Karsten Sohr

Universität Bremen, Bremen, Bremen, Germany

Are you Karsten Sohr?

Claim your profile

Publications (37)4.14 Total impact

  • [show abstract] [hide abstract]
    ABSTRACT: The stringent security requirements of organisations like banks or hospitals frequently adopt role-based access control (RBAC) principles to represent and simplify their internal permission management. While representing a fundamental advanced RBAC concept enabling precise restrictions on access rights, authorisation constraints increase the complexity of the resulting security policies so that tool support for convenient creation and adequate validation is required. A particular contribution of our work is a new approach to developing and analysing RBAC policies using a UML-based domain-specific language (DSL), which allows the hiding of the mathematical structures of the underlying authorisation constraints implemented in OCL. The DSL we present is highly configurable and extensible with respect to new concepts and classes of authorisation constraints, and allows the developer to validate RBAC policies in an effective way. The handling of dynamic (that is, time-dependent) constraints, their visual representation through the RBAC DSL and their analysis all form another part of our contribution. The approach is supported by a UML and OCL validation tool.
    Mathematical Structures in Computer Science 08/2013; 23(04). · 0.72 Impact Factor
  • [show abstract] [hide abstract]
    ABSTRACT: Ensuring the correctness of high-level security properties including access control policies in mission-critical applications is indispensable. Recent literature has shown how immaturity of such properties has caused serious security vulnerabilities, which are likely to be exploited by malicious parties for compromising a given application. This situation gets aggravated by the fact that modern applications are mostly built on previously developed reusable software modules and any failures in security properties in these reusable modules may lead to vulnerabilities across associated applications. In this paper, we propose a framework to address this issue by adopting Design by Contract (DBC) features. Our framework accommodates security properties in each application focusing on access control requirements. We demonstrate how access control requirements based on ANSI RBAC standard model can be specified and verified at the source code level.
    Computer Software and Applications Conference (COMPSAC), 2013 IEEE 37th Annual; 01/2013
  • [show abstract] [hide abstract]
    ABSTRACT: Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for end users, while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent manner. In this paper, we propose to employ static analysis, based on the software architecture and focused on data-flow analysis, to detect information flows between components. Specifically, we aim to reveal transitivity-of-trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with two Android applications.
    Availability, Reliability and Security (ARES), 2013 Eighth International Conference on; 01/2013
  • [show abstract] [hide abstract]
    ABSTRACT: Security is getting more and more important for the software development process as the advent of more complex, connected and extensible software entails new risks. In particular, multi-tier business applications, e.g., based on the Service-Oriented Architecture (SOA), are vulnerable to new attacks, which may endanger the business processes of an organization. These applications consist often of legacy code, which is now exported via Web Services, although it has originally been developed for internal use only. The last years showed great progress in the area of static code analysis for the detection of common low level security bugs, such as buffer overflows and cross-site scripting vulnerabilities. However, there is still a lack of tools that allow an analyst to assess the implemented security architecture of an application. In this paper, we propose a technique that automatically extracts the implemented security architecture of Java-based business applications from the source code. In addition, we carry out threat modeling on this extracted architecture to detect security flaws. We evaluate and discuss our approach with the help of two commercial real-world case studies, one taken from the e-government domain and the other one from logistics.
    European Conference on Software Maintenance and Reengineering; 01/2013
  • [show abstract] [hide abstract]
    ABSTRACT: ContextRole-based access control (RBAC) has become the de facto standard for access management in various large-scale organizations. Often role-based policies must implement organizational rules to satisfy compliance or authorization requirements, e.g., the principle of separation of duty (SoD). To provide business continuity, organizations should also support the delegation of access rights and roles, respectively. This, however, makes access control more complex and error-prone, in particular, when delegation concepts interplay with SoD rules.ObjectiveA systematic way to specify and validate access control policies consisting of organizational rules such as SoD as well as delegation and revocation rules shall be developed. A domain-specific language for RBAC as well as delegation concepts shall be made available.Method In this paper, we present an approach to the precise specification and validation of role-based policies based on UML and OCL. We significantly extend our earlier work, which proposed a UML-based domain-specific language for RBAC, by supporting delegation and revocation concepts.ResultWe show the appropriateness of our approach by applying it to a banking application. In particular, we give three scenarios for validating the interplay between SoD rules and delegation/revocation.Conclusion To the best of our knowledge, this is the first attempt to formalize advanced RBAC concepts, such as history-based SoD as well as various delegation and revocation schemes, with UML and OCL. With the rich tool support of UML, we believe our work can be employed to validate and implement real-world role-based policies.
