A Modeling and Formal Approach for the Precise Specification of Security Patterns

International audienceNon-functional requirements such as Security and Dependability (S &D) become more important as well as more difficult to achieve. In fact, the integration of security features requires the availability of both application domain specific knowledge and security expertise at the same time. Hence, capturing and providing this expertise by the way of security patterns can support the integration of S&D features by design to foster reuse during the process of software system development.The solution envisaged here is based on combining metamodeling techniques and formal methods to represent security pattern at two levels of abstraction fostering reuse during the process of pattern development and during the process of pattern-based development. The contribution of this work is twofold: (1) An improvement of our previous pattern modeling language for representing security pattern in the form of a subsystem providing appropriate interfaces and targeting security properties, (2) Formal specification and validation of pattern properties, using the interactive Isabelle/HOL proof assistant. The resulting validation artifacts may mainly complete the definitions, and provide semantics for the interfaces and the properties in the context of S&D. As a result, validated patterns will be used as bricks to build applications through a Model-Driven engineering approach

Common Criteria Related Security Design Patterns for Intelligent Sensors—Knowledge Engineering-Based Implementation

Intelligent sensors experience security problems very similar to those inherent to other kinds of IT products or systems. The assurance for these products or systems creation methodologies, like Common Criteria (ISO/IEC 15408) can be used to improve the robustness of the sensor systems in high risk environments. The paper presents the background and results of the previous research on patterns-based security specifications and introduces a new ontological approach. The elaborated ontology and knowledge base were validated on the IT security development process dealing with the sensor example. The contribution of the paper concerns the application of the knowledge engineering methodology to the previously developed Common Criteria compliant and pattern-based method for intelligent sensor security development. The issue presented in the paper has a broader significance in terms that it can solve information security problems in many application domains

A Model-based transformation process to validate and implement high-integrity systems

Despite numerous advances, building High-Integrity Embedded systems remains a complex task. They come with strong requirements to ensure safety, schedulability or security properties; one needs to combine multiple analysis to validate each of them. Model-Based Engineering is an accepted solution to address such complexity: analytical models are derived from an abstraction of the system to be built. Yet, ensuring that all abstractions are semantically consistent, remains an issue, e.g. when performing model checking for assessing safety, and then for schedulability using timed automata, and then when generating code. Complexity stems from the high-level view of the model compared to the low-level mechanisms used. In this paper, we present our approach based on AADL and its behavioral annex to refine iteratively an architecture description. Both application and runtime components are transformed into basic AADL constructs which have a strict counterpart in classical programming languages or patterns for verification. We detail the benefits of this process to enhance analysis and code generation. This work has been integrated to the AADL-tool support OSATE2

