11 research outputs found
ACADA: Access Control-driven Architecture with Dynamic Adaptation
Programmers of relational database applications use software solutions (Hibernate, JDBC, LINQ, ADO.NET) to ease the development process of business tiers. These software
solutions were not devised to address access control policies, much less for evolving access control policies, in spite of their
unavoidable relevance. Currently, access control policies, whenever implemented, are enforced by independent components leading to a separation between policies and their enforcement. This paper proposes a new approach based on an architectural model referred to here as the Access Controldriven
Architecture with Dynamic Adaptation (ACADA).
Solutions based on ACADA are automatically built to statically enforce access control policies based on schemas of Create, Read, Update and Delete (CRUD) expressions. Then, CRUD expressions are dynamically deployed at runtime driven by established access control policies. Any update in the policies is followed by an adaptation process to keep access control mechanisms aligned with the policies to be enforced. A proof of concept based on Java and Java Database Connectivity
(JDBC) is also presented
Software Technology Maturation and Software Security
Software technology maturation, also referred to as technology transfer, is as difficult as it is rare, mostly because of the time scale involved. Software maturation is defined as the process of taking a piece of technology from conception to popularization. Frequently, software engineers and developers tend to oversimplify the problems of technology transfer. They attribute problems to management pressures that complicate the use of software-engineering practices. However, a good understanding of the processes and problems is necessary to effectively tackle the technology-transfer problem. Without that understanding, the transfer of inappropriate technology to an organization without the maturity to understand and absorb it is likely to do harm, rather than to bring benefits. This research aims to answer two research questions regarding the technology maturation. Namely, is Redwine and Riddle's "Software Technology Maturation" study the accepted and gold standard within the software engineering discipline for assessing the maturation of software technology? Secondly, can the software technology maturation study be applied to other areas of software technology? The purpose of this research is to answer these questions of interest which will serve as the basis for the second implementation; applying the Redwine and Riddle criteria to the comparatively young discipline of software security. The primary goal for the second implementation is to explore and extend the second research question and demonstrate the maturity phases for the field of software security
Uml-based modeling of non-functional requirements in telecommunication systems. In:
Abstract-Successful design of real-time embedded systems relies heavily on the successful satisfaction of their non-functional requirements. Model-driven engineering is a promising approach for coping with the design complexity of embedded systems. However, when it comes to modeling non-functional requirements and covering specific aspects of different domains and types of embedded systems, general modeling languages for real-time embedded systems may not be able to cover all of these aspects. One solution is to use a combination of modeling languages for modeling different non-functional requirements as is done in the definition of EAST-ADL modeling language for automotive domain. In this paper, we propose a UML-based solution, consisting of different modeling languages, to model non-functional requirements in telecommunication domain, and discuss different challenges and issues in the design of telecommunication systems that are related to these requirements
Requirements Engineering of Context-Aware Applications
Context-aware computing envisions a new generation of smart applications that have the ability to perpetually sense the user’s context and use these data to make adaptation decision in response to changes in the user’s context so as to provide timely and personalized services anytime and anywhere. Unlike the traditional distribution systems where the network topology is fixed and wired, context-aware computing systems are mostly based on wireless communication due to the mobility of the network nodes; hence the network topology is not fixed but changes dynamically in an unpredictable manner as nodes join and the leave network, in addition to the fact that wireless communication is unstable. These factors make the design and development of context-aware computing systems much more challenging, as the system requirements change depending on the context of use. The Unified Modelling Language (UML) is a graphical language commonly used to specify, visualize, construct, and document the artefacts of software-intensive systems. However, UML is an all-purpose modelling language and does not have notations to distinguish context-awareness requirements from other system requirements. This is critical for the specification, visualization, construction and documentation of context-aware computing systems because context-awareness requirements are highly important in these systems. This thesis proposes an extension of UML diagrams to cater for the specification, visualization, construction and documentation of context-aware computing systems where new notations are introduced to model context-awareness requirements distinctively from other system requirements. The contributions of this work can be summarized as follows: (i) A context-aware use case diagram is a new notion which