    Information and Software Technology 12/2012; 54(12):1396–1417. · 1.52 Impact Factor
  • International Journal On Advances in Security. 07/2012; 5(1&2):46-67.
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for the end users while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. In this paper, we propose to employ static analysis based on the software architecture and focused data flow analysis to scalably detect information flows between components. Specifically, we aim to reveal transitivity of trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with Android applications, although the generalization of the analysis to similar composition-based architectures, such as Service-oriented Architecture, can also be explored in the future.
    04/2012;
  • [show abstract] [hide abstract]
    ABSTRACT: Asset information obtained via infrastructure analysis is essential for developing and establishing risk management. However, information about assets acquired by existing infrastructure analysis processes is often incomplete or lacking in detail, especially concerning their interconnected topology. In this paper, we present the Interconnected-asset Ontology, IO, as a step towards a standardized representation of detailed asset information. The utilization of an asset ontology as a machine-readable representation supports the automation of risk management processes and the standardization of asset information reduces redundant acquisition processes that are often found in practice.
    Availability, Reliability and Security (ARES), 2012 Seventh International Conference on; 01/2012
  • International Conferences on Pervasive Patterns and Applications (PATTERNS); 01/2011
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: Organizations with stringent security requirements like banks or hospitals frequently adopt role-based access con-trol (RBAC) principles to simplify their internal permission management. Authorization constraints represent a fundamental advanced RBAC concept enabling precise restrictions on access rights. Thereby, the complexity of the resulting security policies increases so that tool support for comfortable creation and adequate validation is required. We propose a new approach to developing and analyzing RBAC policies using UML for modeling RBAC core concepts and OCL to realize authorization constraints. Dynamic (i. e., time-dependent) constraints, their visual representation in UML and their analysis are of special interest. The approach results in a domain-specific language for RBAC which is highly configurable and extendable with respect to new RBAC concepts and classes of authorization constraints and allows the developer to validate RBAC policies in an effective way. The approach is supported by a UML and OCL validation tool.
    01/2011;
  • Source
    Michaela Bunke, Karsten Sohr
    Engineering Secure Software and Systems - Third International Symposium, ESSoS 2011, Madrid, Spain, February 9-10, 2011. Proceedings; 01/2011
  • Source
    Karsten Sohr, Tanveer Mustafa, Adrian Nowak
    [show abstract] [hide abstract]
    ABSTRACT: More and more functionality is provided by mobile phones today; this trend will continue over the next years. However, with the increasing functionality new risks go along. This not only applies to security-critical mobile applications such as m-banking or m-commerce applications. The end user's privacy may also be in danger or the operator may be the target of an attack. In this paper, we discuss security risks introduced by mobile phones considering the perspectives of the different parties involved in telecommunications systems. Specifically, we demonstrate those risks by means of a security hole discovered in a large number of mobile phones. The security hole can be exploited to obtain manufacturer or even operator permissions. In particular, we implemented a Java-based Trojan horse. This way, the compromised mobile phone can be used as an eavesdropping device by an attacker. All in all, this demonstrates that the risks are not only theoretical, but also real. We also sketch a methodology for the security analysis of mobile phone software.
    Proceedings of the 2011 ACM Symposium on Applied Computing (SAC), TaiChung, Taiwan, March 21 - 24, 2011; 01/2011
  • [show abstract] [hide abstract]
    ABSTRACT: Zusammenfassung Koordinierte verteilte Angriffe im Internet sind ein akutes Problem. Während Angriffe jedoch in kollaborativen Verbünden organisiert werden, verteidigen Unternehmen sich häufig im Alleingang. Sicherheitsmaßnahmen gelten oft als wohl gehütete Geheimnisse und werden ungern preisgegeben. In diesem Beitrag werden Methoden und Voraussetzungen vorgestellt, die einen kooperativen Austausch von sicherheitsrelevantem Wissen ermöglichen, ohne damit etwaige eigene Schwachstellen offen zu legen.
