Tool support for code generation from a UMLsec property

This demo presents a tool to generate code from verified Role-Based Access Control properties defined using UMLsec. It can either generate Java code, or generate Java code for the UML model and AspectJ code for enforcing said RBAC properties. Both approaches use the Java Authentication and Authorization Service (JAAS) to enforce access control

A UML-based static verification framework for security

Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language

Visual Model-Driven Design, Verification and Implementation of Security Protocols

A novel visual model-driven approach to security protocol design, verification, and implementation is presented in this paper. User-friendly graphical models are combined with rigorous formal methods to enable protocol verification and sound automatic code generation. Domain-specific abstractions keep the graphical models simple, yet powerful enough to represent complex, realistic protocols such as SSH. The main contribution is to bring together aspects that were only partially available or not available at all in previous proposal

Role-Based Access-Control for Databases

Liikudes üha enam paberivaba ari suunas, hoitakse üha enam tundlikku informatsiooni andmebaasides. Sellest tulenevalt on andmebaasid ründajatele väärtuslik sihtmärk. Levinud meetod andmete kaitseks on rollipõhine ligipääsu kontroll (role-based access control), mis piirab süsteemi kasutajate õiguseid vastavalt neile omistatud rollidele. Samas on turvameetmete realiseerimine arendajate jaoks aeganõudev käsitöö, mida teostatakse samaaegselt rakenduse toimeloogika realiseerimisega. Sellest tulenevalt on raskendatud turva vajaduste osas kliendiga läbirääkimine projekti algfaasides. See omakorda suurendab projekti reaalsete arenduskulude kasvamise riski, eriti kui ilmnevad turvalisuse puudujäägid realisatsioonis. Tänapäeva veebirakendustes andmebaasi ühenduste puulimine (connec-tion pooling ), kus kasutatakse üht ja sama ühendust erinevate kasutajate teenindamiseks, rikub vähima vajaliku õiguse printsiipi. Kõikidel ühendunud kasutajatel on ligipääs täpselt samale hulgale andmetele, mille tulemusena võib lekkida tundlik informatsioon (näiteks SQLi süstimine (SQL injection ) või vead rakenduses). Lahenduseks probleemile pakume välja vahendid rollipõhise ligipääsu kontorolli disainimiseks tarkvara projekteerimise faasis. Rollipõhise ligipääsu kontorolli modelleerimiseks kasutame UML'i laiendust SecureUML. Antud mudelist on võimalik antud töö raames valminud vahenditega genereerida koodi, mis kontrollib ligipääsu õiguseid andmebaasi tasemel. Antud madaltasemekontroll vähendab riski, et kasutajad näevad andmeid, millele neil ligipääsu õigused puuduvad. Antud töös läbiviidud uuring näitas, et mudelipõhine turvalisuse arendamise kvaliteet on kõrgem võrreldes programmeerijate poolt kirjutatud koodiga. Kuna turvamudel on loodud projekteerimise faasis on selle semantiline täielikkus ja korrektsus kõrge, millest tulenevalt on seda kerge lugeda ja muuta ning seda on lihtsam kasutada arendajate ja klientide vahelises suhtluses.With the constant march towards a paperless business environment, database systems are increasingly being used to hold more and more sensitive information. This means they present an increasingly valuable target for attackers. A mainstream method for information system security is Role-based Access Control (RBAC), which restricts system access to authorised users. However the implementation of the RBAC policy remains a human intensive activity, typically, performed at the implementation stage of the system development. This makes it difficult to communicate security solutions to the stakeholders earlier and raises the system development cost, especially if security implementation errors are detected. The use of connection pooling in web applications, where all the application users connect to the database via the web server with the same database connection, violates the the principle of minimal privilege. Every connected user has, in principle, access to the same data. This may leave the sensitive data vulnerable to SQL injection attacks or bugs in the application. As a solution we propose the application of the model-driven development to define RBAC mechanism for data access at the design stages of the system development. The RBAC model created using the SecureUML approach is automatically translated to source code, which implements the modelled security rules at the database level. Enforcing access-control at this low level limits the risk of leaking sensitive data to unauthorised users. In out case study we compared SecureUML and the traditional security model, written as a source code, mixed with business logic and user-interface statements. The case study showed that the model-driven security development results in significantly better quality for the security model. Hence the security model created at the design stage contains higher semantic completeness and correctness, it is easier to modify and understand, and it facilitates a better communication of security solutions to the system stakeholders than the security model created at the implementation stage

UMLsec4UML2 - Adopting UMLsec to Support UML2

In this paper, we present an approach to adopt UMLsec, which is defined for UML 1.5, to support the current UML version 2.3. The new profile UMLsec4UML2 is technically constructed as a UML profile diagram, which is equipped with a number of integrity conditions expressed using OCL. Consequently, the UMLsec4UML2-profile can be loaded in any Eclipse-based EMF- and MDT-compatible UML editing tool to develop and analyze different kinds of security models. The OCL constraints replace the static checks of the tool support for the old UMLsec defined for UML 1.5. Thus, the UMLsec4UML2-profile not only provides the whole expresiveness of UML2.3 for security modeling, it also brings considerably more freedom in selecting a basic UML editing tool, and it integrates modeling and analyzing security models. Since UML2.3 comprises new diagram types, as well as new model elements and new semantics of diagram types already contained in UML1.5, we consider a number of these changes in detail. More specifically, we consider composite structure and sequence diagrams with respect to modeling security properties according to the original version of UMLsec. The goal is to use UMLsec4UML2 to specify architectural security patterns

Evolution of security engineering artifacts: a state of the art survey

Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research

Model-based Security Testing Using UMLsec A Case Study

AbstractDesigning and implementing security-critical systems correctly is very difficult. In practice, most vulnerabilities arise from bugs in implementations. We present work towards systematic specification-based testing of security-critical systems based on UMLsec models. We show how to systematically generate test sequences for security properties based on the model that can be used to test the implementation for vulnerabilities. We explain our method at the example of a part of the Common Electronic Purse Specifications (CEPS), a candidate for an international electronic purse standard

An MDA approach for developing Secure OLAP applications: metamodels and transformations

Decision makers query enterprise information stored in Data Warehouses (DW) by using tools (such as On-Line Analytical Processing (OLAP) tools) which employ specific views or cubes from the corporate DW or Data Marts, based on multidimensional modelling. Since the information managed is critical, security constraints have to be correctly established in order to avoid unauthorized access. In previous work we defined a Model-Driven based approach for developing a secure DW repository by following a relational approach. Nevertheless, it is also important to define security constraints in the metadata layer that connects the DW repository with the OLAP tools; that is, over the same multidimensional structures that end users manage. This paper incorporates a proposal for developing secure OLAP applications within our previous approach: it improves a UML profile for conceptual modelling; it defines a logical metamodel for OLAP applications; and it defines and implements transformations from conceptual to logical models, as well as from logical models to secure implementation in a specific OLAP tool (SQL Server Analysis Services).This research is part of the following projects: SIGMA-CC (TIN2012-36904), GEODAS-BC (TIN2012-37493-C01) and GEODAS-BI (TIN2012-37493-C03) funded by the Ministerio de Economía y Competitividad and Fondo Europeo de Desarrollo Regional FEDER. SERENIDAD (PEII11-037-7035) and MOTERO (PEII11- 0399-9449) funded by the Consejería de Educación, Ciencia y Cultura de la Junta de Comunidades de Castilla La Mancha, and Fondo Europeo de Desarrollo Regional FEDER