The document summarizes Phu Hong Nguyen's PhD defence on September 10th, 2015 at the University of Luxembourg. The defence addressed model-driven security approaches for engineering secure software systems with a focus on modularity and reusability. The committee included Dr. Yves Le Traon as supervisor and Dr. Pierre Kelsen as chair. The defence summarized an extensive literature review on model-driven security and proposed two approaches: 1) model-driven security with modularity for dynamic adaptation and 2) model-driven security with reusability using a system of security design patterns.
This are the slides of the keynote talk I gave at CBMI 2019 (on September 4, 2019 in Dublin, Ireland) about the Video Browser Showdown (VBS) competition.
UTC is well-known for producing multi-facet, wide-ranging engineers. They can be top-notch technically or
skilful managers, or a mix of both – this is largely due to the cursus structure, with its 6 elective majors
and 24 optional specialties that opens the way to innumerable professional opportunities. That is why there
is no stereotype profile for a UTC graduate … This month’s ‘dossier’ looks at this rich diversity and invites
the students to tell us how they perceived their last placement, just before they are invited to their muchawaited
UTC graduation ceremony? The following short stories, in a sense, help the future graduates to project
themselves into a job context. We shall be able to follow their first steps. Twice a year, 1 000 industrial training
officers, UTC’s pedagogical tutors and the trainees meet for the poster session day devoted to the placements.
The students have 15 minutes each to valorise their experience!
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
Samsung’s first Tizen-based devices are set to launch in the middle of 2015. This paper presents the research outcome on the security analysis of Tizen OS and it’s underlying security architecture. The paper begins with a quick introduction to Tizen architecture and explains the various components of Tizen OS. This will be followed by Tizen’s security model where application sandboxing and resource access control will be explained. Moving on, an overview of Tizen’s Content Security Framework which acts as an in-built malware detection API will be covered.
Various vulnerabilities in Tizen will be discussed including issues like Tizen WebKit2 address spoofing and content injection, Tizen WebKit CSP bypass and issues in Tizen’s memory protection (ASLR and DEP).
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
This are the slides of the keynote talk I gave at CBMI 2019 (on September 4, 2019 in Dublin, Ireland) about the Video Browser Showdown (VBS) competition.
UTC is well-known for producing multi-facet, wide-ranging engineers. They can be top-notch technically or
skilful managers, or a mix of both – this is largely due to the cursus structure, with its 6 elective majors
and 24 optional specialties that opens the way to innumerable professional opportunities. That is why there
is no stereotype profile for a UTC graduate … This month’s ‘dossier’ looks at this rich diversity and invites
the students to tell us how they perceived their last placement, just before they are invited to their muchawaited
UTC graduation ceremony? The following short stories, in a sense, help the future graduates to project
themselves into a job context. We shall be able to follow their first steps. Twice a year, 1 000 industrial training
officers, UTC’s pedagogical tutors and the trainees meet for the poster session day devoted to the placements.
The students have 15 minutes each to valorise their experience!
Hacking Samsung's Tizen: The OS of Everything - Hack In the Box 2015Ajin Abraham
Samsung’s first Tizen-based devices are set to launch in the middle of 2015. This paper presents the research outcome on the security analysis of Tizen OS and it’s underlying security architecture. The paper begins with a quick introduction to Tizen architecture and explains the various components of Tizen OS. This will be followed by Tizen’s security model where application sandboxing and resource access control will be explained. Moving on, an overview of Tizen’s Content Security Framework which acts as an in-built malware detection API will be covered.
Various vulnerabilities in Tizen will be discussed including issues like Tizen WebKit2 address spoofing and content injection, Tizen WebKit CSP bypass and issues in Tizen’s memory protection (ASLR and DEP).