    Datenschutz und Datensicherheit - DuD 01/2011; 35(4):258-261.
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: Software security has made great progress, code analysis tools are widely-used in industry for detecting common implementation-level security bugs. However, given the fact that we must deal with legacy code we plead to employ the techniques long been developed in the research area of program comprehension for software security. In cooperation with a security expert, we carried out a case study with the mobile phone platform Android, and employed the reverse engineering tool-suite Bauhaus for this security assessment. During the investigation we found some inconsistencies in the implementation of the Android security concepts. Based on the lessons learned from the case study, we propose several research topics in the area of reverse engineering that would support a security analyst during security assessments.
    18th Working Conference on Reverse Engineering, WCRE 2011, Limerick, Ireland, October 17-20, 2011; 01/2011
  • Source
    Karsten Sohr, Bernhard J. Berger
    Engineering Secure Software and Systems, Second International Symposium, ESSoS 2010, Pisa, Italy, February 3-4, 2010. Proceedings; 01/2010
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: Intrusion detection in computer networks faces the problem of a large number of both false alarms and unrecognized attacks. To improve the precision of detection, various machine learning techniques have been proposed. However, one critical issue is that the amount of reference data that contains serious intrusions is very sparse. In this paper we present an inference process with linear chain conditional random fields that aims to solve this problem by using domain knowledge about the alerts of different intrusion sensors represented in an ontology.
    Intelligent Data Engineering and Automated Learning - IDEAL 2010, 11th International Conference, Paisley, UK, September 1-3, 2010. Proceedings; 01/2010
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: An ever increasing amount of functionality is incorporated into mobile phones-this trend will continue as new mobile phone platforms are more widely used such as the iPhone or Android. Along with this trend, however, new risks arise, especially for enterprises using mobile phones for security-critical applications such as business intelligence (BI). Although platforms like Android have implemented sophisticated security mechanisms, security holes have been reported. In addition, different stakeholders have access to mobile phones such as different enterprises, service providers, operators, or manufacturers. In order to protect security-critical business applications, a trustworthy mobile phone platform is needed. Starting with typical attack scenarios, we describe a security architecture for Android mobile phones based on the concepts of Trusted Computing. In particular, this architecture allows for a dynamic policy change to reflect the current environment the phone is being used in.
    IEEE/IFIP 8th International Conference on Embedded and Ubiquitous Computing, EUC 2010, Hong Kong, China, 11-13 December 2010; 01/2010
  • [show abstract] [hide abstract]
    ABSTRACT: In this paper we survey the architecture and AI aspects in our project on early warning- and intrusion detection based on combined AI methods. We address the problem of alarm as- sessment in intrusion detection and use plan reconstruction based on hierarchically organised procedural knowledge that contains descriptions of adversary actions. Reconstructed plans are supposed to correlate events and alarms from a SIEM and provide explanations for a security expert. We also aim at predicting the next steps of multi-stage intrusion attacks in computer networks. Therefore a probabilistic rela- tional reasoning over time method based on hidden Markov models is proposed.
    01/2009;
  • Source
    [show abstract] [hide abstract]
    ABSTRACT: Today more and more security-relevant data is stored on computer systems; security-critical business processes are mapped to their digital counterparts. This situation applies to various domains such as health care industry, digital government, and financial service institutes requiring that different security requirements must be fulfilled. Authorisation constraints can help the policy architect design and express higher-level organisational rules. Although the importance of authorisation constraints has been addressed in the literature, there does not exist a systematic way to verify and validate authorisation constraints. In this paper, we specify both non-temporal and history-based authorisation constraints in the Object Constraint Language (OCL) and first-order linear temporal logic (LTL). Based upon these specifications, we attempt to formally verify role-based access control policies with the help of a theorem prover and to validate policies with the USE system, a validation tool for OCL constraints. We also describe an authorisation engine, which supports the enforcement of authorisation constraints.
    IEEE Transactions on Knowledge and Data Engineering 08/2008; 20(7):924-939. · 1.89 Impact Factor
  • IEEE Trans. Knowl. Data Eng. 01/2008; 20:924-939.