SlideShare a Scribd company logo

Information assurance in a world of model driven architecture and service oriented architecture

Download as PPT, PDF
B
bdemchak

This document discusses information assurance (IA) in the context of model driven architecture (MDA) and service oriented architecture (SOA). It notes that MDA and SOA can help address IA needs by enabling loose coupling, interoperability, and other benefits, but capturing and validating non-functional IA requirements like security policies is challenging. The document proposes strategies for discovering, modeling, and validating such requirements across multiple models. Potential research problems are identified around maintaining alignment between models, addressing issues in large distributed systems, and managing policies.

Software
1 of 53
Information Assurance in a World of Model Driven Architecture and Service Oriented Architecture UC San Diego CSE 294 May 30, 2008 Barry Demchak
Motivation  Large scale applications have many stakeholders with diverse needs MDA SOA Application enables models organizes  Loose Coupling  Late Binding  Scalability  Composition  Interoperability  Testability  Malleability  Manageability  Dependability  Incremental development  Multilevel modeling (…UML)  Alignment fidelity  NO GAPS
Motivation  Common concern is Information Assurance  Reliable information delivery to intended parties under appropriate circumstances MDA SOA Application enables models organizes IA needs models organizes
Outline  Motivation  Background  Problem and Strategy  Related Techniques and Analysis  Potential Research Problems  Conclusion
Information Assurance  Availability and integrity  Confidentiality and non-repudiation  Use by proper parties under proper circumstances  Consequence  A large scale system with many stakeholders may become impaired or dangerous if IA is impaired or missing
Information Assurance (cont’d)  Subproblems  Security  Policy  Governance  Data Quality  Digital Rights Management …  Parties  User agents  Data sources  Data intermediaries  Applications  e-Commerce  All commerce  HIPAA  SOX  DoD Authentication and Authorization Infrastructure (AAI)
Authentication Authorization Infrastructure  Allow access to a resource based on characteristics of requestor and action requested  Trust  PDP/PEP  RBAC & Administrative Domains  Policy  Separation of Duties  Separation of Concerns
Authentication Authorization Infrastructure  Grid Systems – “the grid problem”  Campus/Enterprise Systems  Web Services – “the web problem”
Authentication Authorization Infrastructure  Grid Systems – “the grid problem”  Campus/Enterprise Systems  Web Services – “the web problem”
Authentication Authorization Infrastructure  Grid Systems – “the grid problem”  Campus/Enterprise Systems  Web Services – “the web problem”
Model of Hypothetical Unified AAI  ID Providers  Attribute Authorities  Virtual Organizations  Resources  Policies
Model of AAI PEP
SOA Benefits for IA  Crosscutting Concerns  Interoperability and Reuse  Understandability and Maintainability  Configurability at lower risk  Attack detection, secure logging, QOS, performance monitoring, alert generation …  Hierarchical testability and validation  Leverage standards WS-*, DoD, IBM, HP, etc
Model Driven Architecture  Approach that can produce SOAs  Fidelity of alignment between user requirements and application  Multilevel modeling (…UML)  Transformations between models … bidirectional  NO GAPS  Complimentary to SOA  Roles  Interactions  Separation of logical and deployment models  Supports hierarchical development Computation Independent Model Platform Independent Model Platform Specific Model
Rich Services CIM/PIM Process  Agility  Completeness  Scalability  End-to-End  Alignment  No Gaps
Outline  Motivation  Background  Problem and Strategy  Related Techniques and Analysis  Potential Research Problems  Conclusion
The Problem  Using existing MDA approaches, it is hard to:  Capture non-functional AAI requirements  Model AAI in one or multiple models  Validate AAI-provisioned models  Understand effect on deployment models
Strategy  Discover and model non-functional requirements (NFRs)  Trust relationships  Attributes  Security constraints  Policies  Credential Delegations  Validate models  Generate code and deliverables (when possible)  Maintain end-to-end alignment with no gaps
Strategy Discover NFRs Model NFRs Validate Models Deployment
Outline  Motivation  Background  Problem and Strategy  Related Techniques and Analysis  Potential Research Problems  Conclusion
Analysis of Related Techniques  Non-functional Requirements (NFRs)  Trust Management  Constraint Modeling  Quality Assurance  Policy Management
