Model-based Role Based Access Control for RESTful Spring applications

Mudelipõhine tarkvaraarendus on kaasaegse tarkvara arendamise metoodika, mille eesmärk on lahendada konkreetseid probleeme, luues domeeni mudelid ja pakkudes lahendust kontseptuaalsel viisil. Domeenipõhine keel (DSL) on arvuti keel, mis võimaldab lahendada probleeme konkreetses domeenis. Käesoleva lõputöö eesärgiks on arendada tarkvaraline vahend, mis aitab luua automaatselt tarkvarakoodi rolli-põhise ligipääsu kontrolli abil RESTful rakendustele. Selle jaoks soovime pakkuda spetsifikatsiooni, mis läbi DSL-i sisendi kirjeldaks andmebaasi kihtide komponente (näiteks klassid ja hoidlad), vahekihtide komponente (st Resources/Assemblers, Controllers), ja rolli-põhise ligipääsu kontrolli mudelit koos sihtrakendusega. Tuginedes reeglitele, genereerib meie vahend koodi, mis sisaldab RBAC autentimisega / autoriseerimisega seotud konfiguratsiooni ja abiklasse. See on kogu RESTful Spring Boot rakenduse tuumik koos kommentaaride ning baaskoodiga, mille sisendiks on etteantud RBAC mudel.Model-driven software development is the modern software development methodology that aims at solving a specific problem by creating the domain models and providing the solution in a conceptual way. Domain-Specific Language (DSL) is the computer language that allows solving a problem in a specific domain. The goal of this thesis is to develop a software tool that helps to generate the software codes automatically with Role Based Access Control for a RESTful application. In this context, we want to provide a resource specification as an input to the software tool through DSL for describing the database layer components (i.e. Entity classes and Repositories), the integration layer components (i.e. Resources/Assemblers, Controllers), and a Role-Based Access Control model to be associated with a target application. Based on the definitions, our tools will generate code, including RBAC authentication/authorization related configuration and helper classes. Thus, the skeleton for the RESTful Spring Boot application with the annotations and basic code to enforce the RBAC model provided as input

Role-based access control mechanisms: distributed, statically implemented and driven by CRUD expressions

Most of the security threats in relational database applications have their source in client-side systems when they issue requests formalized by Create, Read, Update and Delete (CRUD) expressions. If tools such as ODBC and JDBC are used to develop business logics, then there is another source of threats. In some situations the content of data sets retrieved by Select expressions can be modified and then committed into the host databases. These tools are agnostic regarding not only database schemas but also regarding the established access control policies. This situation can hardly be mastered by programmers of business logics in database applications with many and complex access control policies. To overcome this gap, we extend the basic Role-Based Access policy to support and supervise the two sources of security threats. This extension is then used to design the correspondent RBAC model. Finally, we present a software architectural model from which static RBAC mechanisms are automatically built, this way relieving programmers from mastering any schema. We demonstrate empirical evidence of the effectiveness of our proposal from a use case based on Java and JDBC

Process business modeling of emerging security threats with BPMN extension

Effective and rational management of a company cannot take place without the use of information technologies. Additionally, according to specific security requirements to protect the IT system against different threats, the development of a security system is significant for the companies and their clients and satisfactory common cooperation. The BPMN (Business Process Model and Notation) can be used for this purpose; however, the basic version of BPMN and its current extensions do not support the service of security threats. For this reason, we propose to extend the BPMN to be possible to model the chosen security issues coming from company business processes. The paper deals with the selected aspects of security requirements modeling in terms of emerging threats on the example of existing extensions of business process modeling language and the proposition of BPMN extension for chosen security issues together with the definition of information security policy

Enabling verification and conformance testing for access control model

Verification and testing are the important step for software assurance. However, such crucial and yet challenging tasks have not been widely adopted in building access control sys-tems. In this paper we propose a methodology to sup-port automatic analysis and conformance testing for ac-cess control systems, integrating those features to Assur-ance Management Framework (AMF). Our methodology at-tempts to verify formal specifications of a role-based access control model and corresponding policies with selected se-curity properties. Also, we systematically articulate testing cases from formal specifications and validate conformance to the system design and implementation using those cases. In addition, we demonstrate feasibility and effectiveness of our methodology using SAT and Alloy toolset

