SlideShare a Scribd company logo

130118 sergio luis da silva jr. - an approach to formalise security patterns

Ptidej Team
Ptidej Team

Security patterns, pattern detection,

TechnologyEntertainment & Humor
1 of 19
Download to read offline
An Approach to Formalise Security Patterns Luis Sergio da Silva Junior, ´ Ecole Polytechnique de Montr´al e March, 2013 Sergio An Approach to Formalise Security Patterns 1/ 19
Context Software Development • Methods, Techniques and Tools • Reuse • Design Patterns • Security Patterns Sergio An Approach to Formalise Security Patterns 2/ 19
Security Patterns Properties • Group of patterns focused on security context • Threat, Attack, Attacker, Asset etc • UML diagrams • Originally, not formally specified Sergio An Approach to Formalise Security Patterns 3/ 19
Security Patterns Example 1 • Single Access Point • Guard Door Sergio An Approach to Formalise Security Patterns 4/ 19
Security Patterns Sergio An Approach to Formalise Security Patterns 5/ 19
Security Patterns Example 2 • Roles • Group of roles • Restrict Access Sergio An Approach to Formalise Security Patterns 6/ 19
Formal Methods Definition Formal Methods (FM) consist of a set of techniques and tools based on mathematical modeling and formal logic that are used to specify and verify requirements and designs for computer systems and software OCL and extensions Petri Nets ASM others Sergio An Approach to Formalise Security Patterns 7/ 19
Formalizing Security Patterns Correct implementation of restrictions and properties Avoid Threats and bad implementation Security Improvement Sergio An Approach to Formalise Security Patterns 8/ 19
Petri Nets Places, Tokens and Arcs Different Types (Coloured, Temporized ) CPN-Tools Why Petri Nets ? Sergio An Approach to Formalise Security Patterns 9/ 19
Study Case Sender-Receiver example Microarchitecture example constraint - the size of the message cannot be longer than 10 Structural analysis - PADL and Reflection structure Behavioural analysis - Comparison between the pattern and the Petri Net structure Sergio An Approach to Formalise Security Patterns 10/ 19
Structural analysis Pattern detection through structural analysis Class diagrams Send its result to the next step Sergio An Approach to Formalise Security Patterns 11/ 19
Structural analysis Sergio An Approach to Formalise Security Patterns 12/ 19
Structural analysis Create a Pattern Model using PADL Comparison with Real objects - using Java Reflection API Compare all attributes, associations Display accuracy. Sergio An Approach to Formalise Security Patterns 13/ 19
Behavioural analysis Sergio An Approach to Formalise Security Patterns 14/ 19
Behavioural Analysis Create Coloured Petri Net Model by CPN-Tools Using XML extractor from the .cpn file Using Classes, Interfaces to keep the information on Java structure Extract method internal structure from .java file Compare expressions and attributions from the java source code with the Petri net arc inscription. Display accuracy Sergio An Approach to Formalise Security Patterns 15/ 19
Behavioural analysis Expressions and Attributions Sergio An Approach to Formalise Security Patterns 16/ 19
Future Work Testing with a Real System Single Access Point, Roles, Session Evaluate Version with Simulation of Petri Net model More Formal Methods Provide running analysis. Sergio An Approach to Formalise Security Patterns 17/ 19
Future Work Find the pattern in some complex structure Petri Net restriction - named places and transitions Different calls, same idea (length and size) Sergio An Approach to Formalise Security Patterns 18/ 19
Acknowledgment Sergio An Approach to Formalise Security Patterns 19/ 19

Recommended

Mobile Multimodal Interaction: An Investigation and Implementation of Context...
Mobile Multimodal Interaction: An Investigation and Implementation of Context...Mobile Multimodal Interaction: An Investigation and Implementation of Context...
Mobile Multimodal Interaction: An Investigation and Implementation of Context...Mafer Solorzano
 
Reverse Engineering: a European IPR Perspective
Reverse Engineering: a European IPR PerspectiveReverse Engineering: a European IPR Perspective
Reverse Engineering: a European IPR PerspectiveDaniel Russo
 
Presentation networking(1)
Presentation networking(1)Presentation networking(1)
Presentation networking(1)cegonsoft1999
 
Bachelors in mobile computing and internet
Bachelors in mobile computing and internetBachelors in mobile computing and internet
Bachelors in mobile computing and internetitft college
 
Patterns of Data Distribution
Patterns of Data DistributionPatterns of Data Distribution
Patterns of Data DistributionRick Warren
 
Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Chadni Islam
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
 
Security Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and VerificationSecurity Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and VerificationHironori Washizaki
 

Recommended

Mobile Multimodal Interaction: An Investigation and Implementation of Context...
Mobile Multimodal Interaction: An Investigation and Implementation of Context...Mobile Multimodal Interaction: An Investigation and Implementation of Context...
Mobile Multimodal Interaction: An Investigation and Implementation of Context...Mafer Solorzano
 
Reverse Engineering: a European IPR Perspective
Reverse Engineering: a European IPR PerspectiveReverse Engineering: a European IPR Perspective
Reverse Engineering: a European IPR PerspectiveDaniel Russo
 
Presentation networking(1)
Presentation networking(1)Presentation networking(1)
Presentation networking(1)cegonsoft1999
 
Bachelors in mobile computing and internet
Bachelors in mobile computing and internetBachelors in mobile computing and internet
Bachelors in mobile computing and internetitft college
 
Patterns of Data Distribution
Patterns of Data DistributionPatterns of Data Distribution
Patterns of Data DistributionRick Warren
 
Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Chadni Islam
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
 
Security Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and VerificationSecurity Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and VerificationHironori Washizaki
 
TESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsTESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsHironori Washizaki
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...Kim Hammar
 
Network simulator survey
Network simulator surveyNetwork simulator survey
Network simulator surveyWei Lin
 
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011dma1965
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecurityKim Hammar
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...apidays
 
Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...hack2s
 
Course overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsCourse overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsSanket Shikhar
 
GridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateGridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateAndy Bochman
 
Security in Machine Learning
Security in Machine LearningSecurity in Machine Learning
Security in Machine LearningFlavio Clesio
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...lior mazor
 
Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationArchitecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationChadni Islam
 
#1 formal methods – introduction for software engineering
#1 formal methods – introduction for software engineering#1 formal methods – introduction for software engineering
#1 formal methods – introduction for software engineeringSharif Omar Salem
 
CrAlSim: A Cryptography Algorithm Simulator
CrAlSim: A Cryptography Algorithm SimulatorCrAlSim: A Cryptography Algorithm Simulator
CrAlSim: A Cryptography Algorithm SimulatorIRJET Journal
 
our project presentation on online trading
our project presentation on online tradingour project presentation on online trading
our project presentation on online tradingBindiya syed
 
Digital Twins for Security Automation
Digital Twins for Security AutomationDigital Twins for Security Automation
Digital Twins for Security AutomationKim Hammar
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation IJECEIAES
 
2015 03-04 presentation1
2015 03-04 presentation12015 03-04 presentation1
2015 03-04 presentation1ifi8106tlu
 
Conducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignConducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignIJCSIS Research Publications
 
UMLassure: An approach to model software security
UMLassure: An approach to model software securityUMLassure: An approach to model software security
UMLassure: An approach to model software securitymanishthaper
 
From IoT to Software Miniaturisation
From IoT to Software MiniaturisationFrom IoT to Software Miniaturisation
From IoT to Software MiniaturisationPtidej Team
 
Presentation
PresentationPresentation
PresentationPtidej Team
 

More Related Content

Similar to 130118 sergio luis da silva jr. - an approach to formalise security patterns

TESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsTESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsHironori Washizaki
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...Kim Hammar
 
Network simulator survey
Network simulator surveyNetwork simulator survey
Network simulator surveyWei Lin
 
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011dma1965
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecurityKim Hammar
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...apidays
 
Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...hack2s
 
Course overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsCourse overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsSanket Shikhar
 
GridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateGridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateAndy Bochman
 
Security in Machine Learning
Security in Machine LearningSecurity in Machine Learning
Security in Machine LearningFlavio Clesio
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...lior mazor
 
Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationArchitecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationChadni Islam
 
#1 formal methods – introduction for software engineering
#1 formal methods – introduction for software engineering#1 formal methods – introduction for software engineering
#1 formal methods – introduction for software engineeringSharif Omar Salem
 
CrAlSim: A Cryptography Algorithm Simulator
CrAlSim: A Cryptography Algorithm SimulatorCrAlSim: A Cryptography Algorithm Simulator
CrAlSim: A Cryptography Algorithm SimulatorIRJET Journal
 
our project presentation on online trading
our project presentation on online tradingour project presentation on online trading
our project presentation on online tradingBindiya syed
 
