., Guttman, J.D., Liskov, M.D.: Measuring protocol strength with security goals. Int. J. Inf. Secur. 15(6), 575–596 (2016). https://doi.org/10.1007/s10207-016-0319-z
Rowe, P.D., Ramsdell, J.D., Kretz, I.D.: Automated trust analysis of Copland specifications for layered attestation. In: Proceedings of the 23rd International Symposium on Principles and Practice of Declarative Programming. PPDP 2021. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3479394.3479418
Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)
Valdes, J., Tarjan, R.E., Lawler, E.L.: The recognition of series parallel digraphs. In: Proceedings of the Eleventh Annual ACM Symposium on Theory of Computing, STOC 1979, pp. 1–12. Association for Computing Machinery, New York (1979). https://doi.org/10.1145/800135.804393
Wideł, W., Audinot, M., Fila, B., Pinchinat, S.: Beyond 2014: formal methods for attack tree-based security modeling. ACM Comput. Surv. 52(4) (2019). https://doi.org/10.1145/3331524
Winskel, G.: On power domains and modality. Theoret. Comput. Sci. 36, 127–137 (1985). https://doi.org/10.1016/0304-3975(85)90037-4
Acknowledgments
I would like to thank Ian Kretz and John Ramsdell for our continued collaboration on the topic of layered attestation. This paper arose out of our earlier shared attempt to leverage attack trees to help order Copland phrases.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Rowe, P.D. (2021). On Orderings in Security Models. In: Dougherty, D., Meseguer, J., Mödersheim, S.A., Rowe, P. (eds) Protocols, Strands, and Logic. Lecture Notes in Computer Science(), vol 13066. Springer, Cham. https://doi.org/10.1007/978-3-030-91631-2_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-91631-2_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-91630-5
Online ISBN: 978-3-030-91631-2
eBook Packages: Computer ScienceComputer Science (R0)