merges into a single diagram the traditional use case diagram (that describes the functions of an application) and the use context diagram, which specifies the context information upon which the behaviours of these functions depend. (ii) A Novel notion known as a context-aware activity diagram is presented, which extends the traditional UML activity diagrams to enable the representation of context objects, context constraints and adaptation activities. Context constraints express conditions upon context object attributes that trigger adaptation activities; adaptation activities are activities that must be performed in response to specific changes in the system’s context. (iii) A novel notion known as the context-aware class diagram is presented, which extends the traditional UML class diagrams to enable the representation of context information that affect the behaviours of a class. A new relationship, called utilisation, between a UML class and a context class is used to model context objects; meaning that the
behaviours of the UML class depend upon the context information represented by the context class. Hence a context-aware class diagram is a rich and expressive language that distinctively depicts both the structure of classes and that of the contexts upon which they depend. The pragmatics of the proposed approach are demonstrated using two real-world case studies
Model-to-model transformation approach for systematic integration of security aspects into UML 2.0 design models
Security is a challenging task in software engineering. Traditionally, security concerns are considered as an afterthought to the development process and thus are fitted into pre-existing software without the consideration of whether this would jeopardize the main functionality of the software or even produce additional vulnerabilities. Enforcing security policies should be taken care of during early phases of the software development life cycle in order to decrease the development costs and reduce the maintenance time. In addition to cost saving, this way of development will produce more reliable software since security related concepts will be considered in each step of the design. Similarly, the implications of inserting such mechanisms into the existing system's requirements will be considered as well. Since security is a crosscutting concern that pervades the entire software, integrating security solutions at the software design level may result in the scattering and tangling of security features throughout the entire design. Additionally, traditional hardening approaches are tedious and error-prone as they involve manual modifications. In this context, the need for a systematic way to integrate security concerns into the process of developing software becomes crucial. In this thesis, we define an aspect-oriented modeling approach for specifying and integrating security concerns into UML design models. The proposed approach makes use of the expertise of the software security specialist by providing him with the means to specify generic UML aspects that are going to be incorporated "weaved" into the developers' models. Model transformation mechanisms are instrumented in order to have an efficient and a fully automatic weaving process
Modeling of Security Measurement (Metrics) in an Information System
Security metrics and measurement is a sub-field of broader information security field. This field
is not new but it got very least and sporadic attention as a result of which it is still in its early
stages. The measurement and evaluation of security now became a long standing challenge to the
research community. Much of the focus remained towards devising and the application of new
and updated protection mechanisms. Measurements in general act as a driving force in decision
making. As stated by Lord Kelvin “if you cannot measure it then you cannot improve it”. This
principle is also applicable to security measurement of information systems. Even if the
necessary and required protection mechanisms are in place still the level of security remains
unknown, which limits the decision making capabilities to improve the security of a system.
With the increasing reliance on these information systems in general and software systems in
particular security measurement has become the most pressing requirement in order to promote
and develop the security critical systems in the current networked environment. The resultant
indicators of security measurement preferably the quantative indicators act as a basis for the
decision making to enhance the security of overall system.
The information systems are comprised of various components such as people, hardware, data,
network and software. With the fast growing reliance on the software systems, the research
reported in this thesis aims to provide a framework using mathematical modeling techniques for
evaluation of security of the software systems at the architectural and design phase of the system
lifecycle and the derived security metrics on a controlled scale from the proposed framework.
The proposed security evaluation framework is independent of the programing language and the
platform used in developing the system and also is applicable from small desktop application to
large complex distributed software. The validation process of security metrics is the most
challenging part of the security metrics field. In this thesis we have conducted the exploratory
empirical evaluation on a running system to validate the derived security metrics and the
measurement results. To make the task easy we have transformed the proposed security evaluation into algorithmic form which increased the applicability of the proposed framework
without requiring any expert security knowledge.