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
M. De Cubellis, M. Bruno, F. De Fausti, M. Scannapieco,
30 Novembre - 1 Dicembre 2021 -
Webinar: Sperimentare e utilizzare informazioni provenienti da partner privati e da giacimenti digitali
Titolo:Input Privacy Preserving Techniques: UNECE project experiences
A Multilingual, Scientific Poem on Model-Driven Security in a Vietnamese Kara...Phu H. Nguyen
A short presentation at Luxembourg Pop-Up Science event to promote research to public. An informal presentation of Model-Driven Security in the form of a poem and sung in a Vietnamese Karaoke singing style
Training and awareness raising in Critical Infrastructure Protection & Resili...Global Risk Forum GRFDavos
6th International Disaster and Risk Conference IDRC 2016 Integrative Risk Management - Towards Resilient Cities. 28 August - 01 September 2016 in Davos, Switzerland
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
Achievements and future works of ITU-T Study Group 17 on Security
Presented at WTSA-16 by Mr Heung-Youl Youm, Vice-chairman, on behalf of Mr Arkadiy Kremer, Chairman of ITU-T Study Group 17
Demonstrating Safety – Lessons Learnt by InSOTECOeko-Institut
Presentation by Beate Kallenbach-Herbert and Dr Bettina Brohmann at OECD-NEA Symposium “The Safety Case for Deep Geological Disposal of Radioactive Waste: 2013 State of the Art”, Paris, October 7 - 9, 2013
The LEGO Maturity & Capability Model ApproachLuigi Buglione
“Maturity model” (MM) (based on Crosby’s original idea) has been one of the main buzzwords over the past 20 years. A variety of MMs have been created in several application domains, from Software Engineering to Contract Management. Despite several models intending to cover the same domain, their PRMs (Process Reference Models) typically have different scopes, do not always cover the same set of processes, or have different levels of depth, or do not express the same level of granularity when describing concepts. Thus some important questions from the MM users’ viewpoint arise: how to choose the right models for our needs? After selecting those models, how to build a new, tailored MM based on several sources and customized to a specific domain? This paper motivates these important questions and proposes a way to choose, combine and adapt the contents from multiple MMs within a generic-domain approach we call ‘LEGO’ (Living EnGineering prOcess), based upon the well-known kids’ toy that stimulates creativity through combining different bricks. We present three case studies, one of them based upon the development of the Medi SPICE model, illustrating how the proposed approach may be used to develop MCM (Maturity & Capabilty Models) in this context.
Some insights from a Systematic Mapping Study and a Systematic Review Study: ...Phu H. Nguyen
Doing literature reviews is a must for us (researchers) to avoid reinventing the wheel, and to expand the boundary of knowledge. Why not having fun with the snowballing technique and conducting the reviews systematically? This talk shares some insights from a Systematic Mapping Study (SMS) and a Systematic Literature Review (SLR). When to conduct a SMS? When to conduct a SLR? What are the differences?
More Related Content
Similar to Model-Driven Security with Modularity and Reusability for Engineering Secure Software Systems
M. De Cubellis, M. Bruno, F. De Fausti, M. Scannapieco,
30 Novembre - 1 Dicembre 2021 -
Webinar: Sperimentare e utilizzare informazioni provenienti da partner privati e da giacimenti digitali
Titolo:Input Privacy Preserving Techniques: UNECE project experiences
A Multilingual, Scientific Poem on Model-Driven Security in a Vietnamese Kara...Phu H. Nguyen
A short presentation at Luxembourg Pop-Up Science event to promote research to public. An informal presentation of Model-Driven Security in the form of a poem and sung in a Vietnamese Karaoke singing style
Training and awareness raising in Critical Infrastructure Protection & Resili...Global Risk Forum GRFDavos
6th International Disaster and Risk Conference IDRC 2016 Integrative Risk Management - Towards Resilient Cities. 28 August - 01 September 2016 in Davos, Switzerland
The AIRCC's International Journal of Computer Science and Information Technology (IJCSIT) is devoted to fields of Computer Science and Information Systems. The IJCSIT is a peer-reviewed scientific journal published in electronic form as well as print form. The mission of this journal is to publish original contributions in its field in order to propagate knowledge amongst its readers and to be a reference publication.
