Abstract
Organizations deploy the Security Information and Event Management (SIEM) systems for centralized management of security alerts for securing their multimedia content. The SIEM system not only preserves events data, generated by devices and applications, in the form of logs but also performs real-time analysis of the event data. The SIEM works as the Security Operation Centre (SOC) in an organization, therefore, errors in the SIEM may compromise the security of the organization. In addition to focusing on the architecture, features, and the performance of the SIEM, it is imperative to carry out a formal analysis to verify that the system is impeccable. The ensuing research focuses mainly on the formal verification of the OSTORM a SIEM system. We have used High-Level Petri Nets (HLPN) and Z language to model and analyze the system. Moreover, Satisfiability Modulo Theories Library (SMT-Lib) and Z3 solver are used in this research to prove the correctness of the overall working of the OSTORM system. We demonstrate the correctness of the underlying system based on four security properties, namely: a) event data confidentiality, b) authentication, c) event data integrity, and d) alarm integrity. The results reveal that the OSTORM system functions correctly.
Similar content being viewed by others
References
Alam Q, Tabbasum S, Malik S, Alam M, Tanveer T, Akhunzada A, Khan S, Vasilakos A, Buyya R (2016) Formal verification of the xDAuth protocol
Alienvault OSSIM http://www.alienvault.com. Accessed 13 Mar 2015
Allen R, Garlan D (1997) A formal basis for architectural connection. ACM Trans Softw Eng Methodol 6(3):213–249
Alruwaili FF, Gulliver TA (2014) SOCaaS: security operations center as a Service for Cloud Computing Environments. International Journal of Cloud Computing and Services Science (IJ-CLOSER) 3(2):87–96
Baier C, Katoen J-P (2008) Principles of model checking, vol 26202649. MIT press, Cambridge
Barrett CW, Sebastiani R, Seshia SA, Tinelli C (2009) Satisfiability modulo theories. Handbook of satisfiability 185:825–885
Barrett C, Stump A, Tinelli C (2010) The SMT-LIB standard: version 2.0. Available at www.SMT-LIB.org
Barrett C, Stump A, Tinelli C (2010) The satisfiability modulo theories library (smt-lib) 15:18–52. www.SMT-LIB.org
Biere A, Cimatti A, Clarke EM, Strichman O, Zhu Y (2003) Bounded model checking. Adv Comput 58:117–148
Bjorner N (2017) Z3. https://github.com/z3prover/z3/. Accessed 10 Apr 2015
Blanchet B (2001) Abstracting cryptographic protocols by prolog rules. In: Static Analysis. Springer, pp 433–436
Bussa T, Kavanagh KM, Rochford O (2016) Gartner, magic quadrant for security information and event management
Chaput SR, Ringwood K (2010) Cloud compliance: a framework for using cloud computing in a regulated world. In: Cloud Computing. Springer, pp 241–255
Cyber Security Lab (Cybersec.com.pk)
De Moura L, Bjørner N (2008) Z3: an efficient SMT solver. In: Tools and Algorithms for the Construction and Analysis of Systems. Springer, pp 337–340
Dimitrios K (2014) Security information and event management systems: benefits and inefficiencies. U. Piraeus
Dutertre B, De Moura L (2006) The yices SMT solver http://yices.csl.sri.com/papers/tool-paper.pdf.
Forouzan BA (2007) Cryptography & network security. McGraw-Hill, Inc.
Gai K, Qiu M, Tao L, Zhu Y (2015) Intrusion detection techniques for mobile cloud computing in heterogeneous 5G. Security Commun Netw:1–10
GmbH A (2015) RSYSLOG: the rocket-fast system for log processing http://www.rsyslog.com/
Gordon AD, Jeffrey A, Haack C (2002) Cryptyc: cryptographic protocol type checker. Software available at http://cryptyc.cs.depaul.edu
Hanna Y, Rajan H, Zhang W (2008) Slede: a domain-specific verification framework for sensor network security protocol implementations. In: Proceedings of the first ACM conference on Wireless network security. ACM, pp 109–118
Hernan S, Lambert S, Ostwald T, Shostack A (2006) Threat modeling-uncover security design flaws using the stride approach. MSDN Magazine-Louisville:68–75
Ihsan A, Saghar K, Fatima T (2015) Analysis of LEACH protocol (s) using formal verification. In: Applied sciences and Technology (IBCAST), 2015 12th International Bhurban conference on. IEEE, pp 254-262
Jensen K (1983) High-level petri nets. Springer
Jung M, Han K, Cho J (2015) Advanced verification on WBAN and cloud computing for u-health environment. Multimed Tools Appl 74(16):6151–6168
Kim K, Fox GC (2011) Modeling, simulation, and practice of floor control for synchronous and ubiquitous collaboration. Multimed Tools Appl 53(1):213–236
Kim JS, Garlan D (2006) Analyzing architectural styles with alloy. In: Proceedings of the ISSTA 2006 workshop on role of software architecture for testing and analysis. ACM, pp 70-80