An Experience Report of Eliciting Security Requirements from Business Processes

Väikesed ja keskmise suurusega ettevõtted näevad vaeva, et leida strateegiaid saavutamaks kõrgetasemelist infoturvet. Tihti ei ole need ettevõtted teadlikud infotehnoloogiaga seonduvatest riskidest. Lisaks suurendab haavatavuse riski finants- ja IT osakondade vähesus, kellel ei ole oma teabeturbe ametnikku. Äriprotsesside juhtimise ning joondamine, mis omakorda avaldub turvalisuse vajaduste esiletoomises kasutades äriprotsessidepõhist lähenemist, pakub sellele sektoripõhisele teemale oma lahenduse, võimaldades juurutada turvalisuse riskidele orienteeritud mudeleid ka ärianalüütikute jaoks. Kontekstuaalsetel valdkondadel põhinevad mustrid illustreerivad ettevõttevarasid, haavatavust ja riskikohtlemist turvanõuete kujul. See saavutatakse kasutades äriprotsesside mudelit, Notation 2.0 modelleerimiskeelt ning spetsiaalselt projekteeritud lahendusi, mis lisanduvad IT turvalisuse valdkondkonnale. Selle tulemuseks on kohaldatav lahendus, mis kutsub esile turvanõuded. Selle uurimuse keskmes on mustrite rakendumine, mõõtmaks nende sooritust saksa SME-s. Ärivahendite ja ohutusalaste eesmärkide määramise järel identifitseeriti mitmed mustri esinemised, mis kulmineerusid mitmete ohutusnõuete määramisega. Rakendamise oskuste ja kasutatavusega seoses ettevõttega, tõi esile väga selge mustrite esinemise. Lisaks arendati eelnevaga seoses uus muster kasutades informatsioonisüsteemi turvariski juhtimise domeeni (Information System Security Risk Management Domain) mudelit. Lõpetuseks soovitab autor käesolevas uurimuses prioritiseerimise ja inspektsiooni meetodite kaasamist ohutuskvaliteedi nõuete tehnika metoodikast ning organisatsioonilise koosseisu teoreemi laiendust, mis omakorda võimaldab SREBP-i täiendavat automatiseerimist. Need muudatused toovad kaasa käsitluse, mille alusel suureneb väikese ja keskmise suurusega ettevõtete turvalisus. Märksõnad: väiksed ja keskmise suurusega ettevõtted, äriprotsesside juhtimine, ohutusnõuete esilekutsumine äriprotsesside baasil, ohutusriskialased mustrid, ohutusnõuded, mustri esinemised, informatsioonisüsteemi turvariski juhtimise domeeni mudel.Small and Medium Sized Enterprises struggle to find strategies to achieve a high level of information security or are unaware of the risks posed by information technology. A lack of finance and IT departments that miss an information security officer increase the risk of exploited vulnerabilities. The alignment of Business Process Management and Security engineering manifested in the Security Requirements Elicitation using Business Processes approach provides a solution of this sector wide issue by introducing Security Risk-oriented Patterns applicable also for Business analysts. Patterns that are based on contextual areas illustrate business assets, vulnerabilities and risk treatment in form of security requirements. This is achieved by using the Business Process Model and Notation 2.0 modeling language and specifically engineered extensions which add the IT security domain. Outcome of this bridging is an applicable solution to elicit security requirements. Core of this thesis is the pattern application to measure their performance in a German SME. After business assets and security objectives were set, several pattern occurrences have been identified that resulted in a number of security requirements. Implementation abilities and usefulness with regards to the company underlined strong pattern performance. Moreover, a new pattern has been developed by using the Information System Security Risk Management Domain Model. Finally, the inclusion of prioritization and inspection techniques from the Security Quality Requirements Engineering methodology is suggested and extensions from the theorem of organizational configurations that enable further automation of SREBP. These modifications result in an approach that increases the security of Small and Medium Sized Enterprises. Keywords: Small and Medium Sized Enterprises; Business Process Management; Security Requirements Elicitation using Business Processes; Security Risk-oriented Patterns; security requirements; pattern occurrences; Information System Security Risk Management Domain Mode

A security oriented approach in the development of multiagent systems : applied to the management of the health and social care needs of older people in England.

Security can play an important role in the development of some multi agent systems. However, a careful analysis of software development processes indicates that the definition of security requirements is, usually, considered after the design of the system. This approach, usually, leads to problems, such as conflicts between security and functional requirements, which can translate into security vulnerabilities. As a result, the integration of security issues in agent oriented software engineering methodologies has been identified as an important issue. Nevertheless, developers of agent oriented software engineering methodologies have mainly neglected security engineering and in fact very little evidence has been reported on work that integrates security issues into the development stages of agent oriented software engineering methodologies. This thesis advances the current state of the art In agent oriented software engineering in many ways. It identifies problems associated with the integration of security and software engineering and proposes a set of minimum requirements that a security oriented process should demonstrate. It extends the concepts and the development process of the Tropos methodology with respect to security to allow developers, even those with minimum security knowledge, to identify desired security requirements for their multi agent systems, reason about them, and as a result develop a system that satisfies its security requirements. In doing so, this research has developed (1) an analysis technique to enable developers to select amongst alternative architectural styles using as criteria the security requirements of the system, (2) a pattern language consisting of security patterns for multi agent systems, and (3) a scenario-based technique that allows developers to test the reaction of the system to potential attacks. The applicability of the approach is demonstrated by employing it in the development of the electronic single assessment process (eSAP) system, a real-life case study that provided the initial motivation for this research