Trusted reasoning-role-based access control for cloud computing environment

Cloud computing has become the new standard in the fast-growing industry of information technology. This poses new challenges to the existing access control models, as the new computing paradigm is highly-distributed and multi-tenancy. The existing access control models are not strong enough due to unavailability of strong multiple relationships between user and resources. In addition, monitoring activities of users to protect the cloud resources is weak. In these contexts, malicious user must be identified for the protection of sensitive data and to limit the access of the user to the resources. This research developed an enhanced access control model for cloud computing, namely Trusted Reasoning-Role-Based Access Control for Cloud Computing Environment (TR2BAC) model. The model consists of four components. The first component is a dimensional domain for strong multiple relations between resources and user management, whereas the second component is reason-based access mechanism to limit users access based on defined reasoning principle. The third component is the trust module that identifies trusted/malicious users, and the fourth component ensures secure data access that classifies and labels the data according to the level of its sensitivity. The resources are then secured accordingly. Simulation results revealed that the performance of the proposed model improved in comparison to the existing state of the art techniques in terms of throughput by 25% and Permission Grants results by 35%. In terms of user authorization, the access time improved by 95% of the total access time which is about 7.5 seconds. In conclusion, this research has developed an enhanced access control model for cloud computing environment that can be used to protect the privacy of users as well as cloud resources from inside and outside attacks

Role Based Access Control as SecureUML Model in Web Applications Development with Spring Security

Tänapäeval on efektiivse äri üheks võtmeks kiire ja edukas veebirakenduste arendus. Samas, uudsed maailmas levinud nõuded eeldavad keerukat lähenemist juurdepääsukontrolli ja kasutajate rühmade koostöövõime määratlemisel. Tavapäraselt hõlmab tarkvara arenduse protsess erinevaid vastutavaid osalisi rakenduse hindamisel, plaanide koostamisel, arendusel, rakendamisel ja kasutajatoe tagamisel, mille tulemusena suureneb informatsiooni kadu ja keerukus sihtgruppide vahelises suhtluses. Arendusmeeskonnad peaksid sellise olukorra vältimiseks ja väärtõlgendustest ning turvalisuse nõuete rikkumisest tulenevate võimalike riskide leevendamiseks tarkvara arenduses kasutama vahendeid, mis võimaldavad kiiret ja täpset veebirakenduse interpreteerimist läbi mudeli. Modelleerimine aitab tunduvalt vähendada võimalikke probleeme ja tagab funktsionaalsuse vajadused arvestades soovitud rollipõhise juurdepääsukontrolli mudeliga. Antud töös pakutakse välja kontseptuaalne Eclipse IDE lisandmooduli realisatsioon, et toetada ja lihtsustada mudelil baseeruvat lähenemist veebirakenduste arendamisel kasutades Spring platvormi. Loodud lisandmoodul toetab Spring Security esitusviiside tuvastamist koos võimega visualiseerida nende üle rollipõhise juurdepääsukontrolli mudelit. Visuaalse mudeli genereerimine toimub kahe peamise astmena: Spring Security konfiguratsiooni tuvastamine ja esituse genereerimine kasutades SecureUML modelleerimise keelt. Loodud lisandmooduli kontseptsioon valideeriti juhtumiuuringutega, mis näitasid lisandmooduli sobivust tarkvara arendajate jaoks tänu integreeritud lahendusele, et tagada kiiremat arendust ja abi valitud veebirakenduse rollipõhise juurdepääsukontrolli mudelist arusaamisel.Nowadays fast and successful development of a web application is one of the keys to effective business. However, modern world requirements define the complex approach in definition of ac-cess control and user groups’ interoperability. The software development process typically in-volves different responsible members for the application assessment, planning, development, de-ployment and support, as a consequence, increasing the complexity and information losses be-tween target groups. In order to mitigate possible risks in software development misinterpretation and security violation, teams should use tools that allow fast and accurate interpretation of the web application through a model. Modelling will help with minimization of possible problems and ensure the functionality needs with respect to desired RBAC model. In order to support and simpli-fy the model-driven approach for a web application development with Spring platform, realization of a concept plugin for Eclipse IDE is proposed. This plugin supports the recognition of Spring Security notations with capability to visualize the RBAC model on top of them. The generation of visual model is achieved in two main steps: recognition of Spring Security configuration and gen-eration of representation with SecureUML modeling language. The concept of contributed plugin was validated within case studies that demonstrated the acceptance of this plugin by software de-velopers due to its integrated solution for faster development and help in understanding of RBAC model for the selected web application