Non-functional Requirements  Cysneiros  Notional and behavioral statements for user- determined symbols  Generate dependency graphs used to discover operational requirements  Sindre  Discovers unwanted behaviors (misuse cases)  Identify triggers, assumptions, preconditions, postconditions, threats, mitigations, and risks  Alexander  Augments UML use case diagrams with negative actors and relationships (threatens, mitigates, aggravates, conflicts with)
Non-functional Requirements  Pros  Discover trust, entitlement, VOs, decision points, SoAs, security goals, threats  Define requirements matching risks and costs  Leads to prioritization of security goals  Cons  Don’t leverage collaboration techniques  Highly manual  Don’t leverage ontologies
Trust Management  Giorgini  Creates privilege and trust model using Secure Tropos tool identifies:  Actors and goals  Service exchanges between actors  Actors who trust other actors or own services  Actors who delegate permission to others  Validates model (completeness/consistency)  Generates policies  Pros  High abstraction level  Produces actionable policies  Cons  Not integrated with UML  Isn’t aware of VOs
Constraint Modeling  Alam  SECTET enables annotation of UML models with security predicates and identifies security principals  Generates policy statements directly  Satoh  Like Alam, but models mechanisms and devices  Juerjens  Annotates like Alam, but generates SPIN/Promela proofs directly  Burt  Identifies policy-governed relationships in UML models … separating policy authorship from functional modeling
Constraint Modeling  Pros  Modeling is performed at high level of abstraction  Covers high level and low level relationships  Clear separation between modeling and deployment  Cons  Limited delegation and separation of duty support  Unaware of administrative domains (VOs)  Unaware of distributed systems and policy distribution concerns
Quality Assurance  Wang  Leverages threat-oriented UML sequence diagrams (SDs) to generate threat traces  Searches execution traces for threats realized  Krüger  Leverages normal model Message Sequence Charts (MSCs) to monitor runtime message sequences  Pros  UML models are leveraged directly for validation  Wang explicitly models threat scenarios  Cons  SDs and MSCs likely to be incomplete  Wang threat trace searching done offline  Detect flow anomalies but not unauthorized access
Policy Management  Dulay  General purpose policy deployment and execution model  Agnostic to policy language or type  Updates, enables, disables policies in distributed environment  Pros  Operates in distributed environment  Cons  Disconnect between functional modeling (PIM) and policy deployment
Outline  Motivation  Background  Problem and Strategy  Related Techniques and Analysis  Potential Research Problems  Conclusion
Potential Research Problems
Potential Research Problems  Alignment  Policy deployment based on models  Automatic bidirectional model transitions (e.g., for use case modeling)  Integrate independent systems (e.g., Secure Tropos) with models
Potential Research Problems  Large System Issues  Introduce collaboration and information fusion to requirements and logical modeling stages  Introduce policy distribution into constraint modeling  Integrate VO repositories into modeling  Model incomplete trust
Potential Research Problems  Policy Issues  Study relationship between policy authorship and functional modeling  Policy enables exogenous application development  Policy amounts to late-bound coding  How to make system guarantees and validations?  What are limits of policy and when should/shouldn’t they be used?  How does author visualize effects of policy execution and arrange consistent deployment?
Conclusion  We discussed  AAI, MDA, and SOA and related them  AAI vis-à-vis large organizations with multiple domains in a hostile environment  Modeling AAI concerns end-to-end  Potential research issues: alignment, large systems, and policy  We believe improvements to MDA can facilitate delivering AAI applications as SOAs, and there are real benefits to doing so
References  L. Cysneiros and J. Leite. Using UML to Reflect Non-Functional Requirements. In procedings of the 11th Annual IBM Centers for Advanced Studies Conference (CASCON), November 2001.  G. Sindre and A. Opdahl. Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10(1):34-44, 2005.  I. Alexander. Initial Industrial Experience of Misuse Cases in Trade-Off. In proceedings of the IEEE Joint International Conference on Requirements Engineering, Essen, Germany, September 2002.  N. Sukaviriya, V. Sinha, T. Ramachandra, and S. Mani. Model-Driven Approach for Managing Human Interface Design Life Cycle. Model Driven Engineering Languages and Systems. Springer-Verlag Berlin Heidelberg, 2007, pp 226-240.  L. Wang, E. Wong, and D. Xu. A Threat Model Driven Approach for Security Testing. In procedings of the Third International Workshop on Software Engineering for Secure Systems (SESS’07), Minneapolis, MN, May 2007.  