13 research outputs found

    Evaluating & engineering

    Get PDF
    On a regular basis, we learn about well-known online services that have been misused or compromised by data theft. As insecure applications pose a threat to the users' privacy as well as to the image of companies and organizations, it is absolutely essential to adequately secure them from the start of the development process. Often, reasons for vulnerable applications are related to the insufficient knowledge and experience of involved parties, such as software developers. Unfortunately, they rarely (a) have a comprehensive view of the security-related decisions that should be made, or (b) know how these decisions precisely affect the implementation. A vital decision is the selection of tools and methods that can best support a particular situation in order to shield an application from vulnerabilities. Despite of the level of security that arises from complying with security standards, both reasons inadvertently lead to software that is not secured sufficiently. This thesis tackles both problems. Firstly, in order to know which decision should be made, it is crucial to be aware of security properties, vulnerabilities, threats, security engineering methods, notations, and tools (so-called knowledge objects). Thereby, it is not only important to know which knowledge objects exist, but also how they are related to each other and which attributes they have. Secondly, security decisions made for web applications can have an effect on source code of various components as well as on configuration files of web servers or external protection measures like firewalls. The impact of chosen security measures (i.e., employed methods) can be documented using a modeling approach that provides web-specific modeling elements. Our approach aims to support the conscious construction of secure web applications. Therefore, we develop modeling techniques to represent knowledge objects and to design secure web applications. Our novel conceptual framework SecEval is the foundation of this dissertation. It provides an expandable structure for classifying vulnerabilities, threats, security properties, methods, notations and tools. This structure, called Security Context model, can be instantiated to express attributes and relations, as e.g., which tools exist to support a certain method. Compared with existing approaches, we provide a finer-grained structure that considers security and adapts to the phases of the software development process. In addition to the Security Context model, we define a documentation scheme for the collection and analysis of relevant data. Apart from this domain-independent framework, we focus on secure web applications. We use SecEvalsSecContextM as a basis for a novel Secure Web Applications' Ontology (SecWAO), which serves as a knowledge map. By providing a systematic overview, SecWAO supports a common understanding and supports web engineers who want to systematically specify security requirements or make security-related design decisions. Building on our experience with SecWAO, we further extend the modeling approach UML-based Web Engineering (UWE) by means to model security aspects of web applications. We develop UWE in a way that chosen methods, such as (re)authentication, secure connections, authorization or Cross-Site-Request-Forgery prevention, can be linked to the model of a concrete web application. In short, our approach supports software engineers throughout the software development process. It comprises (1) the conceptual framework SecEval to ease method and tool evaluation, (2) the ontology SecWAO that gives a systematic overview of web security and (3) an extension of UWE that focuses on the development of secure web applications. Various case studies and tools are presented to demonstrate the applicability and extensibility of our approach.Regelmäßig wird von erfolgreichen Angriffen auf Daten und Funktionen bekannter Onlinedienste berichtet. Da unsichere Anwendungen nicht nur eine Bedrohung für die Privatsphäre ihrer Nutzer, sondern auch eine Gefahr für das Image der betroffenen Unternehmen und Organisationen darstellen, ist es unverzichtbar, Anwendungen von Anfang an ausreichend zu schützen. Zwei Gründe für unsichere Anwendungen sind, dass die Beteiligten, wie z.B. Softwareentwickler, nur selten (a) vollständig überblicken, welche sicherheitsbezogenen Entscheidungen getroffen werden müssten oder (b) wissen, welche Auswirkungen diese konkret auf die Implementierung haben. Eine kritische Entscheidung ist die Auswahl von Werkzeugen und Methoden, die in einer bestimmten Situation von Nutzen sein könnten, um die Anwendung vor Schwachstellen zu schützen. Diese Gründe führen - trotz punktuellem Schutz durch das Vorgehen nach IT-Sicherheitsstandards - ungewollt zu Software, die nicht entsprechend ihres Schutzbedarfs abgesichert ist. Die vorliegende Arbeit nimmt sich beider Probleme an. Einerseits ist für die Entscheidungsfindung ein Verständnis von sogenannten "Wissensobjekten", wie Schwachstellen, Bedrohungen, Sicherheitseigenschaften, sicherheitsrelevanten Methoden, Notationen und Werkzeugen essentiell. Dafür ist nicht nur eine Bestandsaufnahme existierender Wissensobjekte wichtig, sondern auch deren Eigenschaften und Zusammenhänge untereinander. Andererseits können sicherheitsrelevante Entscheidungen für Webanwendungen sowohl Auswirkungen auf Quellcodes verschiedener Softwarekomponenten haben, als auch auf Konfigurationsdateien von Webservern oder auf Schutzmaßnahmen wie Firewalls. Mit einem Modellierungsansatz, der webspezifische Modellierungselemente beinhaltet, ist es möglich Sicherheitsmaßnahmen zu dokumentieren. Das Ziel der vorliegenden Arbeit ist es, die bewusste Absicherung sicherheitskritischer Webanwendungen zu unterstützen. Dazu werden Modellierungstechniken zur Darstellung von Wissensobjekten und zum sicheren Webanwendungsdesign entwickelt. Die Basis bildet unser konzeptionelles Framework SecEval. Es beinhaltet eine erweiterbare Struktur für Schwachstellen, Bedrohungen, Sicherheitseigenschaften, Methoden, Notationen und Werkzeuge. Diese Struktur (das sog. Kontextmodell) kann instanziiert werden, um Eigenschaften und Zusammenhänge darzustellen, z.B. Werkzeuge, die eine bestimmte Methode unterstützen. Im Vergleich zu existierenden Arbeiten wird eine detailliertere Struktur aufgebaut, die Sicherheit berücksichtigt und die Phasen des Softwareentwicklungsprozesses mit einbezieht. Zusätzlich zu dem Kontextmodell wird ein Dokumentationsschema zur Sammlung und Analyse passender Daten definiert. Abgesehen von SecEval, das nicht domänenspezifisch ist, liegt der Fokus auf dem Bereich sicherer Webanwendungen. Genutzt wird SecEvals Kontextmodell unter anderem als Basis für die SecWAO-Ontologie - einer Art Wissenslandkarte der Webanwendungssicherheit. SecWAO bietet eine einheitliche Kommunikationsgrundlage und unterstützt Webentwickler, die systematisch Sicherheitsanforderungen spezifizieren oder Designentscheidungen treffen wollen. Aufbauend auf der Struktur von SecWAO wird der Modellierungsansatz UML-based Web Engineering (UWE) mit Elementen zur Dokumentation von Sicherheitsaspekten erweitert. Auf diese Art können ausgewählte Methoden wie z.B. (Re)authentifikation, sichere Verbindungen, Autorisierung oder die Verhinderung von Cross-Site-Request-Forgery direkt in Bezug zur modellierten Webanwendung gesetzt werden. Zusammengefasst unterstützt der vorgestellte Ansatz Softwareentwickler während des Entwicklungsprozesses und umfasst (1) das konzeptionelle Framework SecEval, das die Evaluation von Methoden und Werkzeugen vereinfacht, (2) die Ontologie SecWAO, die einen systematischen Überblick über Websicherheit gibt und (3) eine Erweiterung von UWE für sichere Webanwendungen. Verschiedene Fallstudien und Werkzeuge werden vorgestellt, die die Anwendbarkeit und Erweiterbarkeit des Ansatzes zu veranschaulichen