Achievements and future works of ITU-T Study Group 17 on Security
Presented at WTSA-16 by Mr Heung-Youl Youm, Vice-chairman, on behalf of Mr Arkadiy Kremer, Chairman of ITU-T Study Group 17
Demonstrating Safety – Lessons Learnt by InSOTECOeko-Institut
Presentation by Beate Kallenbach-Herbert and Dr Bettina Brohmann at OECD-NEA Symposium “The Safety Case for Deep Geological Disposal of Radioactive Waste: 2013 State of the Art”, Paris, October 7 - 9, 2013
The LEGO Maturity & Capability Model ApproachLuigi Buglione
“Maturity model” (MM) (based on Crosby’s original idea) has been one of the main buzzwords over the past 20 years. A variety of MMs have been created in several application domains, from Software Engineering to Contract Management. Despite several models intending to cover the same domain, their PRMs (Process Reference Models) typically have different scopes, do not always cover the same set of processes, or have different levels of depth, or do not express the same level of granularity when describing concepts. Thus some important questions from the MM users’ viewpoint arise: how to choose the right models for our needs? After selecting those models, how to build a new, tailored MM based on several sources and customized to a specific domain? This paper motivates these important questions and proposes a way to choose, combine and adapt the contents from multiple MMs within a generic-domain approach we call ‘LEGO’ (Living EnGineering prOcess), based upon the well-known kids’ toy that stimulates creativity through combining different bricks. We present three case studies, one of them based upon the development of the Medi SPICE model, illustrating how the proposed approach may be used to develop MCM (Maturity & Capabilty Models) in this context.
Similar to Model-Driven Security with Modularity and Reusability for Engineering Secure Software Systems (20)
Some insights from a Systematic Mapping Study and a Systematic Review Study: ...Phu H. Nguyen
Doing literature reviews is a must for us (researchers) to avoid reinventing the wheel, and to expand the boundary of knowledge. Why not having fun with the snowballing technique and conducting the reviews systematically? This talk shares some insights from a Systematic Mapping Study (SMS) and a Systematic Literature Review (SLR). When to conduct a SMS? When to conduct a SLR? What are the differences?
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
How to Split Bills in the Odoo 17 POS ModuleCeline George
Bills have a main role in point of sale procedure. It will help to track sales, handling payments and giving receipts to customers. Bill splitting also has an important role in POS. For example, If some friends come together for dinner and if they want to divide the bill then it is possible by POS bill splitting. This slide will show how to split bills in odoo 17 POS.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
Digital Tools and AI for Teaching Learning and Research
Model-Driven Security with Modularity and Reusability for Engineering Secure Software Systems
1. Model-Driven Security with Modularity and Reusability
for Engineering Secure Software Systems
PhD Defence, September 10th, 2015
Candidate: Phu Hong Nguyen
PhD Candidate, University of Luxembourg, Luxembourg
Committee: Dr. Yves Le Traon (Supervisor)
Professor, University of Luxembourg, Luxembourg
Dr. Pierre Kelsen (Chair)
Professor, University of Luxembourg, Luxembourg
Dr. Jacques Klein (Vice-Chair)
Senior Research Scientist, University of Luxembourg, Luxembourg
Dr. Jörg Kienzle (External Reviewer)
Professor, McGill University, Montréal, Canada
Dr. Riccardo Scandariato (External Reviewer)
Professor, Chalmers University of Technology and University of Gothenburg, Sweden
4. ICTSS 2010PhD DefencePhu Hong NGUYEN 4
Opps, a driver totally lost control of his car on
the high way because someone successfully
hacked the car’s software remotely…
6. ICTSS 2010PhD DefencePhu Hong NGUYEN 6
software complexity increases exponentially
where business complexity increases linearly.
(Glass, 2002) (IfM and IBM, 2008) --
www.capgemini.com dbstrat.com
Challenge 1: (Software) systems are getting
more complex.
7. ICTSS 2010PhD DefencePhu Hong NGUYEN 7
securesoftware.blogspot.com
Challenge 2: Security concerns are not often
taken into account early in the development
process!