I. H. Krüger, M. Meisinger, and M. Menarini. Runtime Verification of Interactions: From MSCs to Aspects. in RV 2007, O. Sokolsky and S. Tasiran (Eds.), vol. LNCS, no. 4839, Vancouver, Canada. Springer-Verlag Berlin Heidelberg, Mar. 2007, pp. 63-74.  M. Alam, R. Breu, and M. Hafner. Model-Driven Security Engineering for Trust Management in SECTET. Journal of Software, 2(1), 2007.  F. Satoh, Y. Nakamura, and K. Ono. Adding Authentication to Model Driven Security. In proceedings of the IEEE International Conference on Web Services, Salt Lake City, UT, July 2006.  J. Juerjens. Secure Systems Development with UML. Springer-Verlag Berlin Heidelberg, 2003.  C. Burt, B. Bryant, R. Raje, A. Olson, and M. Auguston. Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control. In proceedings of the 7th IEEE International Enterprise Distributed Object Computing Conference, Brisbane, Australia, Sept. 2003.  N. Dulay, E. Lupu, M. Sloman, and N. Damianou. A Policy Deployment Model for the Ponder Language. In proceedings of the 7th IEEE/IFIP International Symposium on Integrated Network Management, Seattle, WA, May 2001.
Backup Slides  <go back>
Non-functional Requirements  Cysneiros  User-generated symbol (word) system  Notional and behavioral statements for each symbol  Generate dependency graphs  Organize graphs NFR-centric to discover operational requirements  Pros  Discover trust, entitlement, VOs, decision points, SoAs  Improve use cases and logical models  Cons  Highly manual, doesn’t leverage ontologies, doesn’t scale to large collaborations
Non-functional Requirements  Sindre  Discovers unwanted behaviors (misuse cases)  Identify triggers, assumptions, preconditions, postconditions, threats, mitigations, and risks  Pros  Identifies critical assets, security goals, threats  Stimulates analysis  Define requirements matching risks and costs  Leads to prioritization of security goals  Cons  Can be very recursive – analysis paralysis  Doesn’t leverage elicitation or collaboration techniques
Non-functional Requirements  Alexander  Adds negative actors to UML use case diagrams  Adds relationships: threatens, mitigates, aggravates, conflicts with  Pros  Compliments Sindre  Enables less-technical contributors
Non-functional Requirements (Alexander)
Rich Services Architectural PatternFrom tightly to l o o s e l y coupled systems a hierarchically decomposed structure supporting “horizontal” and “vertical” service integration
Rich Services – from UCSD
RESCUE Logical Architecture
Identity Federation  Authenticated on one server ⇒ trusted on others  Standards-based information exchange (SSL, HTTP, SAML, …)  Result: portable identity
Security Attribute Markup Language  XML framework for marshaling security and identity information  Wraps existing security technologies (e.g., XACML)  Describes assertions about subjects  Bindings for SOAP, HTTP redirect, HTTP POST, HTTP artifact, URI  Is not a crypto technology, assertion maintenance protocol, data format, etc.
SAML Assertion Example: Alice can read finance database
SAML Assertion (Query Response) <SAMLQueryResponse> <RequestID>urn:random:32q4schaw983y5982q35yh98q324== <Assertion> <AssertionID>http://www.bizexchange.test/assertion/AE0221 <Issuer>URN:dns-date:www.bizexchange.test:2001-01-03:19283 <ValidityInterval> <NotBefore> <NotOnOrAfter> <Conditions> <Audience>http://www.bizexchange.test/rule_book.html <Claims> <Subject> <NameID>mailto:Alice@bizex.test <Object> <Authority> <Permission>Read <Resource>http://store.carol.test/finance <Role>URN:dns-date:www.bizexchange.test:2001-01-04:right:finance
SAML Assertion (XACML embedded) <TBS-POLICY-QueryResponse> <RequestID>urn:random:zwos43i55098w4tawo3i5j09q== <Assertion> <AssertionID>http://policy.carol.test/assertion/ <Issuer>URN:dns-date:policy.carol.test:2001-03-03:1204 <ValidityInterval> <NotBefore> <NotOnOrAfter> <Claim> <Policy> <Resources> <string>http://store.carol.test/finance <ACL> <ACE> <Subject> <Role>URN:dns-date:www.bizexchange.test:2001-01-04:right:finance <Permit>RWED <ACE> <Deny>ED <Subject> <Right>URN:dns-date:www.bizexchange.test:2001-01-04:right:ops <Permit>R <ACE>
Web Browser Password Access nd Roles { ncrypt { }Establish Identity Enforce Policy {
Shibboleth Application Policy Decision/ Enforcement Point Existing Kerberos, AD, etc Java on Tomcat/Apache C++ on Apache or IIS HTTP headers
Patterns Composite Pattern – Hierarchy (Vertical Integration) Interceptor Pattern Service 1 Service 1.2Service 1.1 Service 1.3 Service 1.3.1 Service 1.3.2 Service 2 Service 2.2Service 2.1 Interceptor Service Message Pattern – Loose Coupling (Horizontal Integration) ⇒ Rich Services (UCSD)
Services and SOA  Loose Coupling  Late Binding  Scalability  Composition  Interoperability  Testability Network Implementation Single Server, Multiple Processes Single Application, Linked Modules Logical Deployment  Malleability  Manageability  Dependability  Incremental development