Digital Twins for Security Automation
Digital Twins for Security AutomationDigital Twins for Security Automation
Digital Twins for Security AutomationKim Hammar
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation IJECEIAES
 
2015 03-04 presentation1
2015 03-04 presentation12015 03-04 presentation1
2015 03-04 presentation1ifi8106tlu
 
Conducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignConducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignIJCSIS Research Publications
 
UMLassure: An approach to model software security
UMLassure: An approach to model software securityUMLassure: An approach to model software security
UMLassure: An approach to model software securitymanishthaper
 

Similar to 130118 sergio luis da silva jr. - an approach to formalise security patterns (20)

TESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsTESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern Applications
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
 
Network simulator survey
Network simulator surveyNetwork simulator survey
Network simulator survey
 
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber Security
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
 
Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...
 
Course overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsCourse overview Cybersecurity and its applications
Course overview Cybersecurity and its applications
 
GridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateGridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security Update
 
Security in Machine Learning
Security in Machine LearningSecurity in Machine Learning
Security in Machine Learning
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
 
Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationArchitecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automation
 
#1 formal methods – introduction for software engineering
#1 formal methods – introduction for software engineering#1 formal methods – introduction for software engineering
#1 formal methods – introduction for software engineering
 
CrAlSim: A Cryptography Algorithm Simulator
CrAlSim: A Cryptography Algorithm SimulatorCrAlSim: A Cryptography Algorithm Simulator
CrAlSim: A Cryptography Algorithm Simulator
 
our project presentation on online trading
our project presentation on online tradingour project presentation on online trading
our project presentation on online trading
 
Digital Twins for Security Automation
Digital Twins for Security AutomationDigital Twins for Security Automation
Digital Twins for Security Automation
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation
 
2015 03-04 presentation1
2015 03-04 presentation12015 03-04 presentation1
2015 03-04 presentation1
 
Conducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class DesignConducting Security Metrics for Object-Oriented Class Design
Conducting Security Metrics for Object-Oriented Class Design
 
UMLassure: An approach to model software security
UMLassure: An approach to model software securityUMLassure: An approach to model software security
UMLassure: An approach to model software security
 

More from Ptidej Team

From IoT to Software Miniaturisation
From IoT to Software MiniaturisationFrom IoT to Software Miniaturisation
From IoT to Software MiniaturisationPtidej Team
 
Presentation by Lionel Briand
Presentation by Lionel BriandPresentation by Lionel Briand
Presentation by Lionel BriandPtidej Team
 
Manel Abdellatif
Manel AbdellatifManel Abdellatif
Manel AbdellatifPtidej Team
 
Azadeh Kermansaravi
Azadeh KermansaraviAzadeh Kermansaravi
Azadeh KermansaraviPtidej Team
 
CSED - Manel Grichi
CSED - Manel GrichiCSED - Manel Grichi
CSED - Manel GrichiPtidej Team
 
Cristiano Politowski
Cristiano PolitowskiCristiano Politowski
Cristiano PolitowskiPtidej Team
 
Will io t trigger the next software crisis
Will io t trigger the next software crisisWill io t trigger the next software crisis
Will io t trigger the next software crisisPtidej Team
 
Thesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.pptThesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.pptPtidej Team
 
Thesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.pptThesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.pptPtidej Team
 

More from Ptidej Team (20)

From IoT to Software Miniaturisation
From IoT to Software MiniaturisationFrom IoT to Software Miniaturisation
From IoT to Software Miniaturisation
 
Presentation
PresentationPresentation
Presentation
 
Presentation
PresentationPresentation
Presentation
 
Presentation
PresentationPresentation
Presentation
 
Presentation by Lionel Briand
Presentation by Lionel BriandPresentation by Lionel Briand
Presentation by Lionel Briand
 
Manel Abdellatif
Manel AbdellatifManel Abdellatif
Manel Abdellatif
 
Azadeh Kermansaravi
Azadeh KermansaraviAzadeh Kermansaravi
Azadeh Kermansaravi
 
Mouna Abidi
Mouna AbidiMouna Abidi
Mouna Abidi
 
CSED - Manel Grichi
CSED - Manel GrichiCSED - Manel Grichi
CSED - Manel Grichi
 
Cristiano Politowski
Cristiano PolitowskiCristiano Politowski
Cristiano Politowski
 
Will io t trigger the next software crisis
Will io t trigger the next software crisisWill io t trigger the next software crisis
Will io t trigger the next software crisis
 
