Formal Approaches for Automated Security Evaluation

Dr. Jason Jaskolka of the CyberSEA Research Lab presents at the 2017 Smart Cybersecurity Network (SERENE-RISC) Workshop.

Presentation Abstract

Many of today’s most critical systems such as those found in the transportation, financial, medical, communications, and national defence domains are becoming more complex and interconnected. Because of this, there is an increasingly critical need for ensuring the security of these systems and the information that they use, store, and communicate, in the face of cyber-attacks and failures. In particular, the ability to automatically evaluate the security of such systems is in high demand. Security evaluation involves examining a system to determine its degree of compliance with standards and specifications by analyzing system designs, observing system behaviours, and/or attempting to penetrate the system using techniques available to potential adversaries.

Recently, formal (mathematically rigorous) methods and tools that are incorporated into system design processes have had increased success in capturing the evidence needed to prove important system security, safety, and reliability properties. These methods and tools provide systematic frameworks upon which automated security evaluation methodologies capable of verifying and validating system security properties can be developed.

In this talk, I will highlight current efforts in identifying and analyzing potential vulnerabilities to assess the security of complex systems, and we will discuss recent advances in formal approaches for automated security evaluation.