8. ICTSS 2010PhD DefencePhu Hong NGUYEN 8
http://blogs.vmware.com
Challenge 3: Economic pressure reduces the
development time…
10. ICTSS 2010PhD DefencePhu Hong NGUYEN 10
http://www.theenterprisearchitect.eu/blog/2009/08/05/a-metaphor-for-model-driven-engineering/JOHAN DEN HAAN
Model-Driven
Engineering
(MDE)
11. ICTSS 2010PhD DefencePhu Hong NGUYEN 11
http://www.theenterprisearchitect.eu/blog/2009/08/05/a-metaphor-for-model-driven-engineering/JOHAN DEN HAAN
Model-Driven
Security
(MDS)
12. ICTSS 2010PhD DefencePhu Hong NGUYEN 12
www.sparxsystems.com
MDE & MDS: more productive, supposedly less
error-prone.
13. ICTSS 2010PhD DefencePhu Hong NGUYEN 13
Model-Driven Security with SecureUML
Model Driven Security, Technical Report 414, ETH Zurich, 2004
SecureUML
MDS: Security concerns are dealt with from the
very beginning, and throughout the
development cycle.
14. ICTSS 2010PhD DefencePhu Hong NGUYEN 14
http://matt.might.net/articles/phd-school-in-pictures/
More than a decade of Model-Driven Security
research: what MDS approaches been
proposed, what issues are open to be
researched?
MDE
MDS
15. ICTSS 2010PhD DefencePhu Hong NGUYEN 15
• A Systematic Literature Review of MDS
Main Content
• Model-Driven Security with Modularity
• Model-Driven Security with Reusability
21. ICTSS 2010PhD DefencePhu Hong NGUYEN 21
Significant MDS approaches vs. Less common or
emerging MDS approaches.
22. ICTSS 2010PhD DefencePhu Hong NGUYEN 22
1. The lack of addressing multiple security
concerns systematically.
23. ICTSS 2010PhD DefencePhu Hong NGUYEN 23
2. Aspect-Oriented Modelling (AOM) should be
promoted more.
24. ICTSS 2010PhD DefencePhu Hong NGUYEN 24
Model transformations & Code generation =>
3. MDS tool chain based on automated model
transformations is rare.
25. ICTSS 2010PhD DefencePhu Hong NGUYEN 25
Next Goal 1: Towards an MDS tool chain from
modelling to testing.
Next Goal 2: How to address multiple security
concerns more systematically?
Next Goal 3: How to leverage AOM techniques to
better enhance separation-of-concern in
the MDS development process?
28. ICTSS 2010PhD DefencePhu Hong NGUYEN 28
Access Control (AC): Administering access to
resources by enforcing AC policy.
www.redsandz.com
29. ICTSS 2010PhD DefencePhu Hong NGUYEN 29
Delegation of right(s) allows a user (delegator) to
delegate her/his access right(s) to another user
(delegatee).
www.jjdigeronimo.com
30. ICTSS 2010PhD DefencePhu Hong NGUYEN 30
Yves (Professor) delegates his signature for using
budget to Jacques (Senior Research Scientist)
while Yves is on vacation.
www.loxton.com.sg
31. ICTSS 2010PhD DefencePhu Hong NGUYEN 31
http://www.masterminditservices.com
http://www.techcommandos.com
Another delegation instance: File Sharing
32. ICTSS 2010PhD DefencePhu Hong NGUYEN 32
Yves (Professor) delegates his signature for using
budget to Jacques (Senior Research Scientist)
while Yves is on vacation and automatically gets
it back after his vacation.
www.loxton.com.sgTemporary Delegation
33. ICTSS 2010PhD DefencePhu Hong NGUYEN 33
www.loxton.com.sg
Transfer Delegation
Yves (Professor) delegates his signature to Jacques
(Senior Research Scientist) AND Yves is not allowed
to use his signature while delegating it.