Malik SUR, Khan SU, Srinivasan SK (2013) Modeling and analysis of state-of-the-art VM-based cloud management platforms. IEEE Trans Cloud Comput 1(1):1–1
MASSIF MASSIF http://www.massifproject.eu/docs. Accessed 12 Mar 2015
McIver A, Meinicke L, Morgan C (2009) Security, probability and nearly fair coins in the cryptographers’ café. In: FM 2009: Formal methods. Springer, pp 41–71
Meyer R (2007) Secure authentication on the internet Retrieved online Mar 27, 2012
Mohammad M, Alagar V (2011) A formal approach for the specification and verification of trustworthy component-based systems. J Syst Softw 84(1):77–104
Needham RM, Schroeder MD (1978) Using encryption for authentication in large networks of computers. Commun ACM 21(12):993–999
Needham RM, Schroeder MD (1987) Authentication revisited. ACM SIGOPS Operating Systems Review 21(1):7–7
Nets-Concepts H-lP (2000) Definitions and graphical notation. Final Draft International Standard ISO/IEC 15909
Potts G (2006) OSSIM user guide the book of OSSIM open source software image map – OSSIM
Saghar K, Henderson W, Kendall D (2009) Formal modelling and analysis of routing protocol security in wireless sensor networks. In: Proceedings of the 10th annual postgraduate symposium on the convergence of telecommunications, networking and broadcasting (PGNET 09). Pp 179-184
Saghar K, Henderson W, Kendall D, Bouridane A (2010) Applying formal modelling to detect DoS attacks in wireless medium. In: communication systems networks and digital signal processing (CSNDSP), 2010 7th International symposium on. IEEE, pp 896-900
Saghar K, Henderson W, Kendall D, Bouridane A (2010) Formal modelling of a robust wireless sensor network routing protocol. In: Adaptive Hardware and Systems (AHS), 2010 NASA/ESA conference on. IEEE, pp 281–288
Si M, Miyazaki K, Otsuka A, Basin D (2010) How to evaluate the security of real-life cryptographic protocols? In: Financial Cryptography and Data Security. Springer, pp 182–194
Storm Apache Storm http://storm.apache.org/documentation/Home.html. Accessed 10 Mar 2015
Swift D (2006) A practical application of SIM/SEM/SIEM automating threat identification. Paper, SANS Infosec Reading Room, The SANS
Tariq M, Saghar K (2015) Evaluation of a sensor network node communication using formal verification. In: Applied sciences and Technology (IBCAST), 2015 12th International Bhurban conference on. IEEE, pp 268–271
Tobarra L, Cazorla D, Cuartero F (2007) Formal analysis of sensor network encryption protocol (snep). In: Mobile Adhoc and Sensor Systems, 2007. MASS 2007. IEEE International conference on. IEEE, pp 1–6
Tobarra L, Cazorla D, Cuartero F, Diaz G, Cambronero E (2007) Model checking wireless sensor network security protocols: Tinysec+ leap. In: Wireless Sensor and Actor Networks. Springer, pp 95–106
Triam Triam http://www.triam.com.pk. Accessed Mar 29 2015
Trillium (2006) Trillium Pakistan (Pvt) Ltd. http://www.trillium-pakistan.com/. 2015
Webster M, Dixon C, Fisher M, Salem M, Saunders J, Koay KL, Dautenhahn K, Saez-Pons J (2016) Toward reliable autonomous robotic assistants through formal verification: a case study
Weldemariam K, Kemmerer RA, Villafiorita A (2011) Formal analysis of an electronic voting system: an experience report. J Syst Softw 84(10):1618–1637
William S, Stallings W (2006) Cryptography and network security, 4/E. Pearson Education India
Willrich R, De Saqui-Sannes P, Sénac P, Diaz M (2002) Multimedia authoring with hierarchical timed stream petri nets and java. Multimed Tools Appl 16(1–2):7–27
Zhang P, Muccini H, Li B (2010) A classification and comparison of model checking software architecture techniques. J Syst Softw 83(5):723–744
Zhang J, Liu Y, Auguston M, Sun J, Dong JS (2012) Using monterey phoenix to formalize and verify system architectures. In: Software Engineering Conference (APSEC), 2012 19th Asia-Pacific. IEEE, pp 644–653
Zhao K, Shen W (2015)Parallel stimulus generation based on model checking for coherence protocol verification
Acknowledgements
This work has been possible by the funding provided by ICT R&D under the CDACDEA project. The SIEM as a service has been launched through the collaboration of Trillium Information Security Systems and the Cyber Security Lab at COMSATS Institute of Information Technology, Islamabad, Pakistan.
The authors extend their sincere appreciations to the Deanship of Scientific Research at King Saud University for its funding this Prolific Research Group (PRG-1436-16)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Alam, M., Malik, SuR., Javed, Q. et al. Formal modeling and verification of security controls for multimedia systems in the cloud. Multimed Tools Appl 76, 22845–22870 (2017). https://doi.org/10.1007/s11042-017-4853-0
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-017-4853-0