Recommended

A SURVEY ON TECHNIQUES REQUIREMENTS FOR INTEGRATEING SAFETY AND SECURITY ENGI...
A SURVEY ON TECHNIQUES REQUIREMENTS FOR INTEGRATEING SAFETY AND SECURITY ENGI...A SURVEY ON TECHNIQUES REQUIREMENTS FOR INTEGRATEING SAFETY AND SECURITY ENGI...
A SURVEY ON TECHNIQUES REQUIREMENTS FOR INTEGRATEING SAFETY AND SECURITY ENGI...
IJCSES Journal
 
Developing secure software using Aspect oriented programming
Developing secure software using Aspect oriented programmingDeveloping secure software using Aspect oriented programming
Developing secure software using Aspect oriented programming
IOSR Journals
 
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
IJNSA Journal
 
security evaluation of pattern classifiers under attack
security evaluation of pattern classifiers under attacksecurity evaluation of pattern classifiers under attack
security evaluation of pattern classifiers under attack
swathi78
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the Cloud
PaaSword EU Project
 
Open group spc rosenthal v3
Open group spc rosenthal v3Open group spc rosenthal v3
Open group spc rosenthal v3
City of Toronto
 
Systems Engineering for Sustainable Development Goals
Systems Engineering for Sustainable Development GoalsSystems Engineering for Sustainable Development Goals
Systems Engineering for Sustainable Development Goals
Michael Zargham
 
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
Spark Security
 

Recommended

A SURVEY ON TECHNIQUES REQUIREMENTS FOR INTEGRATEING SAFETY AND SECURITY ENGI...
A SURVEY ON TECHNIQUES REQUIREMENTS FOR INTEGRATEING SAFETY AND SECURITY ENGI...A SURVEY ON TECHNIQUES REQUIREMENTS FOR INTEGRATEING SAFETY AND SECURITY ENGI...
A SURVEY ON TECHNIQUES REQUIREMENTS FOR INTEGRATEING SAFETY AND SECURITY ENGI...
IJCSES Journal
 
Developing secure software using Aspect oriented programming
Developing secure software using Aspect oriented programmingDeveloping secure software using Aspect oriented programming
Developing secure software using Aspect oriented programming
IOSR Journals
 
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
INFORMATION AND COMMUNICATION SECURITY MECHANISMS FOR MICROSERVICES-BASED SYS...
IJNSA Journal
 
security evaluation of pattern classifiers under attack
security evaluation of pattern classifiers under attacksecurity evaluation of pattern classifiers under attack
security evaluation of pattern classifiers under attack
swathi78
 
A Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the CloudA Survey on Context Security Policies in the Cloud
A Survey on Context Security Policies in the Cloud
PaaSword EU Project
 
Open group spc rosenthal v3
Open group spc rosenthal v3Open group spc rosenthal v3
Open group spc rosenthal v3
City of Toronto
 
Systems Engineering for Sustainable Development Goals
Systems Engineering for Sustainable Development GoalsSystems Engineering for Sustainable Development Goals
Systems Engineering for Sustainable Development Goals
Michael Zargham
 
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
Spark Security
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
Mark Curphey
 
AI model security.pdf
AI model security.pdfAI model security.pdf
AI model security.pdf
StephenAmell4
 
SOA Security Model For EAI
SOA Security Model For EAISOA Security Model For EAI
SOA Security Model For EAI
vivekjv
 
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...
Shakas Technologies
 
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
cscpconf
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
Mel Drews
 
Security Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and VerificationSecurity Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and Verification
Hironori Washizaki
 
The Challenges Of, And Advantages In, Establishing A Consistent Architectural...
The Challenges Of, And Advantages In, Establishing A Consistent Architectural...The Challenges Of, And Advantages In, Establishing A Consistent Architectural...
The Challenges Of, And Advantages In, Establishing A Consistent Architectural...
Tim Eyres
 
A Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise CloudA Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise Cloud
Jeff Nelson
 
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
cscpconf
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Marco Morana
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
Mark J. Feldman
 
09 introduction to_modeling
09 introduction to_modeling09 introduction to_modeling
09 introduction to_modeling
Majong DevJfu
 
14 analysis techniques
14 analysis techniques14 analysis techniques
14 analysis techniques
Majong DevJfu
 
Responsible Machine Learning
Responsible Machine LearningResponsible Machine Learning
Responsible Machine Learning
Eng Teong Cheah
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
healdkathaleen
 
Cloud computingsec p3
Cloud computingsec p3Cloud computingsec p3
Cloud computingsec p3
Cesar Schmitzhaus
 
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...
Agile Testing Alliance
 
Delivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic ApplicationsDelivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic Applications
Nathaniel Palmer
 
Delivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic ApplicationsDelivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic Applications
Nathaniel Palmer
 
Cytoscape Network Visualization and Analysis
Cytoscape Network Visualization and AnalysisCytoscape Network Visualization and Analysis
Cytoscape Network Visualization and Analysis
bdemchak
 
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
bdemchak
 

More Related Content

Similar to Information assurance in a world of model driven architecture and service oriented architecture

Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
Mark Curphey
 
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
cscpconf
 
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
cscpconf
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Marco Morana
 
09 introduction to_modeling
09 introduction to_modeling09 introduction to_modeling
09 introduction to_modeling
Majong DevJfu
 
14 analysis techniques
14 analysis techniques14 analysis techniques
14 analysis techniques
Majong DevJfu
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
healdkathaleen
 
Delivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic ApplicationsDelivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic Applications
Nathaniel Palmer
 
Delivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic ApplicationsDelivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic Applications
Nathaniel Palmer
 

Similar to Information assurance in a world of model driven architecture and service oriented architecture (20)

Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
 
AI model security.pdf
AI model security.pdfAI model security.pdf
AI model security.pdf
 
SOA Security Model For EAI
SOA Security Model For EAISOA Security Model For EAI
SOA Security Model For EAI
 
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...
Comparative Analysis of Intrusion Detection Systems and Machine Learning-Base...
 
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
DEPENDABLE PRIVACY REQUIREMENTS BY AGILE MODELED LAYERED SECURITY ARCHITECTUR...
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
Security Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and VerificationSecurity Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and Verification
 
The Challenges Of, And Advantages In, Establishing A Consistent Architectural...
The Challenges Of, And Advantages In, Establishing A Consistent Architectural...The Challenges Of, And Advantages In, Establishing A Consistent Architectural...
The Challenges Of, And Advantages In, Establishing A Consistent Architectural...
 
A Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise CloudA Resiliency Framework For An Enterprise Cloud
A Resiliency Framework For An Enterprise Cloud
 
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
II Security At Microsoft
II Security At MicrosoftII Security At Microsoft
II Security At Microsoft
 
09 introduction to_modeling
09 introduction to_modeling09 introduction to_modeling
09 introduction to_modeling
 
14 analysis techniques
14 analysis techniques14 analysis techniques
14 analysis techniques
 
Responsible Machine Learning
Responsible Machine LearningResponsible Machine Learning
Responsible Machine Learning
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
Cloud computingsec p3
Cloud computingsec p3Cloud computingsec p3
Cloud computingsec p3
 
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...
 
Delivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic ApplicationsDelivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic Applications
 
Delivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic ApplicationsDelivering Process-Driven, Dynamic Applications
Delivering Process-Driven, Dynamic Applications
 

More from bdemchak

The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
bdemchak
 
No More Silos! Cytoscape CI Enables Interoperability
No More Silos! Cytoscape CI Enables InteroperabilityNo More Silos! Cytoscape CI Enables Interoperability
No More Silos! Cytoscape CI Enables Interoperability
bdemchak
 

More from bdemchak (20)

Cytoscape Network Visualization and Analysis
Cytoscape Network Visualization and AnalysisCytoscape Network Visualization and Analysis
Cytoscape Network Visualization and Analysis
 
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
The New CyREST: Economical Delivery of Complex, Reproducible Network Biology ...
 
Cytoscape Cyberinfrastructure
Cytoscape CyberinfrastructureCytoscape Cyberinfrastructure
Cytoscape Cyberinfrastructure
 
No More Silos! Cytoscape CI Enables Interoperability
No More Silos! Cytoscape CI Enables InteroperabilityNo More Silos! Cytoscape CI Enables Interoperability
No More Silos! Cytoscape CI Enables Interoperability
 
Cytoscape CI Chapter 2
Cytoscape CI Chapter 2Cytoscape CI Chapter 2
Cytoscape CI Chapter 2
 
Composable Chat Introduction
Composable Chat IntroductionComposable Chat Introduction
Composable Chat Introduction
 
Rich Services: Composable chat
Rich Services: Composable chatRich Services: Composable chat
Rich Services: Composable chat
 
Ucsd tum workshop bd
Ucsd tum workshop bdUcsd tum workshop bd
Ucsd tum workshop bd
 
Rich Feeds for RESCUE and PALMS
Rich Feeds for RESCUE and PALMSRich Feeds for RESCUE and PALMS
Rich Feeds for RESCUE and PALMS
 
Iscram 2008 presentation
Iscram 2008 presentationIscram 2008 presentation
Iscram 2008 presentation
 
Rich feeds policy, the cloud, and CAP
Rich feeds policy, the cloud, and CAPRich feeds policy, the cloud, and CAP
Rich feeds policy, the cloud, and CAP
 
Rich services to the Rescue
Rich services to the RescueRich services to the Rescue
Rich services to the Rescue
 
Hicss 2012 presentation
Hicss 2012 presentationHicss 2012 presentation
Hicss 2012 presentation
 
Policy 2012 presentation
Policy 2012 presentationPolicy 2012 presentation
Policy 2012 presentation
 
Rich feeds for rescue an integration story
Rich feeds for rescue an integration storyRich feeds for rescue an integration story
Rich feeds for rescue an integration story
 
Background scenario drivers and critical issues with a focus on technology ...
Background scenario drivers and critical issues with a focus on technology ...Background scenario drivers and critical issues with a focus on technology ...
Background scenario drivers and critical issues with a focus on technology ...
 
Rich feeds for rescue, palms cyberinfrastructure integration stories
Rich feeds for rescue, palms cyberinfrastructure integration storiesRich feeds for rescue, palms cyberinfrastructure integration stories
Rich feeds for rescue, palms cyberinfrastructure integration stories
 
Data quality and uncertainty visualization
Data quality and uncertainty visualizationData quality and uncertainty visualization
Data quality and uncertainty visualization
 
Web programming in clojure
Web programming in clojureWeb programming in clojure
Web programming in clojure
 
Structure and interpretation of computer programs modularity, objects, and ...
Structure and interpretation of computer programs modularity, objects, and ...Structure and interpretation of computer programs modularity, objects, and ...
Structure and interpretation of computer programs modularity, objects, and ...
 

