Use this URL to cite or link to this record in EThOS:
Title: Analysing safety-critical systems and security protocols with abstract state machines
Author: Al-Shareefi, Farah
ISNI:       0000 0004 8501 657X
Awarding Body: University of Liverpool
Current Institution: University of Liverpool
Date of Award: 2019
Availability of Full Text:
Access from EThOS:
Access from Institution:
The research presented in this thesis is directed at the analysis of critical systems and protocols and the improvement of their safety and security aspects respectively, by combining formal and informal analysis methods. More specifically, we focus at combining Abstract State Machines (ASMs) as a formal method, with System Theoretic Process Analysis (STPA) as a safety analysis technique, with the aims of developing safer systems and more secure protocols. The ASM method was chosen due to both its generality in specifying any system at a convenient level of abstraction, and its specification which is supported by different formal analysis activities. While the reason for choosing STPA was its capability of eliciting safety requirements originated from inadequate control actions which affect the whole system functions. The first contribution of this thesis is a methodology to analyse safety-critical systems by capturing both the formal representation of ASM and the safety requirements generated by the STPA. This has the advantages of verifying the STPA requirements in a formal way and giving insights to improve the ASM specification, depending on these requirements. We illustrated this methodology by applying it to a train door controller and an insulin pump control system case studies, showing what safety issues it highlighted. The second contribution of the work presented in this thesis is a systematic methodology for analysing security protocols. This methodology was intended to provide a link between the formal simulation of external attack scenarios and protocol under analysis specified by the ASM method, and the analysis outcomes of a proposed technique called FATI method. The FATI (Flaws and Attack Types Identification) method is an inspired form of STPA that applies queries on each protocol action to determine the possible protocol flaws and their expected attack types. The identified attack types help to select the attack scenario specifications whose simulations are likely to produce attacks. Our methodology also minimized the number of the simulated protocol runs by reducing the number of intruder's messages through considering the receiver's expectations about the message type format and the content. Furthermore, we showed how to analyse protocols in the presence of an algebraic property for the commutative encryption. Our methodology for analysing security protocols was applied to several protocols. Moreover, within the security protocols area, we clarified the ambiguous requirements for simple authentication and security layer example depending on the ASM method.
Supervisor: Lisitsa, Alexei ; Dixon, Clare Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral