1 / 11

Logic and Implementation Issues in VoIP and Security

Discover software flaws through precise logic examination and examine feature interactions. Explore implementation of VoIP and web-based systems, with focus on security. Research access control methods and develop new paradigms.

andrec
Download Presentation

Logic and Implementation Issues in VoIP and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Luigi LogrippoSITE Logic and implementation issues in VoIP and security luigi@site.uottawa.ca

  2. Two main ideas • Many software flaws can be discovered by making the logic precise and thoroughly examining it by the use of logic tools • Feature interactions are the result of logic flaws • Application areas: • Security • New VoIP and Web based systems • Many others

  3. Feature Interaction in Automotive • Electronic Stability Program (ESP) and Cruise Control (CC) • ESP: Break if wheels slip on wet road • CC: Increase speed until cruise speed is reached • FI detectable by the fact that the two features have contradicting requirements

  4. Feature interaction in security • Bell-LaPadula information protection system prevents individuals from accessing information at a higher clearance level than they have • By using delegation, individuals can confer their information access authority to other individuals

  5. Research directions • Implementation of VoIP and Web-based services with complex functionalities • Development of logic-based methods to discover flaws in these functionalities

  6. Already done • Implementation of two open-source SIP VoIP systems • Vocal, Asterix • Implementation study of new complex functionalities, mainly presence-based features

  7. Forthcoming • Implementation of presence features in our SIP telephony systems • Study of security aspects related to these functionalities

  8. Already done • In-depth study of the Feature Interaction problem in telecom systems (over 12 years of experience) • Feature Interactions can lead to security flaws

  9. Forthcoming • Study of feature interactions in new complex VoIP functionalities • Such as presence

  10. Already done • Study of access control methods: • Firewalls • Access control languages such as XACML • Development of new access control paradigms: • Process-based access control • Shown that logic flaws in the specifications of such systems can lead to security flaws

  11. Forthcoming • Generalizing this research, by applying our method to other access control systems • Extension to business control languages such as BPEL and variations • Extensions to SLAs (Service-Level Agreements)

More Related