Recently uploaded

Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 

Recently uploaded (20)

Designing for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web ServicesDesigning for Privacy in Amazon Web Services
Designing for Privacy in Amazon Web Services
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Studiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting softwareStudiovity film pre-production and screenwriting software
Studiovity film pre-production and screenwriting software
 
Breaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdfBreaking the Code : A Guide to WhatsApp Business API.pdf
Breaking the Code : A Guide to WhatsApp Business API.pdf
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
De mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FMEDe mooiste recreatieve routes ontdekken met RouteYou en FME
De mooiste recreatieve routes ontdekken met RouteYou en FME
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
AI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning FrameworkAI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning Framework
 
SOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar Research Team: Latest Activities of IntelBroker
SOCRadar Research Team: Latest Activities of IntelBroker
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Using IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New ZealandUsing IESVE for Room Loads Analysis - Australia & New Zealand
Using IESVE for Room Loads Analysis - Australia & New Zealand
 
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERROR
 

Information assurance in a world of model driven architecture and service oriented architecture

  • 1. Information Assurance in a World of Model Driven Architecture and Service Oriented Architecture UC San Diego CSE 294 May 30, 2008 Barry Demchak
  • 2. Motivation  Large scale applications have many stakeholders with diverse needs MDA SOA Application enables models organizes  Loose Coupling  Late Binding  Scalability  Composition  Interoperability  Testability  Malleability  Manageability  Dependability  Incremental development  Multilevel modeling (…UML)  Alignment fidelity  NO GAPS
  • 3. Motivation  Common concern is Information Assurance  Reliable information delivery to intended parties under appropriate circumstances MDA SOA Application enables models organizes IA needs models organizes
  • 4. Outline  Motivation  Background  Problem and Strategy  Related Techniques and Analysis  Potential Research Problems  Conclusion
  • 5. Information Assurance  Availability and integrity  Confidentiality and non-repudiation  Use by proper parties under proper circumstances  Consequence  A large scale system with many stakeholders may become impaired or dangerous if IA is impaired or missing
  • 6. Information Assurance (cont’d)  Subproblems  Security  Policy  Governance  Data Quality  Digital Rights Management …  Parties  User agents  Data sources  Data intermediaries  Applications  e-Commerce  All commerce  HIPAA  SOX  DoD Authentication and Authorization Infrastructure (AAI)
  • 7. Authentication Authorization Infrastructure  Allow access to a resource based on characteristics of requestor and action requested  Trust  PDP/PEP  RBAC & Administrative Domains  Policy  Separation of Duties  Separation of Concerns
  • 8. Authentication Authorization Infrastructure  Grid Systems – “the grid problem”  Campus/Enterprise Systems  Web Services – “the web problem”
  • 9. Authentication Authorization Infrastructure  Grid Systems – “the grid problem”  Campus/Enterprise Systems  Web Services – “the web problem”
  • 10. Authentication Authorization Infrastructure  Grid Systems – “the grid problem”  Campus/Enterprise Systems  Web Services – “the web problem”
  • 11. Model of Hypothetical Unified AAI  ID Providers  Attribute Authorities  Virtual Organizations  Resources  Policies
  • 13. SOA Benefits for IA  Crosscutting Concerns  Interoperability and Reuse  Understandability and Maintainability  Configurability at lower risk  Attack detection, secure logging, QOS, performance monitoring, alert generation …  Hierarchical testability and validation  Leverage standards WS-*, DoD, IBM, HP, etc
  • 14. Model Driven Architecture  Approach that can produce SOAs  Fidelity of alignment between user requirements and application  Multilevel modeling (…UML)  Transformations between models … bidirectional  NO GAPS  Complimentary to SOA  Roles  Interactions  Separation of logical and deployment models  Supports hierarchical development Computation Independent Model Platform Independent Model Platform Specific Model
  • 15. Rich Services CIM/PIM Process  Agility  Completeness  Scalability  End-to-End  Alignment  No Gaps
  • 16. Outline  Motivation  Background  Problem and Strategy  Related Techniques and Analysis  Potential Research Problems  Conclusion
  • 17. The Problem  Using existing MDA approaches, it is hard to:  Capture non-functional AAI requirements  Model AAI in one or multiple models  Validate AAI-provisioned models  Understand effect on deployment models
  • 18. Strategy  Discover and model non-functional requirements (NFRs)  Trust relationships  Attributes  Security constraints  Policies  Credential Delegations  Validate models  Generate code and deliverables (when possible)  Maintain end-to-end alignment with no gaps
  • 19. Strategy Discover NFRs Model NFRs Validate Models Deployment
  • 20. Outline  Motivation  Background  Problem and Strategy  Related Techniques and Analysis  Potential Research Problems  Conclusion