Method-Specific Access Control in Java via Proxy Objects using Annotations

Partially restricting access to objects enables system designers to finely control the security of their systems. We propose a novel approach that allows granting partial access at method granularity on arbitrary objects to remote clients, using proxy objects. Our initial approach considers methods to be either safe (may be invoked by anyone) or unsafe (may be invoked only by trusted users). We next generalize this approach by supporting Role-Based Access Control (RBAC) for methods in objects. In our approach, a policy implementer annotates methods, interfaces, and classes with roles. Our system automatically creates proxy objects for each role, which contain only methods to which that role is authorized. This thesis explains the method annotation process, the semantics of annotations, how we derive proxy objects based on annotations, and how clients invoke methods via proxy objects. We present the advantages to our approach, and distinguish it from existing approaches to method-granularity access control. We provide detailed semantics of our system, in First Order Logic, to describe its operation. We have implemented our system in the Java programming language and evaluated its performance and usability. Proxy objects have minimal overhead: creation of a proxy object takes an order of magnitude less time than retrieving a reference to a remote object. Deriving the interface---a one-time cost---is on the same order as retrieval. We present empirical evidence of the effectiveness of our approach by discussing its application to software projects that range from thousands to hundreds of thousands of lines of code; even large software projects can be annotated in less than a day

Acesso remoto dinâmico e seguro a bases de dados com integração de políticas de acesso suave

The amount of data being created and shared has grown greatly in recent years, thanks in part to social media and the growth of smart devices. Managing the storage and processing of this data can give a competitive edge when used to create new services, to enhance targeted advertising, etc. To achieve this, the data must be accessed and processed. When applications that access this data are developed, tools such as Java Database Connectivity, ADO.NET and Hibernate are typically used. However, while these tools aim to bridge the gap between databases and the object-oriented programming paradigm, they focus only on the connectivity issue. This leads to increased development time as developers need to master the access policies to write correct queries. Moreover, when used in database applications within noncontrolled environments, other issues emerge such as database credentials theft; application authentication; authorization and auditing of large groups of new users seeking access to data, potentially with vague requirements; network eavesdropping for data and credential disclosure; impersonating database servers for data modification; application tampering for unrestricted database access and data disclosure; etc. Therefore, an architecture capable of addressing these issues is necessary to build a reliable set of access control solutions to expand and simplify the application scenarios of access control systems. The objective, then, is to secure the remote access to databases, since database applications may be used in hard-to-control environments and physical access to the host machines/network may not be always protected. Furthermore, the authorization process should dynamically grant the appropriate permissions to users that have not been explicitly authorized to handle large groups seeking access to data. This includes scenarios where the definition of the access requirements is difficult due to their vagueness, usually requiring a security expert to authorize each user individually. This is achieved by integrating and auditing soft access policies based on fuzzy set theory in the access control decision-making process. A proof-of-concept of this architecture is provided alongside a functional and performance assessment.A quantidade de dados criados e partilhados tem crescido nos últimos anos, em parte graças às redes sociais e à proliferação dos dispositivos inteligentes. A gestão do armazenamento e processamento destes dados pode fornecer uma vantagem competitiva quando usados para criar novos serviços, para melhorar a publicidade direcionada, etc. Para atingir este objetivo, os dados devem ser acedidos e processados. Quando as aplicações que acedem a estes dados são desenvolvidos, ferramentas como Java Database Connectivity, ADO.NET e Hibernate são normalmente utilizados. No entanto, embora estas ferramentas tenham como objetivo preencher a lacuna entre as bases de dados e o paradigma da programação orientada por objetos, elas concentram-se apenas na questão da conectividade. Isto aumenta o tempo de desenvolvimento, pois os programadores precisam dominar as políticas de acesso para escrever consultas corretas. Além disso, quando usado em aplicações de bases de dados em ambientes não controlados, surgem outros problemas, como roubo de credenciais da base de dados; autenticação de aplicações; autorização e auditoria de grandes grupos de novos utilizadores que procuram acesso aos dados, potencialmente com requisitos vagos; escuta da rede para obtenção de dados e credenciais; personificação de servidores de bases de dados para modificação de dados; manipulação de aplicações para acesso ilimitado à base de dados e divulgação de dados; etc. Uma arquitetura capaz de resolver esses problemas é necessária para construir um conjunto confiável de soluções de controlo de acesso, para expandir e simplificar os cenários de aplicação destes sistemas. O objetivo, então, é proteger o acesso remoto a bases de dados, uma vez que as aplicações de bases de dados podem ser usados em ambientes de difícil controlo e o acesso físico às máquinas/rede nem sempre está protegido. Adicionalmente, o processo de autorização deve conceder dinamicamente as permissões adequadas aos utilizadores que não foram explicitamente autorizados para suportar grupos grandes de utilizadores que procuram aceder aos dados. Isto inclui cenários em que a definição dos requisitos de acesso é difícil devido à sua imprecisão, geralmente exigindo um especialista em segurança para autorizar cada utilizador individualmente. Este objetivo é atingido no processo de decisão de controlo de acesso com a integração e auditaria das políticas de acesso suaves baseadas na teoria de conjuntos difusos. Uma prova de conceito desta arquitetura é fornecida em conjunto com uma avaliação funcional e de desempenho.Programa Doutoral em Informátic