34. ICTSS 2010PhD DefencePhu Hong NGUYEN 34
Yves (Professor) delegates his signature to
Jacques (Senior Research Scientist) BUT Jacques
is not allowed to delegate it to anyone else.
www.loxton.com.sg
Multi-Step Delegation
35. ICTSS 2010PhD DefencePhu Hong NGUYEN 35
Yves (Professor) is not allowed to delegate his
signature to any PhD student.
www.loxton.com.sg
Non-Delegable
38. ICTSS 2010PhD DefencePhu Hong NGUYEN 38
Proposed Solution: Separation of concerns
among Business Logic / Access Control /
Delegation
39. ICTSS 2010PhD DefencePhu Hong NGUYEN 39
Access
control
metamodel
Access
policy
Architecture
metamodel
Base
model
Model
composition
Security-
enforced
architecture
model
Self
adaptation
000
Running system
Proxy
ComponentsProxy
components
Adaptive execution platform
validation
change/evolution
evolution
evolution
M2 M1 M0
test
Proxy
componentsProxy
componentsBusiness logic
components
Delegation
metamodel
Delegation
policy
Active
security
policy
Model
transformation
test
conforms to (cft)
cft
cft
cft
cft
Modelling Security Concerns and Business Logic
40. ICTSS 2010PhD DefencePhu Hong NGUYEN 40
Access
control
metamodel
Access
policy
Architecture
metamodel
Base
model
Model
composition
Security-
enforced
architecture
model
Self
adaptation
000
Running system
Proxy
ComponentsProxy
components
Adaptive execution platform
validation
change/evolution
evolution
evolution
M2 M1 M0
test
Proxy
componentsProxy
componentsBusiness logic
components
Delegation
metamodel
Delegation
policy
Active
security
policy
Model
transformation
test
conforms to (cft)
cft
cft
cft
cft
Composing
41. ICTSS 2010PhD DefencePhu Hong NGUYEN 41
Access
control
metamodel
Access
policy
Architecture
metamodel
Base
model
Model
composition
Security-
enforced
architecture
model
Self
adaptation
000
Running system
Proxy
ComponentsProxy
components
Adaptive execution platform
validation
change/evolution
evolution
evolution
M2 M1 M0
test
Proxy
componentsProxy
componentsBusiness logic
components
Delegation
metamodel
Delegation
policy
Active
security
policy
Model
transformation
test
conforms to (cft)
cft
cft
cft
cft
Code Generation (and Adaptation)
43. ICTSS 2010PhD DefencePhu Hong NGUYEN 43
Transform
&
adapt
Resource
Proxy
Components
Role Proxy
Components
User Proxy
Components
Business
Components
Access Control
policy
Business
Logic model
Authenticate
Component
Adaptive
Execution
Platform
Business
Components
Business
Logic
Components
Resource
Proxy
Components
Role Proxy
Component
s
User Proxy
Components
Delegation
policy
Test
cases
Access Control
policy
Mutants
Mutants
Mutants
Mutate
Compose
Testing Delegation Policy Enforcement via
Mutation Analysis
44. ICTSS 2010PhD DefencePhu Hong NGUYEN 44
Recap MDS with Modularity: Model-Driven
Adaptive Delegation and Mutation Testing.
46. ICTSS 2010PhD DefencePhu Hong NGUYEN 46
How to address multiple security concerns more
systematically?
How to leverage AOM techniques to better
enhance separation-of-concern in
the MDS development process?
www.enterprisearchitects.com
47. ICTSS 2010PhD DefencePhu Hong NGUYEN 47
Kienzle et al., Crisis management
systems: a case study for aspect-oriented
modeling, TAOSD VII, pages 1-22, 2010
How to systematically design the security of
Crisis Management Systems (CMS)?
48. ICTSS 2010PhD DefencePhu Hong NGUYEN 48
Kienzle et al., Crisis management systems: a case study for aspect-
oriented modeling, TAOSD VII, pages 1-22, 2010
CMS - A complex, distributed system but must
be secure.
50. ICTSS 2010PhD DefencePhu Hong NGUYEN 50
Using a catalog of security patterns improves
neither the productivity of the software
designer, nor the security of the design.
51. ICTSS 2010PhD DefencePhu Hong NGUYEN 51
We need more: bridge the gap of abstract
security patterns with their detailed designs,
their application, especially their interrelations.