The motivation of the research is to provide the software development team with a tool to
evaluate the level of security of each of the element of the system and the overall system at the
early development stages of the system life cycle. In this regard three question “What is to be
measured?”, “where (in the system life cycle) to measure?” and “how to measure?” have been
answered in the thesis.
Since the field of security metrics and measurements is still in the its early stages, the first part of
the thesis investigates and analyzes the basic terminologies , taxonomies and major efforts made
towards security metrics based on the literature survey.
Answering the second question “Where (in the system life cycle) to measure security”, the
second part of the thesis analyzes the secure software development processes (SSDPs) followed
and identifies the key stages of the system’s life cycle where the evaluation of security is
necessary.
Answering the question 1 and 2, “What is to be measured “and “How to measure”, third part of
the thesis presents a security evaluation framework aimed at the software architecture and design
phase using mathematical modeling techniques. In the proposed framework, the component
based architecture and design (CBAD) using UML 2.0 component modeling techniques has been
adopted. Further in part 3 of the thesis present the empirical evaluation of the proposed
framework to validate and analyze the applicability and feasibility of the proposed security
metrics. Our effort is to get the focus of the software development community to focus on the
security evaluation in the software development process in order to take the early decisions
regarding the security of the overall system
Multilevel security : systemer med gradert informasjonsflyt
Masteroppgave i informasjons- og kommunikasjonsteknologi 2005 - Høgskolen i Agder, GrimstadI forbindelse med utviklingen og innføringen av et Felles Integrert Forvaltningssystem (FIF),
trenger Forsvaret en løsning for sikker gradert informasjonsflyt. Et begrep som omhandler
denne problematikken er Multilevel Security, som har vært et viktig tema i
forsvarssammenheng siden begynnelsen pĂĄ syttitallet. Til tross for at Multilevel Security har
vært et tema i snart førti år, foreligger det fortsatt ingen fullverdig løsning for bruk i
forsvarssammenheng.
Med bakgrunn i dette har vi kartlagt situasjonen innen Multilevel Security, og redegjort for
ulike teorier og strategier pĂĄ omrĂĄdet. Oppgaven er videre delt inn i tre delproblemer. Det
første dreier seg om hvilke sikkerhetskrav som vedrører Multilevel Security, det andre tar for
seg kartlegging av teorier, strategier og realiserte systemer innen Multilevel Security, og det
siste dreier seg om konsekvenser ved en eventuell implementering av Multilevel Security i
Forsvaret.
Selv om oppgaven primært er skrevet for Forsvaret, kan mange av funnene være av interesse
for andre. Det kan for eksempel være private eller offentlige bedrifter som har behov for
informasjonsflyt med sensitive opplysninger.
Resultatene fra det første delproblemet viser at Sikkerhetsloven og NATOs
sikkerhetsbestemmelser setter grenser for, og stiller krav til, sammenkoblinger av systemer
med forskjellige graderingsnivåer. Dette er trolig den største utfordringen med tanke på en
eventuell innføring av Multilevel Security i Forsvaret. Videre må Multilevel Securitysystemer
tilfredsstille evaluerings- og sertifiseringskrav i Common Criteria. Dette er etter vĂĄr
mening med på å dempe viljen til å utvikle og innføre nye Multilevel Security-systemer. Vi
konkluderer med at gjeldende krav og evalueringskriterier mĂĄ endres, for at Multilevel
Security noensinne skal kunne innføres i Forsvaret.
I det andre delproblemet har vi har valgt ut seks modeller, en strategi og en metode. Disse
representerer et historisk snitt fra den første Multilevel Security-modellen fra 1973, til en
aktuell metodisk prosess fra slutten av nittitallet. Vi har sammenliknet modellene, strategien
og metoden i et rammeverk, der vi har sett på hvilke egenskaper som vedrører modellene.
Videre har vi presentert et utvalg av realiserte Multilevel Security-systemer. Mange av disse
systemene er bygd pĂĄ den klassiske Bell-LaPadula-modellen. Det finnes imidlertid fĂĄ nye
systemer, og vi etterlyser derfor en ny formell modell. Denne mĂĄ tilpasses dagens teknologi
og krav, og veilede utviklingen av fremtidige Multilevel Systemer.
