-
Systematic review of automatic translation of high-level security policy into firewall rules
Authors:
Ivan Kovačević,
Bruno Štengl,
Stjepan Groš
Abstract:
Firewalls are security devices that perform network traffic filtering. They are ubiquitous in the industry and are a common method used to enforce organizational security policy. Security policy is specified on a high level of abstraction, with statements such as "web browsing is allowed only on workstations inside the office network", and needs to be translated into low-level firewall rules to be…
▽ More
Firewalls are security devices that perform network traffic filtering. They are ubiquitous in the industry and are a common method used to enforce organizational security policy. Security policy is specified on a high level of abstraction, with statements such as "web browsing is allowed only on workstations inside the office network", and needs to be translated into low-level firewall rules to be enforceable. There has been a lot of work regarding optimization, analysis and platform independence of firewall rules, but an area that has seen much less success is automatic translation of high-level security policies into firewall rules. In addition to improving rules' readability, such translation would make it easier to detect errors.This paper surveys of over twenty papers that aim to generate firewall rules according to a security policy specified on a higher level of abstraction. It also presents an overview of similar features in modern firewall systems. Most approaches define specialized domain languages that get compiled into firewall rule sets, with some of them relying on formal specification, ontology, or graphical models. The approaches' have improved over time, but there are still many drawbacks that need to be solved before wider application.
△ Less
Submitted 7 December, 2022;
originally announced December 2022.
-
Automatically generating models of IT systems
Authors:
Ivan Kovačević,
Stjepan Groš,
Ante Đerek
Abstract:
Information technology system (ITS), informally, consists of hardware and software infrastructure (e.g., workstations, servers, laptops, installed software packages, databases, LANs, firewalls, etc.), along with physical and logical connections and inter-dependencies between various items. Nowadays, every company owns and operates an ITS, but detailed information about the system is rarely publicl…
▽ More
Information technology system (ITS), informally, consists of hardware and software infrastructure (e.g., workstations, servers, laptops, installed software packages, databases, LANs, firewalls, etc.), along with physical and logical connections and inter-dependencies between various items. Nowadays, every company owns and operates an ITS, but detailed information about the system is rarely publicly available. However, there are many situations where the availability of such data would be beneficial. For example, cyber ranges need descriptions of complex realistic IT systems in order to provide an effective training and education platform. Furthermore, various algorithms in cybersecurity, in particular attack tree generation, need to be validated on realistic models of IT systems. In this paper, we describe a system we call the Generator that, based on the high-level requirements such as the number of employees and the business area the target company belongs to, generates a model of an ITS that satisfies the given requirements. We put special emphasis on the following two criteria: the generated ITS models a large amount of details, and ideally resembles a real system. Our survey of related literature found no sufficiently similar prior works, so we believe that this is the first attempt of building something like this. We created a proof-of-concept implementation of the Generator, validated it by generating ITS models for a simplified fictional financial institution, and analyzed the Generators performance with respect to the problem size. The research was done in an iterative manner, with coauthors continuously providing feedback on intermediate results. (...) We intend to extend this prototype to allow probabilistic generation of IT systems when only a subset of parameters is explicitly defined, and further develop and validate our approach with the help of domain experts.
△ Less
Submitted 31 January, 2022; v1 submitted 23 July, 2021;
originally announced July 2021.
-
Controlled Update of Software Components using Concurrent Exection of Patched and Unpatched Versions
Authors:
Stjepan Groš,
Ivan Kovačević,
Ivan Dujmić,
Matej Petrinović
Abstract:
Software patching is a common method of removing vulnerabilities in software components to make IT systems more secure. However, there are many cases where software patching is not possible due to the critical nature of the application, especially when the vendor providing the application guarantees correct operation only in a specific configuration. In this paper, we propose a method to solve thi…
▽ More
Software patching is a common method of removing vulnerabilities in software components to make IT systems more secure. However, there are many cases where software patching is not possible due to the critical nature of the application, especially when the vendor providing the application guarantees correct operation only in a specific configuration. In this paper, we propose a method to solve this problem. The idea is to run unpatched and patched application instances concurrently, with the unpatched one having complete control and the output of the patched one being used only for comparison, to watch for differences that are consequences of introduced bugs. To test this idea, we developed a system that allows us to run web applications in parallel and tested three web applications. The experiments have shown that the idea is promising for web applications from the technical side. Furthermore, we discuss the potential limitations of this system and the idea in general, how long two instances should run in order to be able to claim with some probability that the patched version has not introduced any new bugs, other potential use cases of the proposed system where two application instances run concurrently, and finally the potential uses of this system with different types of applications, such as SCADA systems.