Authentication
Enforcer pattern
52. ICTSS 2010PhD DefencePhu Hong NGUYEN 52
• Security design patterns are specified as
reusable aspect models.
• A refinement process from abstract design
patterns to detailed security design
patterns.
• Inter-pattern guides in systematically
selecting the right security design patterns
for the job.
SOLUTION: An MDS approach based on a library-
like System of Security design Patterns (shortly
called SoSPa).
53. ICTSS 2010PhD DefencePhu Hong NGUYEN 53
Aspect Session pattern
SOLUTION: Security Patterns are specified as
Reusable Aspect Models.
60. ICTSS 2010PhD DefencePhu Hong NGUYEN 60
• Security threats identification & analysis
• Security design patterns selection and
application
– Step 1: Constructing security solutions from the
security patterns in SoSPa
– Step 2: Defining mappings to integrate the newly
built security solutions to a base system model
– Step 3: Weaving the security solutions into the
base system model
• Verification & validation of security patterns
application
Pattern-Driven Secure Systems
Development Process
61. ICTSS 2010PhD DefencePhu Hong NGUYEN 61
A partial view of CMS with part of the
createMission function.
62. ICTSS 2010PhD DefencePhu Hong NGUYEN 62
Selected security design patterns for building the
security solution for CMS.
63. ICTSS 2010PhD DefencePhu Hong NGUYEN 63
Woven model: The woven class diagram of CMS
including security patterns’ classes.
Woven Model
65. ICTSS 2010PhD DefencePhu Hong NGUYEN 65
Recap MDS with Reusability: SoSPa – a System of
Security Design Patterns for Systematically
Engineering Security Systems.
67. ICTSS 2010PhD DefencePhu Hong NGUYEN 67
Summary 1: An Extensive Systematic Review
on the Model-Driven Development of Secure
Systems.
68. ICTSS 2010PhD DefencePhu Hong NGUYEN 68
Summary 2: MDS with Modularity for Dynamic
Adaptation of Secure Systems.
69. ICTSS 2010PhD DefencePhu Hong NGUYEN 69
Summary 3: MDS with Reusability – a System
of Security design Patterns for Systematically
Engineering Secure Systems.
72. ICTSS 2010PhD DefencePhu Hong NGUYEN 72
http://www.u-test.eu
Another direction: Security Modelling and Model-
Based Security Testing of Cyber-Physical
Systems under Uncertainty.
73. ICTSS 2010PhD DefencePhu Hong NGUYEN 73
Publications: Systematic Review and Advanced in
MDS
1. Phu Hong Nguyen, Max E. Kramer, Jacques Klein, and Yves Le
Traon. ``An Extensive Systematic Review on the Model-Driven
Development of Secure Systems." In Information and Software
Technology, 2015.
2. Phu Hong Nguyen, Jacques Klein, Yves Le Traon, and Max E.
Kramer. ``A Systematic Review of Model-Driven Security." In Software
Engineering Conference (APSEC, 2013 20th Asia-Pacific, vol. 1, pp.
432-441. IEEE, 2013.
3. Levi Lucio, Qin Zhang, Phu Hong Nguyen, Moussa Amrani, Jacques
Klein, Hans Vangheluwe, and Yves Le Traon. ``Advances in Model-
Driven Security." Advances in Computers 93 (2014): 103-152.
74. ICTSS 2010PhD DefencePhu Hong NGUYEN 74
Publications: MDS with Modularity
4. Phu Hong Nguyen, Gregory Nain, Jacques Klein, Tejeddine Mouelhi,
and Yves Le Traon. ``Modularity and Dynamic Adaptation of Flexibly
Secure Systems: Model-Driven Adaptive Delegation in Access Control
Management." In Transactions on Aspect-Oriented Software
Development XI, pp. 109-144. Springer Berlin Heidelberg, 2014.
5. Phu Hong Nguyen, Gregory Nain, Jacques Klein, Tejeddine Mouelhi,
and Yves Le Traon. ``Model-driven adaptive delegation." In
Proceedings of the 12th annual international conference on Aspect-
oriented software development, pp. 61-72. ACM, 2013.