  • 21. Analysis of Related Techniques  Non-functional Requirements (NFRs)  Trust Management  Constraint Modeling  Quality Assurance  Policy Management
  • 22. Non-functional Requirements  Cysneiros  Notional and behavioral statements for user- determined symbols  Generate dependency graphs used to discover operational requirements  Sindre  Discovers unwanted behaviors (misuse cases)  Identify triggers, assumptions, preconditions, postconditions, threats, mitigations, and risks  Alexander  Augments UML use case diagrams with negative actors and relationships (threatens, mitigates, aggravates, conflicts with)
  • 23. Non-functional Requirements  Pros  Discover trust, entitlement, VOs, decision points, SoAs, security goals, threats  Define requirements matching risks and costs  Leads to prioritization of security goals  Cons  Don’t leverage collaboration techniques  Highly manual  Don’t leverage ontologies
  • 24. Trust Management  Giorgini  Creates privilege and trust model using Secure Tropos tool identifies:  Actors and goals  Service exchanges between actors  Actors who trust other actors or own services  Actors who delegate permission to others  Validates model (completeness/consistency)  Generates policies  Pros  High abstraction level  Produces actionable policies  Cons  Not integrated with UML  Isn’t aware of VOs
  • 25. Constraint Modeling  Alam  SECTET enables annotation of UML models with security predicates and identifies security principals  Generates policy statements directly  Satoh  Like Alam, but models mechanisms and devices  Juerjens  Annotates like Alam, but generates SPIN/Promela proofs directly  Burt  Identifies policy-governed relationships in UML models … separating policy authorship from functional modeling
  • 26. Constraint Modeling  Pros  Modeling is performed at high level of abstraction  Covers high level and low level relationships  Clear separation between modeling and deployment  Cons  Limited delegation and separation of duty support  Unaware of administrative domains (VOs)  Unaware of distributed systems and policy distribution concerns
  • 27. Quality Assurance  Wang  Leverages threat-oriented UML sequence diagrams (SDs) to generate threat traces  Searches execution traces for threats realized  Krüger  Leverages normal model Message Sequence Charts (MSCs) to monitor runtime message sequences  Pros  UML models are leveraged directly for validation  Wang explicitly models threat scenarios  Cons  SDs and MSCs likely to be incomplete  Wang threat trace searching done offline  Detect flow anomalies but not unauthorized access
  • 28. Policy Management  Dulay  General purpose policy deployment and execution model  Agnostic to policy language or type  Updates, enables, disables policies in distributed environment  Pros  Operates in distributed environment  Cons  Disconnect between functional modeling (PIM) and policy deployment
  • 29. Outline  Motivation  Background  Problem and Strategy  Related Techniques and Analysis  Potential Research Problems  Conclusion
  • 31. Potential Research Problems  Alignment  Policy deployment based on models  Automatic bidirectional model transitions (e.g., for use case modeling)  Integrate independent systems (e.g., Secure Tropos) with models
  • 32. Potential Research Problems  Large System Issues  Introduce collaboration and information fusion to requirements and logical modeling stages  Introduce policy distribution into constraint modeling  Integrate VO repositories into modeling  Model incomplete trust
  • 33. Potential Research Problems  Policy Issues  Study relationship between policy authorship and functional modeling  Policy enables exogenous application development  Policy amounts to late-bound coding  How to make system guarantees and validations?  What are limits of policy and when should/shouldn’t they be used?  How does author visualize effects of policy execution and arrange consistent deployment?
  • 34. Conclusion  We discussed  AAI, MDA, and SOA and related them  AAI vis-à-vis large organizations with multiple domains in a hostile environment  Modeling AAI concerns end-to-end  Potential research issues: alignment, large systems, and policy  We believe improvements to MDA can facilitate delivering AAI applications as SOAs, and there are real benefits to doing so
  • 35. References  L. Cysneiros and J. Leite. Using UML to Reflect Non-Functional Requirements. In procedings of the 11th Annual IBM Centers for Advanced Studies Conference (CASCON), November 2001.  G. Sindre and A. Opdahl. Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10(1):34-44, 2005.  I. Alexander. Initial Industrial Experience of Misuse Cases in Trade-Off. In proceedings of the IEEE Joint International Conference on Requirements Engineering, Essen, Germany, September 2002.  N. Sukaviriya, V. Sinha, T. Ramachandra, and S. Mani. Model-Driven Approach for Managing Human Interface Design Life Cycle. Model Driven Engineering Languages and Systems. Springer-Verlag Berlin Heidelberg, 2007, pp 226-240.  L. Wang, E. Wong, and D. Xu. A Threat Model Driven Approach for Security Testing. In procedings of the Third International Workshop on Software Engineering for Secure Systems (SESS’07), Minneapolis, MN, May 2007.  I. H. Krüger, M. Meisinger, and M. Menarini. Runtime Verification of Interactions: From MSCs to Aspects. in RV 2007, O. Sokolsky and S. Tasiran (Eds.), vol. LNCS, no. 4839, Vancouver, Canada. Springer-Verlag Berlin Heidelberg, Mar. 2007, pp. 63-74.  M. Alam, R. Breu, and M. Hafner. Model-Driven Security Engineering for Trust Management in SECTET. Journal of Software, 2(1), 2007.  F. Satoh, Y. Nakamura, and K. Ono. Adding Authentication to Model Driven Security. In proceedings of the IEEE International Conference on Web Services, Salt Lake City, UT, July 2006.  J. Juerjens. Secure Systems Development with UML. Springer-Verlag Berlin Heidelberg, 2003.  C. Burt, B. Bryant, R. Raje, A. Olson, and M. Auguston. Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control. In proceedings of the 7th IEEE International Enterprise Distributed Object Computing Conference, Brisbane, Australia, Sept. 2003.  N. Dulay, E. Lupu, M. Sloman, and N. Damianou. A Policy Deployment Model for the Ponder Language. In proceedings of the 7th IEEE/IFIP International Symposium on Integrated Network Management, Seattle, WA, May 2001.
