Ppap13b.ppt
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Ppap13b.ppt

on

  • 211 views

Security, patterns, detection

Security, patterns, detection

Statistics

Views

Total Views
211
Views on SlideShare
196
Embed Views
15

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 15

http://www.ptidej.net 14
http://squirrel.polymtl.ca 1

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Ppap13b.ppt Presentation Transcript

  • 1. An Approach to Formalise Security Patterns Luis Sergio da Silva Junior, ´ Ecole Polytechnique de Montr´al e March, 2013 Sergio An Approach to Formalise Security Patterns 1/ 19
  • 2. Context Software Development • Methods, Techniques and Tools • Reuse • Design Patterns • Security Patterns Sergio An Approach to Formalise Security Patterns 2/ 19
  • 3. Security Patterns Properties • Group of patterns focused on security context • Threat, Attack, Attacker, Asset etc • UML diagrams • Originally, not formally specified Sergio An Approach to Formalise Security Patterns 3/ 19
  • 4. Security Patterns Example 1 • Single Access Point • Guard Door Sergio An Approach to Formalise Security Patterns 4/ 19
  • 5. Security Patterns Sergio An Approach to Formalise Security Patterns 5/ 19
  • 6. Security Patterns Example 2 • Roles • Group of roles • Restrict Access Sergio An Approach to Formalise Security Patterns 6/ 19
  • 7. Formal Methods Definition Formal Methods (FM) consist of a set of techniques and tools based on mathematical modeling and formal logic that are used to specify and verify requirements and designs for computer systems and software OCL and extensions Petri Nets ASM others Sergio An Approach to Formalise Security Patterns 7/ 19
  • 8. Formalizing Security Patterns Correct implementation of restrictions and properties Avoid Threats and bad implementation Security Improvement Sergio An Approach to Formalise Security Patterns 8/ 19
  • 9. Petri Nets Places, Tokens and Arcs Different Types (Coloured, Temporized ) CPN-Tools Why Petri Nets ? Sergio An Approach to Formalise Security Patterns 9/ 19
  • 10. Study Case Sender-Receiver example Microarchitecture example constraint - the size of the message cannot be longer than 10 Structural analysis - PADL and Reflection structure Behavioural analysis - Comparison between the pattern and the Petri Net structure Sergio An Approach to Formalise Security Patterns 10/ 19
  • 11. Structural analysis Pattern detection through structural analysis Class diagrams Send its result to the next step Sergio An Approach to Formalise Security Patterns 11/ 19
  • 12. Structural analysis Sergio An Approach to Formalise Security Patterns 12/ 19
  • 13. Structural analysis Create a Pattern Model using PADL Comparison with Real objects - using Java Reflection API Compare all attributes, associations Display accuracy. Sergio An Approach to Formalise Security Patterns 13/ 19
  • 14. Behavioural analysis Sergio An Approach to Formalise Security Patterns 14/ 19
  • 15. Behavioural Analysis Create Coloured Petri Net Model by CPN-Tools Using XML extractor from the .cpn file Using Classes, Interfaces to keep the information on Java structure Extract method internal structure from .java file Compare expressions and attributions from the java source code with the Petri net arc inscription. Display accuracy Sergio An Approach to Formalise Security Patterns 15/ 19
  • 16. Behavioural analysis Expressions and Attributions Sergio An Approach to Formalise Security Patterns 16/ 19
  • 17. Future Work Testing with a Real System Single Access Point, Roles, Session Evaluate Version with Simulation of Petri Net model More Formal Methods Provide running analysis. Sergio An Approach to Formalise Security Patterns 17/ 19
  • 18. Future Work Find the pattern in some complex structure Petri Net restriction - named places and transitions Different calls, same idea (length and size) Sergio An Approach to Formalise Security Patterns 18/ 19
  • 19. Acknowledgment Sergio An Approach to Formalise Security Patterns 19/ 19