6. Phu Hong Nguyen, Mike Papadakis, and Iram Rubab. ``Testing
Delegation Policy Enforcement via Mutation Analysis." In Software
Testing, Verification and Validation Workshops (ICSTW), 2013 IEEE
Sixth International Conference on, pp. 34-42. IEEE, 2013.
75. ICTSS 2010PhD DefencePhu Hong NGUYEN 75
Publications: MDS with Reusability
7. Phu Hong Nguyen, Koen Yskout, Thomas Heyman, Jacques
Klein, Riccardo Scandariato, and Yves Le Traon. “SoSPa: A
System of Security Design Patterns for Systematically Engineering
Secure Systems.” In ACM/IEEE 18th International Conference on
Model Driven Engineering Languages and Systems. 2015.
8. Phu Hong Nguyen, Jacques Klein, and Yves Le Traon. ``Model-
Driven Security with A System of Aspect-Oriented Security Design
Patterns." In 2nd Workshop on View-Based, Aspect-Oriented and
Orthographic Software Modelling. 2014.
77. Model-Driven Security with Modularity and Reusability
for Engineering Secure Software Systems
PhD Defence, September 10th, 2015
Candidate: Phu Hong Nguyen
PhD Candidate, University of Luxembourg, Luxembourg
Committee: Dr. Yves Le Traon (Supervisor)
Professor, University of Luxembourg, Luxembourg
Dr. Pierre Kelsen (Chair)
Professor, University of Luxembourg, Luxembourg
Dr. Jacques Klein (Vice-Chair)
Senior Research Scientist, University of Luxembourg, Luxembourg
Dr. Jörg Kienzle (External Reviewer)
Professor, McGill University, Montréal, Canada
Dr. Riccardo Scandariato (External Reviewer)
Professor, Chalmers University of Technology and University of Gothenburg, Sweden
Editor's Notes
Welcome to my PhD defence presentation about how Model-Driven Security with Modularity and Reusability can help building secure software systems.
This is nearly 4 years of my PhD work that I am presenting in 45 minutes.
I will tell you why I have done this research; what I have done in my PhD work; and summarize the contributions of my thesis.
Let me begin with the motivation why I have been doing this research… about software security engineering.
Is it enough to convince you that we need to care a lot about the security of software systems? If not yet, let’s move on…
You can see an electric car but very powerful, a smart car, highly wirelessly connected (to the internet). What a nice car!
I took a photo of the big touchable screen inside the car last month in Norway when I had a chance to drive this car.
What is scary here??? Assuming that you don’t surf webs or google while driving. Good news is that you cannot open Youtube videos while driving, I tried…
If you are a “good” driver, what is still scary here???
Oopss, someone could hijack remotely your car on the highway!
Uconnect, the Internet-connected software installed in newer Fiat Chrysler models, can be hacked remotely due to a vulnerability in its cellular capabilities.
Luckily this is only an experiment.
This is just an example to show that Software is getting a bigger share in controlling system/network over hardware. Hot trends now:
Software-Defined Networking (SDN)
CPS
But, controllers are computers prone to bugs and attacks.
But, any failure e.g. in security, could lead to physical damages, involving human in where Cyber Physical Systems are getting popular.
CPS is going to be everywhere: Transportation, Military, Health Care, Infrastructure, Energy, Communication, etc.
More importantly, CPS often involve humans who can physically interact with the systems.
The security of computer systems and networks cannot be ensured by only enhancing network security and other perimeter solutions.
It is also essential for ensuring security by building better, secure software .
But why building secure systems is so hard???so challenging? From engineering point of view, there could be three main challenges in building modern secure software systems.
Antivirus programs, network security, etc. are important but not enough!
The security of the software systems itself is also very important,
i.e. to allow the genius users of the system to work efficiently but prevent any malicious attackers to exploit or harm the system.
The first challenge: complexity.
The second challenge: we all know the later security is taken into account the much worse damages are. But security concerns are not often taken into account early.