△ Less
Submitted 2 June, 2021;
originally announced June 2021.
-
IoT Wallet: Machine Learning-based Sensor Portfolio Application
Authors:
Petar Šolić,
Ante Lojić Kapetanović,
Tomislav Županović,
Ivo Kovačević,
Toni Perković,
Petar Popovski
Abstract:
In this paper an application for building sensor wallet is presented. Currently, given system collects sensor data from The Things Network (TTN) cloud system, stores the data into the Influx database and presents the processed data to the user dashboard. Based on the type of the user, data can be viewed-only, controlled or the top user can register the sensor to the system. Moreover, the system ca…
▽ More
In this paper an application for building sensor wallet is presented. Currently, given system collects sensor data from The Things Network (TTN) cloud system, stores the data into the Influx database and presents the processed data to the user dashboard. Based on the type of the user, data can be viewed-only, controlled or the top user can register the sensor to the system. Moreover, the system can notify users based on the rules that can be adjusted through the user interface. The special feature of the system is the machine learning service that can be used in various scenarios and is presented throughout the case study that gives a novel approach to estimate soil moisture from the signal strength of a given underground LoRa beacon node.
△ Less
Submitted 13 November, 2020;
originally announced November 2020.
-
Phase diagram of diluted Ising ferromagnet LiHo$_x$Y$_{1-x}$F$_4$
Authors:
P. Babkevich,
N. Nikseresht,
I. Kovacevic,
J. O. Piatek,
B. Dalla Piazza,
C. Kraemer,
K. W. Krämer,
K. Prokeš,
S. Mat'aš,
J. Jensen,
H. M. Rønnow
Abstract:
We present a systematic study of the phase diagram of LiHo$_x$Y$_{1-x}$F$_4$ ($0.25<x<1$) Ising ferromagnets obtained from neutron scattering measurements and mean-field calculations. We show that while the thermal phase transition decreases linearly with dilution, as predicted by mean-field theory, the critical transverse field at the quantum critical point is suppressed much faster. This behavio…
▽ More
We present a systematic study of the phase diagram of LiHo$_x$Y$_{1-x}$F$_4$ ($0.25<x<1$) Ising ferromagnets obtained from neutron scattering measurements and mean-field calculations. We show that while the thermal phase transition decreases linearly with dilution, as predicted by mean-field theory, the critical transverse field at the quantum critical point is suppressed much faster. This behavior is related to competition between off-diagonal dipolar coupling and quantum fluctuations that are tuned by do** and applied field, respectively. In this paper, we quantify the deviation of the experimental results from mean-field predictions, with the aim that this analysis can be used in future theoretical efforts towards a quantitative description.
△ Less
Submitted 29 November, 2016;
originally announced November 2016.
-
Joint Resource Bidding and Tip** Strategies in Multi-hop Cognitive Networks
Authors:
Beatriz Lorenzo,
Ivana Kovacevic,
Ana Peleteiro,
Francisco J. Gonzalez-Castano,
Juan C. Burguillo
Abstract:
In multi-hop secondary networks, bidding strategies for spectrum auction, route selection and relaying incentives should be jointly considered to establish multi-hop communication. In this paper, a framework for joint resource bidding and tip** is developed where users iteratively revise their strategies, which include bidding and incentivizing relays, to achieve their Quality of Service (QoS) r…
▽ More
In multi-hop secondary networks, bidding strategies for spectrum auction, route selection and relaying incentives should be jointly considered to establish multi-hop communication. In this paper, a framework for joint resource bidding and tip** is developed where users iteratively revise their strategies, which include bidding and incentivizing relays, to achieve their Quality of Service (QoS) requirements. A bidding language is designed to generalize secondary users' heterogeneous demands for multiple resources and willingness to pay. Then, group partitioning-based auction mechanisms are presented to exploit the heterogeneity of SU demands in multi-hop secondary networks. These mechanisms include primary operator (PO) strategies based on static and dynamic partition schemes combined with new payment mechanisms to obtain high revenue and fairly allocate the resources. The proposed auction schemes stimulate the participation of SUs and provide high revenue for the PO while maximizing the social welfare. Besides, they satisfy the properties of truthfulness, individual rationality and computational tractability. Simulation results have shown that for highly demanding users the static group scheme achieves 150% more winners and 3 times higher revenue for the PO compared to a scheme without grou**. For lowly demanding users, the PO may keep similar revenue with the dynamic scheme by lowering 50% the price per channel as the number of winners will increase proportionally.
△ Less
Submitted 10 October, 2016;
originally announced October 2016.
