Your SlideShare is downloading. ×
0
An Approach to Formalise Security Patterns

Luis Sergio da Silva Junior,
´
Ecole Polytechnique de Montr´al
e

March, 2013
...
Context

Software Development
• Methods, Techniques and Tools
• Reuse
• Design Patterns
• Security Patterns

Sergio

An Ap...
Security Patterns

Properties
• Group of patterns focused on security context
• Threat, Attack, Attacker, Asset etc
• UML ...
Security Patterns

Example 1
• Single Access Point
• Guard Door

Sergio

An Approach to Formalise Security Patterns

4/ 19
Security Patterns

Sergio

An Approach to Formalise Security Patterns

5/ 19
Security Patterns

Example 2
• Roles
• Group of roles
• Restrict Access

Sergio

An Approach to Formalise Security Pattern...
Formal Methods

Definition
Formal Methods (FM) consist of a set of techniques and tools based
on mathematical modeling and ...
Formalizing Security Patterns

Correct implementation of restrictions and properties
Avoid Threats and bad implementation
...
Petri Nets

Places, Tokens and Arcs
Different Types (Coloured, Temporized )
CPN-Tools
Why Petri Nets ?

Sergio

An Approach...
Study Case

Sender-Receiver example
Microarchitecture example
constraint - the size of the message cannot be longer
than 1...
Structural analysis

Pattern detection through structural analysis
Class diagrams
Send its result to the next step

Sergio...
Structural analysis

Sergio

An Approach to Formalise Security Patterns

12/ 19
Structural analysis

Create a Pattern Model using PADL
Comparison with Real objects - using Java Reflection API
Compare all...
Behavioural analysis

Sergio

An Approach to Formalise Security Patterns

14/ 19
Behavioural Analysis

Create Coloured Petri Net Model by CPN-Tools
Using XML extractor from the .cpn file
Using Classes, In...
Behavioural analysis

Expressions and Attributions

Sergio

An Approach to Formalise Security Patterns

16/ 19
Future Work

Testing with a Real System
Single Access Point, Roles, Session
Evaluate Version with Simulation of Petri Net ...
Future Work

Find the pattern in some complex structure
Petri Net restriction - named places and transitions
Different call...
Acknowledgment

Sergio

An Approach to Formalise Security Patterns

19/ 19
Upcoming SlideShare
Loading in...5
×

Ppap13b.ppt

125

Published on

Security, patterns, detection

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
125
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Ppap13b.ppt"

  1. 1. An Approach to Formalise Security Patterns Luis Sergio da Silva Junior, ´ Ecole Polytechnique de Montr´al e March, 2013 Sergio An Approach to Formalise Security Patterns 1/ 19
  2. 2. Context Software Development • Methods, Techniques and Tools • Reuse • Design Patterns • Security Patterns Sergio An Approach to Formalise Security Patterns 2/ 19
  3. 3. Security Patterns Properties • Group of patterns focused on security context • Threat, Attack, Attacker, Asset etc • UML diagrams • Originally, not formally specified Sergio An Approach to Formalise Security Patterns 3/ 19
  4. 4. Security Patterns Example 1 • Single Access Point • Guard Door Sergio An Approach to Formalise Security Patterns 4/ 19
  5. 5. Security Patterns Sergio An Approach to Formalise Security Patterns 5/ 19
  6. 6. Security Patterns Example 2 • Roles • Group of roles • Restrict Access Sergio An Approach to Formalise Security Patterns 6/ 19
  7. 7. Formal Methods Definition Formal Methods (FM) consist of a set of techniques and tools based on mathematical modeling and formal logic that are used to specify and verify requirements and designs for computer systems and software OCL and extensions Petri Nets ASM others Sergio An Approach to Formalise Security Patterns 7/ 19
  8. 8. Formalizing Security Patterns Correct implementation of restrictions and properties Avoid Threats and bad implementation Security Improvement Sergio An Approach to Formalise Security Patterns 8/ 19
  9. 9. Petri Nets Places, Tokens and Arcs Different Types (Coloured, Temporized ) CPN-Tools Why Petri Nets ? Sergio An Approach to Formalise Security Patterns 9/ 19
  10. 10. Study Case Sender-Receiver example Microarchitecture example constraint - the size of the message cannot be longer than 10 Structural analysis - PADL and Reflection structure Behavioural analysis - Comparison between the pattern and the Petri Net structure Sergio An Approach to Formalise Security Patterns 10/ 19
  11. 11. Structural analysis Pattern detection through structural analysis Class diagrams Send its result to the next step Sergio An Approach to Formalise Security Patterns 11/ 19
  12. 12. Structural analysis Sergio An Approach to Formalise Security Patterns 12/ 19
  13. 13. Structural analysis Create a Pattern Model using PADL Comparison with Real objects - using Java Reflection API Compare all attributes, associations Display accuracy. Sergio An Approach to Formalise Security Patterns 13/ 19
  14. 14. Behavioural analysis Sergio An Approach to Formalise Security Patterns 14/ 19
  15. 15. Behavioural Analysis Create Coloured Petri Net Model by CPN-Tools Using XML extractor from the .cpn file Using Classes, Interfaces to keep the information on Java structure Extract method internal structure from .java file Compare expressions and attributions from the java source code with the Petri net arc inscription. Display accuracy Sergio An Approach to Formalise Security Patterns 15/ 19
  16. 16. Behavioural analysis Expressions and Attributions Sergio An Approach to Formalise Security Patterns 16/ 19
  17. 17. Future Work Testing with a Real System Single Access Point, Roles, Session Evaluate Version with Simulation of Petri Net model More Formal Methods Provide running analysis. Sergio An Approach to Formalise Security Patterns 17/ 19
  18. 18. Future Work Find the pattern in some complex structure Petri Net restriction - named places and transitions Different calls, same idea (length and size) Sergio An Approach to Formalise Security Patterns 18/ 19
  19. 19. Acknowledgment Sergio An Approach to Formalise Security Patterns 19/ 19
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×