3. Economic pressure reduces the development time and increases the frequency of demanded modifications…
Developing complex software takes time but if not fast enough, the product would be obsolete regarding business…
How to tackle these 3 challenges? => MDE, MDS.
Why MDE, Why MDS
Contributing to the design state. Proven solution to early design
- Proven solution to early design
- More productive with automation
Supposedly less error-prone
MDS is a specialization of MDE for developing secure software systems.
All security concerns are taken into account early, with security solutions are integrated into the model of the system.
The models of security solutions are integrated into the model of system under development to create “MDS-Model”.
The MDS-Model can be used in a formal verification process, in a model-based testing process, as well as generating source code of the system including security infrastructures.
What are the open issues to be further investigated? My PhD work first must know what are the open issues in the state-of-the-art of MDS, and then what we could contribute to the research domain to broaden the knowledge boundary…
Thus, first we conducted a systematic literature review of MDS.
Then we present our work on two main directions to contribute to this research domain: MDS with Modularity and Reusability.
Let’s start with the systematic review
To know what we could contribute in MDS that no one else has done, a good survey of MDS would be enough. But we could do better than that: a systematic literature review (SLR)! Why?
As can be seen in the concept of a SLR, the primary studies selected after a rigorous, less-biased selection process are reviewed in a systematic way to have a systematic view of the research domain/sub-domain.
The results of the SLR allow us to see a big picture of the research domain (MDS) with the main “players” or research methodologies and the missing areas that are open for new contributions in the field.
Our rigorous search process to find primary MDS publications started with the manual search process in which we selected 80 primary MDS papers out of 10633 relevant papers.
The manual search process still has some limitations in providing a complete set of primary MDS papers. To complement for the results of automatic search, we also conducted a manual search process in 10 high-impact journals and 10 conference proceedings in more than 10 years to find out 29 primary MDS papers. After merging the two set of 80 and 29, we have 95 MDS papers.
To improve and have more confidence about the completeness in the final set of primary MDS papers, a “snowballing” process was employed where we recursively searched for new MDS papers by looking for new primary MDS papers in the references and citations of the already selected primary MDS papers.
Finally, we ended up with 108 primary MDS papers for systematically reviewing and analyzing the results.
The data from 108 primary MDS papers were extracted, classified, synthesized, analyzed, and compared to give the results for the study.
Among the main results of our SLR, we have found out all the significant MDS approaches (such as SecureUML, UMLsec, SECTET) as well as emerging/less common MDS approaches (such as AOM4MDS, MDS@runtime, Pattern-based MDS).
In the context of this PhD work, we focused on tackling the following three of the main challenges in the state-of-the-art of MDS research backed up by our SLR.
First, we aim at tackling the lack of addressing multiple security concerns systematically in MDS research. The Ven diagram shows that only about 10% of primary MDS papers address three most common security concerns, i.e. Authorisation, Authentication, and Confidentiality. If we count also other concerns such as Integrity and Accountability together with the former three, there are very few MDS approaches deal with all of them, and not systematically, i.e. interrelations among security concerns and solutions are considered.
RQ3: What are the open issues to be further investigated?
1 step only
Thanks to Reusability we can address multiple security concerns…
MOTIVATION 3: Security patterns based on domain-independent, time-proven security knowledge & expertise but not applied sufficiently
Catalogs of security patterns are the most accessible, well documented resources of different security solutions for different security concerns BUT not enough!
the results of two relevant empirical studies [260, 261] have shown that using existing catalogs of security patterns does neither improve the productivity of the software designer, nor the security of the design.
Interrelationships among security concerns have to be considered.
Most MDS approaches have separation-of-concerns but not fully/truly AOM.
Using fully/truly AOM improves the modularity and reusability, and also make MDS better works with other NFRs.
Security patterns are not applied as much as they could be because developers have problems in selecting them and applying them in the right places, especially at the design phase.
Diagram
RQ3: What are the open issues to be further investigated?
RQ3: What are the open issues to be further investigated?
RQ3: What are the open issues to be further investigated?