    Development of service-oriented architectures using model-driven development : a mapping study

    Get PDF
    Context: Model-Driven Development (MDD) and Service-Oriented Architecture (SOA) are two challenging research areas in software engineering. MDD is about improving software development whilst SOA is a service-based conceptual development style, therefore investigating the available proposals in the literature to use MDD when developing SOA may be insightful. However, no studies have been found with this purpose. Objective: This work aims at assessing the state of the art in MDD for SOA systems. It mainly focuses on: what are the characteristics of MDD approaches that support SOA; what types of SOA are supported; how do they handle non-functional requirements. Method: We conducted a mapping study following a rigorous protocol. We identified the representative set of venues that should be included in the study. We applied a search string over the set of selected venues. As result, 129 papers were selected and analysed (both frequency analysis and correlation analysis) with respect to the defined classification criteria derived from the research questions. Threats to validity were identified and mitigated whenever possible. Results: The analysis allows us to answer the research questions. We highlight: (1) predominance of papers from Europe and written by researchers only; (2) predominance of top-down transformation in software development activities; (3) inexistence of consolidated methods; (4) significant percentage of works without tool support; (5) SOA systems and service compositions more targeted than single services and SOA enterprise systems; (6) limited use of metamodels; (7) very limited use of NFRs; and (8) limited application in real cases. Conclusion: This mapping study does not just provide the state of the art in the topic, but also identifies several issues that deserve investigation in the future, for instance the need of methods for activities other than software development (e.g., migration) or the need of conducting more real case studies.Peer ReviewedPostprint (author's final draft