-
Probing strongly hybrid nuclear-electronic states in a model quantum ferromagnet
Authors:
I. Kovacevic,
P. Babkevich,
M. Jeong,
J. O. Piatek,
G. Boero,
H. M. Rønnow
Abstract:
We present direct local-probe evidence for strongly hybridized nuclear-electronic spin states of an Ising ferromagnet LiHoF$_4$ in a transverse magnetic field. The nuclear-electronic states are addressed via a magnetic resonance in the GHz frequency range using coplanar resonators and a vector network analyzer. The magnetic resonance spectrum is successfully traced over the entire field-temperatur…
▽ More
We present direct local-probe evidence for strongly hybridized nuclear-electronic spin states of an Ising ferromagnet LiHoF$_4$ in a transverse magnetic field. The nuclear-electronic states are addressed via a magnetic resonance in the GHz frequency range using coplanar resonators and a vector network analyzer. The magnetic resonance spectrum is successfully traced over the entire field-temperature phase diagram, which is remarkably well reproduced by mean-field calculations. Our method can be directly applied to a broad class of materials containing rare-earth ions for probing the substantially mixed nature of the nuclear and electronic moments.
△ Less
Submitted 30 December, 2016; v1 submitted 1 July, 2016;
originally announced July 2016.
-
Dimensional Reduction in Quantum Dipolar Antiferromagnets
Authors:
P. Babkevich,
M. Jeong,
Y. Matsumoto,
I. Kovacevic,
A. Finco,
R. Toft-Petersen,
C. Ritter,
M. Månsson,
S. Nakatsuji,
H. M. Rønnow
Abstract:
We report ac susceptibility, specific heat, and neutron scattering measurements on a dipolar-coupled antiferromagnet LiYbF$_4$. For the thermal transition, the order-parameter critical exponent is found to be 0.20(1) and the specific-heat critical exponent -0.25(1). The exponents agree with the 2D XY/h$_4$ universality class despite the lack of apparent two-dimensionality in the structure. The ord…
▽ More
We report ac susceptibility, specific heat, and neutron scattering measurements on a dipolar-coupled antiferromagnet LiYbF$_4$. For the thermal transition, the order-parameter critical exponent is found to be 0.20(1) and the specific-heat critical exponent -0.25(1). The exponents agree with the 2D XY/h$_4$ universality class despite the lack of apparent two-dimensionality in the structure. The order-parameter exponent for the quantum phase transitions is found to be 0.35(1) corresponding to (2+1)D. These results are in line with those found for LiErF$_4$ which has the same crystal structure, but largely different T$_N$, crystal field environment and hyperfine interactions. Our results therefore experimentally establish that the dimensional reduction is universal to quantum dipolar antiferromagnets on a distorted diamond lattice.
△ Less
Submitted 11 May, 2016;
originally announced May 2016.
-
Exploiting Context-Awareness for Secure Spectrum Trading in Multi-hop Cognitive Cellular Networks
Authors:
B. Lorenzo,
I. Kovacevic,
F. J. Gonzalez-Castano,
J. C. Burguillo
Abstract:
In this paper, we consider context-awareness to enhance route reliability and robustness in multi-hop cognitive networks. A novel context-aware route discovery protocol is presented to enable secondary users to select the route according to their QoS requirements. The protocol facilitates adjacent relay selection under different criteria, such as shortest available path, route reliability and rela…
▽ More
In this paper, we consider context-awareness to enhance route reliability and robustness in multi-hop cognitive networks. A novel context-aware route discovery protocol is presented to enable secondary users to select the route according to their QoS requirements. The protocol facilitates adjacent relay selection under different criteria, such as shortest available path, route reliability and relay reputation. New routing and security-based metrics are defined to measure route robustness in spatial, frequency and temporal domains. Secure throughput, defined as the percentage of traffic not being intercepted in the network, is provided. The resources needed for trading are then obtained by jointly optimizing secure throughput and trading price. Simulation results show that when there is a traffic imbalance of factor 4 between the primary and secondary networks, 4 channels are needed to achieve 90% link reliability and 99% secure throughput in the secondary network. Besides, when relay reputation varies from 0.5 to 0.9, a 20% variation in the required resources is observed.
△ Less
Submitted 9 January, 2016;
originally announced January 2016.