I det tredje delproblemet har vi kommet frem til at Multilevel Security trolig vil forenkle og
effektivisere arbeidsdagen til de ansatte. De ansatte vil sannsynligvis få mer tid til å utføre
sine primærfunksjoner, i stedet for å bruke tid på å skifte mellom systemer. Samtidig vil en innføring av et Multilevel Security-system sette høye krav til brukerne, siden et slikt system
ikke innehar noen fysisk sperring mellom graderingsnivåene. En eventuell innføring av
Multilevel Security i Forsvaret vil bli svært kostbart, med tanke på implementering og
opplæring. Vi mener imidlertid en slik investering vil bli lønnsom over tid
A Graphical Approach to Security Risk Analysis
"The CORAS language is a graphical modeling language used to support the security analysis process with its customized diagrams. The language has been developed within the research project "SECURIS" (SINTEF ICT/University of Oslo), where it has been applied and evaluated in seven major industrial field trials.
Experiences from the field trials show that the CORAS language has contributed to a more actively involvement of the participants, and it has eased the communication within the analysis group. The language has been found easy to understand and suitable for presentation purposes.
With time we have become more and more dependent on various kinds of computerized systems. When the complexity of the systems increases, the number of security risks is likely to increase. Security analyses are often considered complicated and time consuming. A well developed security analysis method should support the analysis process by simplifying communication, interaction and understanding between the participants in the analysis.
This thesis describes the development of the CORAS language that is particularly suited for security analyses where "structured brainstorming" is part of the process. Important design decisions are based on empirical investigations. The thesis has resulted in the following artifacts:
- A modeling guideline that explains how to draw the different kind of diagrams for each step of the analysis.
- Rules for translation which enables consistent translation from graphical diagrams to text.
- Concept definitions that contributes to a consistent use of security analysis terms.
- An evaluation framework to evaluate and compare the quality of security analysis modeling languages.
Foundations of Security Analysis and Design III, FOSAD 2004/2005- Tutorial Lectures
he increasing relevance of security to real-life applications, such as electronic commerce and Internet banking, is attested by the fast-growing number of research groups, events, conferences, and summer schools that address the study of foundations for the analysis and the design of security aspects. This book presents thoroughly revised versions of eight tutorial lectures given by leading researchers during two International Schools on Foundations of Security Analysis and Design, FOSAD 2004/2005, held in Bertinoro, Italy, in September 2004 and September 2005. The lectures are devoted to: Justifying a Dolev-Yao Model under Active Attacks, Model-based Security Engineering with UML, Physical Security and Side-Channel Attacks, Static Analysis of Authentication, Formal Methods for Smartcard Security, Privacy-Preserving Database Systems, Intrusion Detection, Security and Trust Requirements Engineering
MAC and UML for secure software design
Security must be a first class citizen in the design of large scale, interacting, software applications, at early and all stages of the lifecycle, for accurate and precise policy definition, authorization, authentication, enforcement, and assurance. One of the dominant players in software design is the unified modeling language, UML, a language for specifying, visualizing, constructing and documenting software artifacts. In UML, diagrams provide alternate perspectives for different stakeholders, e.g.: use case diagrams for the interaction of users with system components, class diagrams for the static classes and relationships among them, and sequence diagrams for the dynamic behavior of instances of the class diagram. However, UML's support for the definition of security requirements for these diagrams and their constituent elements (e.g., actors, systems, use cases, classes, instances, include/extend/generalize relationships, methods, data, etc.) is lacking. In this paper, we address this issue by incorporating mandatory access control (MAC) into use case, class, and sequence diagrams, providing support for the definition of clearances and classifications for relevant UML elements. In addition, we provide a framework for security assurance as users are defining and evolving use case, class, and sequence diagrams, bridging the gap between software engineers and an organization's security personnel in support of secure software design. To demonstrate the feasibility and utility of our work on secure software design, our MAC enhancements for UML have been integrated into Borland's Together Control Center Environment