Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Resear...
Agenda <ul><ul><li>Security DSML overview </li></ul></ul><ul><ul><li>Introduction </li></ul></ul><ul><ul><li>Context and r...
Security DMSL Overview <ul><ul><li>Context </li></ul></ul><ul><ul><ul><li>Critical Information System engineering  in an i...
Introduction <ul><ul><li>Critical system engineering </li></ul></ul><ul><ul><ul><li>Involves  multiple teams  </li></ul></...
Context and rationale <ul><ul><li>Stake of risk mitigation </li></ul></ul><ul><ul><ul><li>Find the right trade-off between...
Enhancing system security methods System  design  models Security analysis model Real world System definition Security & R...
Objectives of the enhancement <ul><li>Objective1:   To optimize the qualification  </li></ul><ul><li>of the risks  </li></...
Overall process and actors of secure system engineering  <ul><ul><li>Before models </li></ul></ul>System  engineering proc...
Overall process and actors of secure system engineering  <ul><ul><li>Target </li></ul></ul>System  engineering process Sec...
Model-driven architecting environment Technical space System space Business space  Strategic space Computation independent...
Security DSL task: interactions & workflow
Security DSL: problematic <ul><li>GOAL:   Rapidly p rototype  a  DSL  allowing the   support of   finer grain ,  more   fo...
The risk-related meta-model Security DSL
Linking architecture to risk analysis meta-model Security DSL
Resulting Security DSL Tool
Comparison to existing work <ul><ul><li>Focus of the research community on  </li></ul></ul><ul><ul><ul><li>Attack scenario...
CURRENT STATUS <ul><ul><li>a first iteration of work, in the context of a longer-term research work that aims at developin...
PERSPECTIVES <ul><ul><li>Enhancing the security analysis DSML in several areas </li></ul></ul><ul><ul><ul><li>refinement o...
Upcoming SlideShare
Loading in...5
×

Security DSL Toward model-based security engineering ...

547

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
547
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • N.B.: although a standard clearly defines the terms « architecture view » and « architecture viewpoints », view and viewpoints are still used today with varied meanings. E.g. RUP-SE defines views as combining a viewpoint and a model level; DoDAF confuses views with viewpoints. Views also encompass very different granularities; e.g. DoDAF views are large-scope models (only 4 views for an entire architecture) composed of many distinct products, while RUP-SE views correspond to a small set of UML diagram types. TOGAF 8.1: In capturing or representing the design of a system architecture, the architect will typically create one or more architecture models , possibly using different tools. A view will comprise selected parts of one or more models, chosen so as to demonstrate to a particular stakeholder or group of stakeholders that their concerns are being adequately addressed in the design of the system architecture.
  • Security DSL Toward model-based security engineering ...