MIPA
MIPAMIPA
MIPA
 
Thesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.pptThesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.ppt
 
Thesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.pptThesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.ppt
 
Medicine15.ppt
Medicine15.pptMedicine15.ppt
Medicine15.ppt
 
Qrs17b.ppt
Qrs17b.pptQrs17b.ppt
Qrs17b.ppt
 
Icpc11c.ppt
Icpc11c.pptIcpc11c.ppt
Icpc11c.ppt
 
Icsme16.ppt
Icsme16.pptIcsme16.ppt
Icsme16.ppt
 
Msr17a.ppt
Msr17a.pptMsr17a.ppt
Msr17a.ppt
 
Icsoc15.ppt
Icsoc15.pptIcsoc15.ppt
Icsoc15.ppt
 

Recently uploaded

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Recently uploaded (20)

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

130118 sergio luis da silva jr. - an approach to formalise security patterns

  • 1. An Approach to Formalise Security Patterns Luis Sergio da Silva Junior, ´ Ecole Polytechnique de Montr´al e March, 2013 Sergio An Approach to Formalise Security Patterns 1/ 19
  • 2. Context Software Development • Methods, Techniques and Tools • Reuse • Design Patterns • Security Patterns Sergio An Approach to Formalise Security Patterns 2/ 19
  • 3. Security Patterns Properties • Group of patterns focused on security context • Threat, Attack, Attacker, Asset etc • UML diagrams • Originally, not formally specified Sergio An Approach to Formalise Security Patterns 3/ 19
  • 4. Security Patterns Example 1 • Single Access Point • Guard Door Sergio An Approach to Formalise Security Patterns 4/ 19
  • 5. Security Patterns Sergio An Approach to Formalise Security Patterns 5/ 19
  • 6. Security Patterns Example 2 • Roles • Group of roles • Restrict Access Sergio An Approach to Formalise Security Patterns 6/ 19
  • 7. Formal Methods Definition Formal Methods (FM) consist of a set of techniques and tools based on mathematical modeling and formal logic that are used to specify and verify requirements and designs for computer systems and software OCL and extensions Petri Nets ASM others Sergio An Approach to Formalise Security Patterns 7/ 19
  • 8. Formalizing Security Patterns Correct implementation of restrictions and properties Avoid Threats and bad implementation Security Improvement Sergio An Approach to Formalise Security Patterns 8/ 19
  • 9. Petri Nets Places, Tokens and Arcs Different Types (Coloured, Temporized ) CPN-Tools Why Petri Nets ? Sergio An Approach to Formalise Security Patterns 9/ 19
  • 10. Study Case Sender-Receiver example Microarchitecture example constraint - the size of the message cannot be longer than 10 Structural analysis - PADL and Reflection structure Behavioural analysis - Comparison between the pattern and the Petri Net structure Sergio An Approach to Formalise Security Patterns 10/ 19
  • 11. Structural analysis Pattern detection through structural analysis Class diagrams Send its result to the next step Sergio An Approach to Formalise Security Patterns 11/ 19
  • 12. Structural analysis Sergio An Approach to Formalise Security Patterns 12/ 19
  • 13. Structural analysis Create a Pattern Model using PADL Comparison with Real objects - using Java Reflection API Compare all attributes, associations Display accuracy. Sergio An Approach to Formalise Security Patterns 13/ 19
  • 14. Behavioural analysis Sergio An Approach to Formalise Security Patterns 14/ 19
  • 15. Behavioural Analysis Create Coloured Petri Net Model by CPN-Tools Using XML extractor from the .cpn file Using Classes, Interfaces to keep the information on Java structure Extract method internal structure from .java file Compare expressions and attributions from the java source code with the Petri net arc inscription. Display accuracy Sergio An Approach to Formalise Security Patterns 15/ 19
  • 16. Behavioural analysis Expressions and Attributions Sergio An Approach to Formalise Security Patterns 16/ 19
  • 17. Future Work Testing with a Real System Single Access Point, Roles, Session Evaluate Version with Simulation of Petri Net model More Formal Methods Provide running analysis. Sergio An Approach to Formalise Security Patterns 17/ 19
  • 18. Future Work Find the pattern in some complex structure Petri Net restriction - named places and transitions Different calls, same idea (length and size) Sergio An Approach to Formalise Security Patterns 18/ 19
  • 19. Acknowledgment Sergio An Approach to Formalise Security Patterns 19/ 19