Department of Computer Science
Permanent URI for this community
This digital collection contains faculty/student publications, theses, and dissertations from the Department of Computer Science.
Browse
Browsing Department of Computer Science by Author "Abdelgawad, Mahmoud, author"
Now showing 1 - 2 of 2
Results Per Page
Sort Options
Item Open Access Methodology for resiliency analysis of mission-critical systems(Colorado State University. Libraries, 2024-05-21) Abdelgawad, Mahmoud, author; Ray, Indrakshi, author; ACM, publisherMission-critical systems ensure the safety and security of any nation. Attacks on mission-critical systems can have devastating consequences. We need to design missions that can prevent, detect, survive, recover, and respond to faults and cyber attacks. In other words, we must design missions that are cyber-resilient. System engineering techniques must be used to specify, analyze, and understand where adverse events are possible and how to mitigate them while a mission-critical system is deployed. This work introduces an end-to-end methodology for designing cyber-resilient mission-critical systems. The methodology first specifies a mission in the form of a workflow. It then converts the mission workflow into formal representation using Coloured Petri Nets (CPN). The methodology also derives threat models from the mission specification. The threat models are used to form a formal specification of attacks that can be represented in CPN. These CPN attacks are plugged into potential places in the CPN mission to design various attack scenarios. The methodology finally verifies the state transitions of the CPN mission attached to attacks to analyze the resiliency of the mission. It identifies in which state transition the mission succeeds, fails, and is incomplete. The methodology is applied to a drone surveillance system as a motivating example. The result shows that the methodology is practical for resiliency analysis of mission-critical systems. The methodology demonstrates how to restrict a mission to improve the resiliency of mission-critical systems. The methodology provides crucial insights in the early stages of mission specification to achieve cyber resiliency.Item Open Access Synthesizing and analyzing attribute-based access control model generated from natural language policy statements(Colorado State University. Libraries, 2023-05-24) Abdelgawad, Mahmoud, author; Ray, Indrakshi, author; Alqurashi, Saja, author; Venkatesha, Videep, author; Shirazi, Hosein, author; ACM, publisherAccess control policies (ACPs) are natural language statements that describe criteria under which users can access resources. We focus on constructing NIST Next Generation Access Control (NGAC) ABAC model from ACP statements. NGAC is more complex than RBAC or XACML ABAC as it supports dynamic, event-based policies, as well as prohibitions. We provide algorithms that use spaCy, a NLP library, to extract entities and relations from ACP sentences and convert them into the NGAC model. We then convert this NGAC model into Neo4j representation for the purpose of analysis. We apply the approach to various real-world ACP datasets to demonstrate the feasibility and assess scalability. We demonstrate that the approach is scalable and effectively extracts the NGAC ABAC model from large ACP datasets. We also show that redundancies and inconsistencies of ACP sentences are often found in unclean datasets.