Towards realizing a formal RBAC model in real systems

There still exists an open question on how formal models can be fully realized in the system development phase. The Model Driven Development (MDD) approach has been re-cently introduced to deal with such a critical issue for build-ing high assurance software systems. The MDD approach focuses on the transformation of high-level design models to system implementation modules. How-ever, this emerging development approach lacks an adequate procedure to address security issues derived from formal security models. In this paper, we propose an empirical framework to integrate security model representation, secu-rity policy specification, and systematic validation of secu-rity model and policy, which would be eventually used for accommodating security concerns during the system devel-opment. We also describe how our framework can minimize the gap between security models and the development of se-cure systems. In addition, we overview a proof-of-concept prototype of our tool that facilitates existing software engi-neering mechanisms to achieve the above-mentioned features of our framework

Architectural Alignment of Access Control Requirements Extracted from Business Processes

Geschäftsprozesse und IT-Systeme sind einer ständigen Evolution unterworfen und beeinflussen sich in hohem Maße gegenseitig. Dies führt zu der Herausforderung, Sicherheitsaspekte innerhalb von Geschäftsprozessen und Enterprise Application Architectures (EAAs) in Einklang zu bringen. Im Besonderen gilt dies für Zugriffskontrollanforderungen, welche sowohl in der IT-Sicherheit als auch im Datenschutz einen hohen Stellenwert haben. Die folgenden drei Ziele der Geschäftsebene verdeutlichen die Bedeutung von Zugriffskontrollanforderungen: $1)$ Identifikation und Schutz von kritischen und schützenswerten Daten und Assets. $2)$ Einführung einer organisationsweiten IT-Sicherheit zum Schutz vor cyberkriminellen Attacken. $3)$ Einhaltung der zunehmenden Flut an Gesetzen, welche die IT-Sicherheit und den Datenschutz betreffen. Alle drei Ziele sind in einem hohen Maß mit Zugriffskontrollanforderungen auf Seiten der Geschäftsebene verbunden. Aufgrund der Fülle und Komplexität stellt die vollständige und korrekte Umsetzung dieser Zugriffskontrollanforderungen eine Herausforderung für die IT dar. Hierfür muss das Wissen von der Geschäftsebene hin zur IT übertragen werden. Die unterschiedlichen Terminologien innerhalb der Fachdomänen erschweren diesen Prozess. Zusätzlich beeinflussen die Größe von Unternehmen, die Komplexität von EAAs sowie die Verflechtung zwischen EAAs und Geschäftsprozessen die Fehleranfälligkeit im Entwurfsprozess von Zugriffsberechtigungen und EAAs. Dieser Zusammenhang führt zu einer Diskrepanz zwischen ihnen und den Geschäftsprozessen und wird durch den Umstand der immer wiederkehrenden Anpassungen aufgrund von Evolutionen der Geschäftsprozesse und IT-Systeme verstärkt. Bisherige Arbeiten, die auf Erweiterungen von Modellierungssprachen setzen, fordern einen hohen Aufwand von Unternehmen, um vorhandene Modelle zu erweitern und die Erweiterungen zu pflegen. Andere Arbeiten setzen auf manuelle Prozesse. Diese erfordern viel Aufwand, skalieren nicht und sind bei komplexen Systemen fehleranfällig. Ziel meiner Arbeit ist es, zu untersuchen, wie Zugriffskontrollanforderungen zwischen der Geschäftsebene und der IT mit möglichst geringem Mehraufwand für Unternehmen angeglichen werden können. Im Speziellen erforsche ich, wie Zugriffskontrollanforderungen der Geschäftsebene, extrahiert aus Geschäftsprozessen, automatisiert in Zugriffsberechtigungen für Systeme der rollenbasierten