-
Neutron spectroscopic study of crystal-field excitations and the effect of the crystal field on dipolar magnetism in Li$R$F$_4$ ($R$ = Gd, Ho, Er, Tm, and Yb)
Authors:
P. Babkevich,
A. Finco,
M. Jeong,
B. Dalla Piazza,
I. Kovacevic,
G. Klughertz,
K. W. Krämer,
C. Kraemer,
D. T. Adroja,
E. Goremychkin,
T. Unruh,
T. Strässle,
A. Di Lieto,
J. Jensen,
H. M. Rønnow
Abstract:
We present a systematic study of the crystal field interactions in the Li$R$F$_4$, $R$ = Gd, Ho, Er, Tm and Yb, family of rare-earth magnets. Using detailed inelastic neutron scattering measurements we have been able to quantify the transition energies and wavefunctions for each system. This allows us to quantitatively describe the high-temperature susceptibility measurements for the series of mat…
▽ More
We present a systematic study of the crystal field interactions in the Li$R$F$_4$, $R$ = Gd, Ho, Er, Tm and Yb, family of rare-earth magnets. Using detailed inelastic neutron scattering measurements we have been able to quantify the transition energies and wavefunctions for each system. This allows us to quantitatively describe the high-temperature susceptibility measurements for the series of materials and make predictions based on a mean-field approach for the low-temperature thermal and quantum phase transitions. We show that coupling between crystal field and phonon states leads to lineshape broadening in LiTmF$_4$ and level splitting in LiYbF$_4$. Furthermore, using high resolution neutron scattering from LiHoF$_4$, we find anomalous broadening of crystal-field excitations which we attribute to magnetoelastic coupling.
△ Less
Submitted 26 October, 2015;
originally announced October 2015.
-
Non-equilibrium hysteresis and spin relaxation in the mixed-anisotropy dipolar coupled spin-glass LiHo$_{0.5}$Er$_{0.5}$F$_{4}$
Authors:
J. O. Piatek,
I. Kovacevic,
P. Babkevich,
B. Dalla Piazza,
S. Neithardt,
J. Gavilano,
K. W. Krämer,
H. M. Rønnow
Abstract:
We present a study of the model spin-glass LiHo$_{0.5}$Er$_{0.5}$F$_4$ using simultaneous AC susceptibility, magnetization and magnetocaloric effect measurements along with small angle neutron scattering (SANS) at sub-Kelvin temperatures. All measured bulk quantities reveal hysteretic behavior when the field is applied along the crystallographic c axis. Furthermore avalanche-like relaxation is obs…
▽ More
We present a study of the model spin-glass LiHo$_{0.5}$Er$_{0.5}$F$_4$ using simultaneous AC susceptibility, magnetization and magnetocaloric effect measurements along with small angle neutron scattering (SANS) at sub-Kelvin temperatures. All measured bulk quantities reveal hysteretic behavior when the field is applied along the crystallographic c axis. Furthermore avalanche-like relaxation is observed in a static field after ram** from the zero-field-cooled state up to $200 - 300$ Oe. SANS measurements are employed to track the microscopic spin reconfiguration throughout both the hysteresis loop and the related relaxation. Comparing the SANS data to inhomogeneous mean-field calculations performed on a box of one million unit cells provides a real-space picture of the spin configuration. We discover that the avalanche is being driven by released Zeeman energy, which heats the sample and creates positive feedback, continuing the avalanche. The combination of SANS and mean-field simulations reveal that the conventional distribution of cluster sizes is replaced by one with a depletion of intermediate cluster sizes for much of the hysteresis loop.
△ Less
Submitted 21 November, 2014;
originally announced November 2014.
-
Cooperative dynamics in charge-ordered state of alpha-(BEDT-TTF)2I3
Authors:
T. Ivek,
I. Kovačević,
M. Pinterić,
B. Korin-Hamzić,
S. Tomić,
T. Knoblauch,
D. Schweitzer,
M. Dressel
Abstract:
Electric-field-dependent pulse measurements are reported in the charge-ordered state of alpha-(BEDT-TTF)2I3. At low electric fields up to about 50 V/cm only negligible deviations from Ohmic behavior can be identified with no threshold field. At larger electric fields and up to about 100 V/cm a reproducible negative differential resistance is observed with a significant change in shape of the measu…
▽ More
Electric-field-dependent pulse measurements are reported in the charge-ordered state of alpha-(BEDT-TTF)2I3. At low electric fields up to about 50 V/cm only negligible deviations from Ohmic behavior can be identified with no threshold field. At larger electric fields and up to about 100 V/cm a reproducible negative differential resistance is observed with a significant change in shape of the measured resistivity in time. These changes critically depend whether constant voltage or constant current is applied to the single crystal. At high enough electric fields the resistance displays a dramatic drop down to metallic values and relaxes subsequently in a single-exponential manner to its low-field steady-state value. We argue that such an electric-field induced negative differential resistance and switching to transient states are fingerprints of cooperative domain-wall dynamics inherent to two-dimensional bond-charge density wave with ferroelectric-like nature.
△ Less
Submitted 22 November, 2012; v1 submitted 17 August, 2012;
originally announced August 2012.