Security-Driven Software Evolution Using A Model Driven Approach

High security level must be guaranteed in applications in order to mitigate risks during the deployment of information systems in open network environments. However, a significant number of legacy systems remain in use which poses security risks to the enterprise’ assets due to the poor technologies used and lack of security concerns when they were in design. Software reengineering is a way out to improve their security levels in a systematic way. Model driven is an approach in which model as defined by its type directs the execution of the process. The aim of this research is to explore how model driven approach can facilitate the software reengineering driven by security demand. The research in this thesis involves the following three phases. Firstly, legacy system understanding is performed using reverse engineering techniques. Task of this phase is to reverse engineer legacy system into UML models, partition the legacy system into subsystems with the help of model slicing technique and detect existing security mechanisms to determine whether or not the provided security in the legacy system satisfies the user’s security objectives. Secondly, security requirements are elicited using risk analysis method. It is the process of analysing key aspects of the legacy systems in terms of security. A new risk assessment method, taking consideration of asset, threat and vulnerability, is proposed and used to elicit the security requirements which will generate the detailed security requirements in the specific format to direct the subsequent security enhancement. Finally, security enhancement for the system is performed using the proposed ontology based security pattern approach. It is the stage that security patterns derived from security expertise and fulfilling the elicited security requirements are selected and integrated in the legacy system models with the help of the proposed security ontology. The proposed approach is evaluated by the selected case study. Based on the analysis, conclusions are drawn and future research is discussed at the end of this thesis. The results show this thesis contributes an effective, reusable and suitable evolution approach for software security

Cyber Attack Surface Mapping For Offensive Security Testing

Security testing consists of automated processes, like Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST), as well as manual offensive security testing, like Penetration Testing and Red Teaming. This nonautomated testing is frequently time-constrained and difficult to scale. Previous literature suggests that most research is spent in support of improving fully automated processes or in finding specific vulnerabilities, with little time spent improving the interpretation of the scanned attack surface critical to nonautomated testing. In this work, agglomerative hierarchical clustering is used to compress the Internet-facing hosts of 13 representative companies as collected by the Shodan search engine, resulting in an average 89% reduction in attack surface complexity. The work is then extended to map network services and also analyze the characteristics of the Log4Shell security vulnerability and its impact on attack surface mapping. The results highlighted outliers indicative of possible anti-patterns as well as opportunities to improve how testers and tools map the web attack surface. Ultimately the work is extended to compress web attack surfaces based on security relevant features, demonstrating via accuracy measurements not only that this compression is feasible but can also be automated. In the process a framework is created which could be extended in future work to compress other attack surfaces, including physical structures/campuses for physical security testing and even humans for social engineering tests

Process and tool support for design patterns with safety requirements

The requirement for higher Security and Dependability (S&D) of systems is continuously increasing, even in domains tradi-tionally not deeply involved in such issues. Nowadays, many practitioners express their worries about current S&D software engineering practices. New recommendations should be considered to ground this discipline on two pillars: solid theory and proven principles. We took the second pillar towards software engineering for embedded system applications, focusing on the problem of integrating S&D by design to foster reuse. In this paper, we propose to combine design patterns and Model Driven Engineering (MDE) techniques for building component-based applications with safety requirements. The resulting modeling framework serves primarily to capture the basic concepts for specifying safety-oriented design patterns, building an S&D pattern system, and maintain safety properties, with existing modeling artifacts, during the engineering process based on the S&D pattern system. As a proof of concept, we are evaluating the feasibility of the framework through the example of the MooN pattern system for building systems having safety requirements: Communication Based Train Control (CBTC)

An Educational Framework to Support Industrial Control System Security Engineering

Industrial Control Systems (ICSs) are used to monitor and control critical infrastructure such as electricity and water. ICS were originally stand-alone systems, but are now widely being connected to corporate national IT networks, making remote monitoring and more timely control possible. While this connectivity has brought multiple benefits to ICS, such as cost reductions and an increase in redundancy and flexibility, ICS were not designed for open connectivity and therefore are more prone to security threats, creating a greater requirement for adequate security engineering approaches. The culture gap between developers and security experts is one of the main challenges of ICS security engineering. Control system developers play an important role in building secure systems; however, they lack security training and support throughout the development process. Security training, which is an essential activity in the defence-indepth strategy for ICS security, has been addressed, but has not been given sufficient attention in academia. Security support is a key means by which to tackle this challenge via assisting developers in ICS security by design. This thesis proposes a novel framework, the Industrial Control System Security Engineering Support (ICS-SES), which aims to help developers in designing secure control systems by enabling them to reuse secure design patterns and improve their security knowledge. ICS-SES adapts pattern-based approach to guide developers in security engineering, and an automated planning technique to provide adaptive on-the-job security training tailored to personal needs. The usability of ICS-SES has been evaluated using an empirical study in terms of its effectiveness in assisting the design of secure control systems and improving developers’ security knowledge. The results show that ICS-SES can efficiently help control system designers to mitigate security vulnerabilities and improve their security knowledge, reducing the difficulties associated with the security engineering process, and the results have been found to be statically significant. In summary, ICS-SES provides a unified method of supporting an ICS security by design approach. It fosters a development environment where engineers can improve their security knowledge while working in a control system production line.Libyan Embassy in London, U