    1. 1. Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research & Technology Security DSL
    2. 2. Agenda <ul><ul><li>Security DSML overview </li></ul></ul><ul><ul><li>Introduction </li></ul></ul><ul><ul><li>Context and rationale </li></ul></ul><ul><ul><li>The prototype security DMSL </li></ul></ul><ul><ul><li>Status and perspective </li></ul></ul>Security DSL
    3. 3. Security DMSL Overview <ul><ul><li>Context </li></ul></ul><ul><ul><ul><li>Critical Information System engineering in an industrial environment </li></ul></ul></ul><ul><ul><li>New method to support the security risk analysis </li></ul></ul><ul><ul><li>Based upon Model-based engineering techniques </li></ul></ul><ul><ul><ul><li> Security Domain Specific Modelling Language (DMSL) </li></ul></ul></ul><ul><ul><li>Security DMSL supports </li></ul></ul><ul><ul><ul><li>Analysis and assessment of security risks for a system </li></ul></ul></ul><ul><ul><ul><li>Specification of security requirements </li></ul></ul></ul><ul><ul><li>Technology Readiness Level </li></ul></ul><ul><ul><ul><li>prototype </li></ul></ul></ul>Security DSL
    4. 4. Introduction <ul><ul><li>Critical system engineering </li></ul></ul><ul><ul><ul><li>Involves multiple teams </li></ul></ul></ul><ul><ul><ul><li> capture, articulation, trade-off and reconciliation between multiple viewpoints over a system architectural design </li></ul></ul></ul><ul><ul><ul><li> System security engineering as a viewpoint </li></ul></ul></ul><ul><ul><li>Enhancement of traditional security risk analysis </li></ul></ul><ul><ul><ul><li>methodologies based on modelling techniques </li></ul></ul></ul><ul><ul><ul><li>that will allow leveraging detailed knowledge of the targeted system </li></ul></ul></ul><ul><ul><ul><ul><li>in close integration with the mainstream system engineering process, </li></ul></ul></ul></ul><ul><ul><ul><li>and developing fine grain analyses of the actual risks at stake . </li></ul></ul></ul>Security DSL
    5. 5. Context and rationale <ul><ul><li>Stake of risk mitigation </li></ul></ul><ul><ul><ul><li>Find the right trade-off between risk coverage and costs </li></ul></ul></ul><ul><ul><li>State of the art </li></ul></ul><ul><ul><ul><li>Traditional security risk analysis </li></ul></ul></ul><ul><ul><ul><ul><li>EBIOS, Mehari, Octave, etc. </li></ul></ul></ul></ul><ul><ul><ul><ul><li>based on tables, ie loosing the fine-grained view of the architecture </li></ul></ul></ul></ul>Security DSL <ul><ul><li>Critical systems security engineering methodology </li></ul></ul>Within the scope of current Security DSL Out of the scope of current Security DSL
    6. 6. Enhancing system security methods System design models Security analysis model Real world System definition Security & Risks analysis (several system definition viewpoints) Governance <ul><li>ADVANTAGES </li></ul><ul><li>Toward a close integration of security analysis and system model </li></ul><ul><ul><li>Provides a management view </li></ul></ul><ul><ul><li>Manages finer grain analyses </li></ul></ul>
    7. 7. Objectives of the enhancement <ul><li>Objective1: To optimize the qualification </li></ul><ul><li>of the risks </li></ul><ul><li>and the specification of security requirements </li></ul><ul><li>and related security costs, </li></ul><ul><li>Objective 2: To optimize the quality and the productivity of security engineering </li></ul><ul><li>by capitalizing on data from one study to the next, </li></ul><ul><li>by proceeding to automatic calculation and consistency checking. </li></ul><ul><li>Objective 3: To optimize the quality and the productivity of security engineering </li></ul><ul><li>by sharing common models of the system between system design and security analysis </li></ul><ul><li>and thus by working on synchronized and consistent models of the system throughout the design process. </li></ul>Security DSL
    8. 8. Overall process and actors of secure system engineering <ul><ul><li>Before models </li></ul></ul>System engineering process Security analysis process System security design process System architect Security architect Security analyst Strategic & business analysis process End user, Customer, Executive Risk analysis Security requirements Business needs Security design System architecture Reference security typologies System models
    9. 9. Overall process and actors of secure system engineering <ul><ul><li>Target </li></ul></ul>System engineering process Security analysis process System security design process System architect Security architect Security analyst Reference security librairies Strategic & business analysis process End user, Customer, Executive System architecture model Risk analysis and security requirements model Business need model
    10. 10. Model-driven architecting environment Technical space System space Business space Strategic space Computation independent models of the business operational need Technology independent models of the overall solution architecture Technology-specific models of the IT integration solution Business motivation models, capability plan & drivers <ul><li>Domain Specific Language = a typically small language, designed for a particular domain </li></ul><ul><ul><li>higher degree of closeness to specific domain concepts </li></ul></ul><ul><ul><li>abstract away from technology / implementation details </li></ul></ul><ul><ul><li>complexity encapsulation </li></ul></ul><ul><ul><li>domain experts able to understand , validate , develop DSL programs to model their specific domain problems </li></ul></ul><ul><ul><li>increase productivity of domain engineers </li></ul></ul>SoS architectural analysis and design Business process analysis & design SoS architectural technical design Time performance engineering Management engineering Security engineering
    11. 11. Security DSL task: interactions & workflow
    12. 12. Security DSL: problematic <ul><li>GOAL: Rapidly p rototype a DSL allowing the support of finer grain , more formal security analyses that exploit formalized system architecture descriptions . </li></ul>
    13. 13. The risk-related meta-model Security DSL
    14. 14. Linking architecture to risk analysis meta-model Security DSL
    15. 15. Resulting Security DSL Tool
    16. 16. Comparison to existing work <ul><ul><li>Focus of the research community on </li></ul></ul><ul><ul><ul><li>Attack scenarios, vulnerability cause graphs, use and misuse cases, attack trees </li></ul></ul></ul><ul><ul><ul><li>Complementary to our work </li></ul></ul></ul><ul><ul><li>CORAS </li></ul></ul><ul><ul><ul><li>supporting brainstorm sessions between security analysis stakeholders </li></ul></ul></ul><ul><ul><ul><li>does not investigate the integration of the security risk analysis process with the system engineering process </li></ul></ul></ul>Security DSL
    17. 17. CURRENT STATUS <ul><ul><li>a first iteration of work, in the context of a longer-term research work that aims at developing an enhanced model-based method for the security engineering of critical information systems </li></ul></ul><ul><ul><li>Proof-of-concept prototype </li></ul></ul><ul><ul><ul><li>focus on scoping and capturing a relevant meta-model </li></ul></ul></ul><ul><ul><ul><li>rather than on developing high-quality diagrammatic notations and tooling -> ergonomics and usability to be enhanced </li></ul></ul></ul>Security DSL
    18. 18. PERSPECTIVES <ul><ul><li>Enhancing the security analysis DSML in several areas </li></ul></ul><ul><ul><ul><li>refinement of the stakes / needs / damages model for a more precise computation of risk severity </li></ul></ul></ul><ul><ul><li>Including automated computation formula and consistency checking rules </li></ul></ul><ul><ul><li>Integration of the DSML with our system modelling framework </li></ul></ul><ul><ul><ul><li>support to multi-disciplinary engineering </li></ul></ul></ul><ul><ul><ul><li>heterogeneous modelling viewpoint integration </li></ul></ul></ul><ul><ul><li>Complementing our risk analysis DSML with modelling and tools </li></ul></ul><ul><ul><ul><li>for supporting security solutions design and verification, thus extending our scope to fully address our model-based security engineering target </li></ul></ul></ul>Security DSL
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×