Aspect-oriented security hardening of UML design models

© Springer International Publishing Switzerland 2015. This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models. The work is organized as follows: chapter 1 presents an introduction to software security, model-driven engineering, UML and aspect-oriented technologies. Chapters 2 and 3 provide an overview of UML language and the main concepts of aspect-oriented modeling (AOM) respectively. Chapter 4 explores the area of model-driven architecture with a focus on model transformations. The main approaches that are adopted in the literature for security specification and hardening are presented in chapter 5. After these more general presentations, chapter 6 introduces the AOM profile for security aspects specification. Afterwards, chapter 7 details the design and the implementation of the security weaving framework, including several real-life case studies to illustrate its applicability. Chapter 8 elaborates an operational semantics for the matching/weaving processes in activity diagrams, while chapters 9 and 10 present a denotational semantics for aspect matching and weaving in executable models following a continuation-passing style. Finally, a summary and evaluation of the work presented are provided in chapter 11. The book will benefit researchers in academia and industry as well as students interested in learning about recent research advances in the field of software security engineering

Model-Driven Aspect-Oriented Software Security Hardening

Security is of paramount importance in software engineering. Nevertheless, security solutions are generally fitted into existing software as an afterthought phase of the development process. However, given the complexity and the pervasiveness of today's software systems, adding security as an afterthought leads to huge cost in retrofitting security into the software and further can introduce additional vulnerabilities. Furthermore, security is a crosscutting concern that pervades the entire software. Consequently, the manual addition of security solutions may result in the scattering and the tangling of security features throughout the entire software design. Additionally, adding security manually is tedious and generally may lead to other security flaws. In this context, the need for a systematic approach to integrate security practices into the early phases of the software development process becomes crucial. In this thesis, we elaborate an aspect-oriented modeling framework for software security hardening at the UML design level. More precisely, the main contributions of our research are the following: (i) We define a UML profile for the specification of security hardening mechanisms as aspects. (ii) We design and implement a weaving framework for the systematic injection of security aspects into UML design models. (iii) We explore the theoretical foundations for aspect matching and weaving. (iv) We conduct real-life case studies to demonstrate the viability and the scalability of the proposed framework

Tools for model-based security engineering: models vs. code

We present tools to support model-based security engineering on both the model and the code level. In the approach supported by these tools, one firstly specifies the security-critical part of the system (e.g. a crypto protocol) using the UML security extension UMLsec. The models are automatically verified for security properties using automated theorem provers. These are implemented within a framework that supports implementing verification routines, based on XMI output of the diagrams from UML CASE tools. Advanced users can use this open-source framework to implement verification routines for the constraints of self-defined security requirements. In a second step, one verifies that security-critical parts of the model are correctly implemented in the code (which might be a legacy implementation), and applies security hardening transformations where is that not the case. This is supported by tools that (1) establish traceability through refactoring scripts and (2) modularize security hardening ad-vices through aspect-oriented programming. The proposed method has been applied to an open-source implementation of a cryptographic protocol implementation (Jessie)in Java to build up traceability mappings and security aspects. In that application, we found a security weakness which could be fixed using our approach. The resulting refactoring scripts and security aspects have found reusability in the Java Secure Socket Extension (JSSE) library

Model-to-model transformation approach for systematic integration of security aspects into UML 2.0 design models

Security is a challenging task in software engineering. Traditionally, security concerns are considered as an afterthought to the development process and thus are fitted into pre-existing software without the consideration of whether this would jeopardize the main functionality of the software or even produce additional vulnerabilities. Enforcing security policies should be taken care of during early phases of the software development life cycle in order to decrease the development costs and reduce the maintenance time. In addition to cost saving, this way of development will produce more reliable software since security related concepts will be considered in each step of the design. Similarly, the implications of inserting such mechanisms into the existing system's requirements will be considered as well. Since security is a crosscutting concern that pervades the entire software, integrating security solutions at the software design level may result in the scattering and tangling of security features throughout the entire design. Additionally, traditional hardening approaches are tedious and error-prone as they involve manual modifications. In this context, the need for a systematic way to integrate security concerns into the process of developing software becomes crucial. In this thesis, we define an aspect-oriented modeling approach for specifying and integrating security concerns into UML design models. The proposed approach makes use of the expertise of the software security specialist by providing him with the means to specify generic UML aspects that are going to be incorporated "weaved" into the developers' models. Model transformation mechanisms are instrumented in order to have an efficient and a fully automatic weaving process

Traceability for the maintenance of secure software

Traceability links among different software engineering artifacts make explicit how a software system was implemented to accommodate its requirements. For secure and dependable software system development, one must ensure the linked entities are truly traceable to each other and the links are updated to reflect true traceability among changed entities. However, traditional traceability relationships link recovery techniques are not accurate enough. To address this problem, we propose a traceability technique based on refactoring, which is then continuously integrated with other software maintenance activities. Applying our traceability technique to the proven SSL protocol design, we found a significant vulnerability bug in its open-source implementation. The results also demonstrate the level of accuracy and change resilience of our technique that enable reuse of the traceability-related analysis on different implementations

Aspect-Oriented Modeling for Representing and Integrating Security Aspects in UML Models

Security is a challenging task in software engineering. Traditionally, addressing security concerns are considered as an afterthought to the development process and security mechanisms are fitted into pre-existing software without considering the consequences on the main functionality of the software. Enforcing security policies should be taken care of during early phases of the software development life cycle; this benefits the development costs and reduces the maintenance time. In addition to cost saving, this encourages development of reliable software. Since security related concepts will be considered in each step of the design, the implications of inserting such concepts into the existing system requirements will help mitigate the defects and vulnerabilities present in the system. Although integrating security solutions into every stage of the software development cycle, results in scattering and tangling of security features across the entire design. The traditional security hardening approaches are tedious and prone to many errors as they involve manual modifications. In this context, the need for a systematic way to integrate security aspects/mechanisms into the design phase of the development cycle should be considered. In this work, an aspect-oriented modeling approach for specifying and integrating security aspects in to Unified Modeling Language (UML) design model is presented. This approach allows the security experts to specify generic security aspects and weave them into target software base model early in the software development phase. In contrast to traditional approaches, model-to-model transformation mechanisms discussed in this approach are designed to have an efficient and a fully automatic weaving process. This work further discusses additional components that are introduced into the weaving process. These newly introduced components allow the security experts to provide more appropriate security hardening concepts. Furthermore, the additional components are designed based on object-oriented principles and allow the security experts to exercise these principles in the model-to-model transformation. The additions to the weaver application are tested using the Session Initiation Protocol (SIP) communicator as a base model. The description of the additional components and the results of testing of the weaving process are discussed further in this thesis

The effects of education on students' perception of modeling in software engineering

Models in software engineering bring significant potential in improvements of productivity of engineers, and improved quality of the artifacts they produce. Despite this significant potential, modeling adoption in practice remains rather low. Computer Science and software engineering curriculums may be one factor that causes this low adoption. In this study, we investigate the effects of education on students’ perception of modeling. We conducted a survey in three separate institutions, in Canada, Israel, and the U.S. The survey covers various aspects of modeling and addresses students ranging from a first year in undergraduate studies until final years in graduate studies. The survey’s findings suggest that the perception of undergraduate students towards modeling declines as they progress in their studies. While graduate students tend to be more favorable of modeling, their perception also declines over the years. The results also suggest that students prefer more modeling content to be integrated earlier in the curriculum