  • 37.
  • 38. Non-functional Requirements  Cysneiros  User-generated symbol (word) system  Notional and behavioral statements for each symbol  Generate dependency graphs  Organize graphs NFR-centric to discover operational requirements  Pros  Discover trust, entitlement, VOs, decision points, SoAs  Improve use cases and logical models  Cons  Highly manual, doesn’t leverage ontologies, doesn’t scale to large collaborations
  • 39. Non-functional Requirements  Sindre  Discovers unwanted behaviors (misuse cases)  Identify triggers, assumptions, preconditions, postconditions, threats, mitigations, and risks  Pros  Identifies critical assets, security goals, threats  Stimulates analysis  Define requirements matching risks and costs  Leads to prioritization of security goals  Cons  Can be very recursive – analysis paralysis  Doesn’t leverage elicitation or collaboration techniques
  • 40. Non-functional Requirements  Alexander  Adds negative actors to UML use case diagrams  Adds relationships: threatens, mitigates, aggravates, conflicts with  Pros  Compliments Sindre  Enables less-technical contributors
  • 42. Rich Services Architectural PatternFrom tightly to l o o s e l y coupled systems a hierarchically decomposed structure supporting “horizontal” and “vertical” service integration
  • 43. Rich Services – from UCSD
  • 45. Identity Federation  Authenticated on one server ⇒ trusted on others  Standards-based information exchange (SSL, HTTP, SAML, …)  Result: portable identity
  • 46. Security Attribute Markup Language  XML framework for marshaling security and identity information  Wraps existing security technologies (e.g., XACML)  Describes assertions about subjects  Bindings for SOAP, HTTP redirect, HTTP POST, HTTP artifact, URI  Is not a crypto technology, assertion maintenance protocol, data format, etc.
  • 47. SAML Assertion Example: Alice can read finance database
  • 48. SAML Assertion (Query Response) <SAMLQueryResponse> <RequestID>urn:random:32q4schaw983y5982q35yh98q324== <Assertion> <AssertionID>http://www.bizexchange.test/assertion/AE0221 <Issuer>URN:dns-date:www.bizexchange.test:2001-01-03:19283 <ValidityInterval> <NotBefore> <NotOnOrAfter> <Conditions> <Audience>http://www.bizexchange.test/rule_book.html <Claims> <Subject> <NameID>mailto:Alice@bizex.test <Object> <Authority> <Permission>Read <Resource>http://store.carol.test/finance <Role>URN:dns-date:www.bizexchange.test:2001-01-04:right:finance
  • 49. SAML Assertion (XACML embedded) <TBS-POLICY-QueryResponse> <RequestID>urn:random:zwos43i55098w4tawo3i5j09q== <Assertion> <AssertionID>http://policy.carol.test/assertion/ <Issuer>URN:dns-date:policy.carol.test:2001-03-03:1204 <ValidityInterval> <NotBefore> <NotOnOrAfter> <Claim> <Policy> <Resources> <string>http://store.carol.test/finance <ACL> <ACE> <Subject> <Role>URN:dns-date:www.bizexchange.test:2001-01-04:right:finance <Permit>RWED <ACE> <Deny>ED <Subject> <Right>URN:dns-date:www.bizexchange.test:2001-01-04:right:ops <Permit>R <ACE>
  • 50. Web Browser Password Access nd Roles { ncrypt { }Establish Identity Enforce Policy {
  • 51. Shibboleth Application Policy Decision/ Enforcement Point Existing Kerberos, AD, etc Java on Tomcat/Apache C++ on Apache or IIS HTTP headers
  • 52. Patterns Composite Pattern – Hierarchy (Vertical Integration) Interceptor Pattern Service 1 Service 1.2Service 1.1 Service 1.3 Service 1.3.1 Service 1.3.2 Service 2 Service 2.2Service 2.1 Interceptor Service Message Pattern – Loose Coupling (Horizontal Integration) ⇒ Rich Services (UCSD)
  • 53. Services and SOA  Loose Coupling  Late Binding  Scalability  Composition  Interoperability  Testability Network Implementation Single Server, Multiple Processes Single Application, Linked Modules Logical Deployment  Malleability  Manageability  Dependability  Incremental development

Editor's Notes

  1. Paper: 2001 …. Ian Foster et al (Carl Kesselman, Steven Tuecke) … The Anatomy of a Grid Coordinated resource sharing (highly controlled) Resources controlled by resource providers Dynamic, multi-institutional VOs Consumers clearly identified … portals, etc Resources owners define what is shared, with whom, and conditions Single Signon (SSO) Resource access via Globus Toolkit, et al … supports credential delegation
  2. Resources as web applications over HTTP Temporal SSO (via Shibboleth [Internet2]) Emerging credential delegation standards VOs via Grouper and Signet [Internet2]
  3. Service discovery via WSDL and UDDI Dynamicism raises bilateral trust issue No common concept of VOs
  4. Cysneiros example: A *user* is authenticated by campus Shib authority. A *user* is trusted.
  5. Alignment Large System Issues Policy Issues
  6. &amp;lt;number&amp;gt;