Formal Approaches for Automated Security Evaluation

Presented at the SERENE-RISC Workshop October 2017

Jason Jaskolka
Carleton University

Many of today’s most critical systems such as those found in the transportation, financial, medical, communications, and national defense domains are becoming more complex and interconnected. Because of this, there is an increasingly critical need for ensuring the security of these systems and the information that they use, store, and communicate, in the face of cyber-attacks and failures. In particular, the ability to automatically evaluate the security of such systems is in high demand. Security evaluation involves examining a system to determine its degree of compliance with standards and specifications by analyzing system designs, observing system behaviours, and/or attempting to penetrate the system using techniques available to potential adversaries.
Recently, formal (mathematically rigorous) methods and tools that are incorporated into system design processes have had increased success in capturing the evidence needed to prove important system security, safety, and reliability properties. These methods and tools provide systematic frameworks upon which automated security evaluation methodologies capable of verifying and validating system security properties can be developed.
In this talk, I will highlight current efforts in identifying and analyzing potential vulnerabilities to assess the security of complex systems, and we will discuss recent advances in formal approaches for automated security evaluation.

About the speaker
Dr. Jason Jaskolka is an Assistant Professor in the Department of Systems and Computer Engineering at Carleton University, Ottawa, ON, Canada. He received his Ph.D. in Software Engineering in 2015 from McMaster University, Hamilton, ON, Canada. His research interests include cybersecurity assurance and security-by-design, covert channel analysis, distributed multi-agent systems, and formal methods and algebraic approaches for software engineering. His current research aims to address critical issues in designing and implementing safe, secure, and reliable systems. He is working towards the development of methodologies for developing intrinsically secure and resilient software-dependent systems. Dr. Jaskolka is also currently working with the U.S. Department of Homeland Security and the Critical Infrastructure Resilience Institute on designing and developing critical infrastructure cybersecurity assessment methodologies and associated modeling and simulation environments.

Runtime: Approx 23 Minutes