Users interacting with a UI-embedded machine or system are typically obliged to perform their actions in a pre-determined order, to successfully achieve certain functional goals. However, such obligations are often not followed strictly by users, which may lead to the violation to security properties, especially in security-critical systems. In order to improve the security with the awareness of unexpected user behaviors, a system can be redesigned to a more robust one by changing the order of actions in its specification. Meanwhile, we anticipate that the functionalities would remain consistent following the modifications. In this paper, we propose an efficient algorithm to automatically produce specification revisions tackling with attack scenarios caused by the weakened user obligations. By our algorithm, all the revisions maintain the integrity of the functionalities as the original specification, which are generated using a novel recomposition approach. Then, the qualified revisions that can satisfy the security requirements would be efficiently spotted by a hybrid approach combining model checking and machine learning techniques. We evaluate our algorithm by comparing its performance with a state-of-the-art approach regarding their coverage and searching speed of the desirable revisions.

中文翻译：

---

OACAL：寻找模块一致的解决方案来削弱用户的义务

与嵌入 UI 的机器或系统交互的用户通常必须按预定顺序执行他们的操作，以成功实现某些功能目标。然而，用户往往不严格遵守这些义务，这可能导致违反安全属性，尤其是在安全关键系统中。为了通过对意外用户行为的感知来提高安全性，可以通过更改其规范中的操作顺序来将系统重新设计为更健壮的系统。同时，我们预计功能将在修改后保持一致。在本文中，我们提出了一种有效的算法来自动生成规范修订，以应对因用户义务减弱而引起的攻击场景。通过我们的算法，所有修订版都保持了原始规范的功能完整性，这些功能是使用新颖的重组方法生成的。然后，可以通过结合模型检查和机器学习技术的混合方法有效地发现可以满足安全要求的合格修订。我们通过将其性能与最先进的方法进行比较来评估我们的算法，关于它们的覆盖范围和所需修订的搜索速度。