Zugriffskontrolle (RBAC) überführt werden können und wie die EAA zur Entwurfszeit auf die Einhaltung der extrahierten Zugriffskontrollanforderungen überprüft werden kann. Hierdurch werden Sicherheitsexperten beim Entwerfen von Zugriffsberechtigungen für RBAC Systeme unterstützt und die Komplexität verringert. Weiterhin werden Enterprise-Architekten in die Lage versetzt, die EAA zur Entwurfszeit auf Datenflüsse von Services zu untersuchen, welche gegen die geschäftsseitige Zugriffskontrollanforderungen verstoßen und diese Fehler zu beheben. Die Kernbeiträge meiner Arbeit lassen sich wie folgt zusammenfassen: $\textbf{I)}$ Ein Ansatz zur automatisierten Extraktion von geschäftsseitigen Zugriffskontrollanforderungen aus Geschäftsprozessen mit anschließender Generierung eines initialen Rollenmodells für RBAC. $\textbf{II)}$ Ein Ansatz zum automatisierten Erstellen von architekturellen Datenfluss-Bedingungen aus Zugriffskontrollanforderungen zur Identifikation von verbotenen Datenflüssen in Services von IT-Systemen der EAA. $\textbf{III)}$ Eine Prozessmodell für Unternehmen über die Einsatzmöglichkeiten der Ansätze innerhalb verschiedener Evolutionsszenarien. $\textbf{IV)}$ Ein Modell zur Verknüpfung relevanter Elemente aus Geschäftsprozessen, RBAC und EAAs im Hinblick auf die Zugriffskontrolle. Dieses wird automatisiert durch die Ansätze erstellt und dient unter anderem zur Dokumentation von Entwurfsentscheidungen, zur Verbesserung des Verständnisses von Modellen aus anderen Domänen und zur Unterstützung des Enterprise-Architekten bei der Auflösung von Fehlern innerhalb der EAA. Die Anwendbarkeit der Ansätze wurden in zwei Fallstudien untersucht. Die erste Studie ist eine Real-Welt-Studie, entstanden durch eine Kooperation mit einer staatlichen Kunsthalle, welche ihre IT-Systeme überarbeitet. Eine weitere Fallstudie wurde auf Basis von Common Component Modeling Example (CoCoME) durchgeführt. CoCoME ist eine durch die Wissenschaftsgemeinde entwickelte Fallstudie einer realistischen Großmarkt-Handelskette, welche speziell für die Erforschung von Software-Modellierung entwickelt wurde und um Evolutinsszenarien ergänzt wurde. Aufgrund verschiedener gesetzlicher Regularien an die IT-Sicherheit und den Datenschutz sowie dem Fluss von sensiblen Daten eignen sich beide Fallstudien für die Untersuchung von Zugriffskontrollanforderungen. Beide Fallstudien wurden anhand der Goal Question Metric-Methode durchgeführt. Es wurden Validierungsziele definiert. Aus diesen wurden systematisch wissenschaftliche Fragen abgleitet, für welche anschließend Metriken aufgestellt wurden, um sie zu untersuchen. Die folgenden Aspekte wurden untersucht: $\bullet$ Qualität der generierten Zugriffsberechtigungen. $\bullet$ Qualität der Identifikation von fehlerhaften Datenflüssen in Services der EAA. $\bullet$ Vollständigkeit und Korrektheit des generierten Modells zur Nachverfolgbarkeit von Zugriffskontrollanforderungen über Modelle hinweg. $\bullet$ Eignung der Ansätze in Evolutionsszenarien von Geschäftsprozessen und EAAs. Am Ende dieser Arbeit wird ein Ausblick gegeben, wie sich die vorgestellten Ansätze dieser Arbeit erweitern lassen. Dabei wird unter anderem darauf eingegangen, wie das Modell zur Verknüpfung relevanter Elemente aus Geschäftsprozessen, RBAC und EAAs im Hinblick auf die Zugriffskontrolle, um Elemente aus weiteren Modellen der IT und der Geschäftsebene, erweitert werden kann. Weiterhin wird erörtert wie die Ansätze der Arbeit mit zusätzlichen Eingabeinformationen angereichert werden können und wie die extrahierten Zugriffskontrollanforderungen in weiteren Domänenmodellen der IT und der Geschäftsebene eingesetzt werden können