    UML-SOA-Sec and Saleem's MDS Services Composition Framework for Secure Business Process Modelling of Services Oriented Applications

    Get PDF
    In Service Oriented Architecture (SOA) environment, a software application is a composition of services, which are scattered across enterprises and architectures. Security plays a vital role during the design, development and operation of SOA applications. However, analysis of today's software development approaches reveals that the engineering of security into the system design is often neglected. Security is incorporated in an ad-hoc manner or integrated during the applications development phase or administration phase or out sourced. SOA security is cross-domain and all of the required information is not available at downstream phases. The post-hoc, low-level integration of security has a negative impact on the resulting SOA applications. General purpose modeling languages like Unified Modeling Language (UML) are used for designing the software system; however, these languages lack the knowledge of the specific domain and "security" is one of the essential domains. A Domain Specific Language (DSL), named the "UML-SOA-Sec" is proposed to facilitate the modeling of security objectives along the business process modeling of SOA applications. Furthermore, Saleem's MDS (Model Driven Security) services composition framework is proposed for the development of a secure web service composition

    UML-SOA-Sec and Saleem’s MDS Services Composition Framework for Secure Business Process Modelling of Services Oriented Applications

    Get PDF
    In Service Oriented Architecture (SOA) environment, a software application is a composition of services, which are scattered across enterprises and architectures. Security plays a vital role during the design, development and operation of SOA applications. However, analysis of today’s software development approaches reveals that the engineering of security into the system design is often neglected. Security is incorporated in an ad-hoc manner or integrated during the applications development phase or administration phase or out sourced. SOA security is cross-domain and all of the required information is not available at downstream phases. The post-hoc, low-level integration of security has a negative impact on the resulting SOA applications. General purpose modeling languages like Unified Modeling Language (UML) are used for designing the software system; however, these languages lack the knowledge of the specific domain and “security” is one of the essential domains. A Domain Specific Language (DSL), named the “UML-SOA-Sec” is proposed to facilitate the modeling of security objectives along the business process modeling of SOA applications. Furthermore, Saleem’s MDS (Model Driven Security) services composition framework is proposed for the development of a secure web service composition

    A Privacy-Aware Access Control Model for Distributed Network Monitoring

    No full text
    International audienceIn this paper, we introduce a new access control model that aims at addressing the privacy implications surrounding network monitoring. In fact, despite its importance, network monitoring is natively leakage-prone and, moreover, this is exacerbated due to the complexity of the highly dynamic monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. Conceived on the basis of data protection legislation, the proposed approach is grounded on a rich in expressiveness information model, that captures all the underlying monitoring concepts along with their associations. The model enables the specification of contextual authorisation policies and expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules at any level of abstraction and in enabling a verification procedure, which results in inherently privacy-aware workflows, thus fostering the realisation of the Privacy by Design vision

    Engineering security into distributed systems: a survey of methodologies

    Get PDF
    Rapid technological advances in recent years have precipitated a general shift towards software distribution as a central computing paradigm. This has been accompanied by a corresponding increase in the dangers of security breaches, often causing security attributes to become an inhibiting factor for use and adoption. Despite the acknowledged importance of security, especially in the context of open and collaborative environments, there is a growing gap in the survey literature relating to systematic approaches (methodologies) for engineering secure distributed systems. In this paper, we attempt to fill the aforementioned gap by surveying and critically analyzing the state-of-the-art in security methodologies based on some form of abstract modeling (i.e. model-based methodologies) for, or applicable to, distributed systems. Our detailed reviews can be seen as a step towards increasing awareness and appreciation of a range of methodologies, allowing researchers and industry stakeholders to gain a comprehensive view of the field and make informed decisions. Following the comprehensive survey we propose a number of criteria reflecting the characteristics security methodologies should possess to be adopted in real-life industry scenarios, and evaluate each methodology accordingly. Our results highlight a number of areas for improvement, help to qualify adoption risks, and indicate future research directions.Anton V. Uzunov, Eduardo B. Fernandez, Katrina Falkne

    A Security Language for BPMN Process Models

    Get PDF

    Automatic tactical network node configuration with XML and SNMP, Journal of Telecommunications and Information Technology, 2008, nr 2

    Get PDF
    In the paper, we describe a "plug-and-play" configuration of nodes of a tactical network on the basis of XML configuration templates and a network plan, developed during the network planning process. We present the concept of a configuration repository, an XML-based database that stores network structure and configuration data, and describe how the Simple Network Management Protocol is used to apply the settings to network devices. We also comment on a possible use of the next-generation NETCONF protocol for such a task
    corecore