SlideShare a Scribd company logo

Ppap13b.ppt

Ptidej Team
Ptidej Team

Security, patterns, detection

TechnologyEntertainment & Humor
1 of 19
Download to read offline
An Approach to Formalise Security Patterns Luis Sergio da Silva Junior, ´ Ecole Polytechnique de Montr´al e March, 2013 Sergio An Approach to Formalise Security Patterns 1/ 19
Context Software Development • Methods, Techniques and Tools • Reuse • Design Patterns • Security Patterns Sergio An Approach to Formalise Security Patterns 2/ 19
Security Patterns Properties • Group of patterns focused on security context • Threat, Attack, Attacker, Asset etc • UML diagrams • Originally, not formally specified Sergio An Approach to Formalise Security Patterns 3/ 19
Security Patterns Example 1 • Single Access Point • Guard Door Sergio An Approach to Formalise Security Patterns 4/ 19
Security Patterns Sergio An Approach to Formalise Security Patterns 5/ 19
Security Patterns Example 2 • Roles • Group of roles • Restrict Access Sergio An Approach to Formalise Security Patterns 6/ 19
Formal Methods Definition Formal Methods (FM) consist of a set of techniques and tools based on mathematical modeling and formal logic that are used to specify and verify requirements and designs for computer systems and software OCL and extensions Petri Nets ASM others Sergio An Approach to Formalise Security Patterns 7/ 19
Formalizing Security Patterns Correct implementation of restrictions and properties Avoid Threats and bad implementation Security Improvement Sergio An Approach to Formalise Security Patterns 8/ 19
Petri Nets Places, Tokens and Arcs Different Types (Coloured, Temporized ) CPN-Tools Why Petri Nets ? Sergio An Approach to Formalise Security Patterns 9/ 19
Study Case Sender-Receiver example Microarchitecture example constraint - the size of the message cannot be longer than 10 Structural analysis - PADL and Reflection structure Behavioural analysis - Comparison between the pattern and the Petri Net structure Sergio An Approach to Formalise Security Patterns 10/ 19
Structural analysis Pattern detection through structural analysis Class diagrams Send its result to the next step Sergio An Approach to Formalise Security Patterns 11/ 19
Structural analysis Sergio An Approach to Formalise Security Patterns 12/ 19
Structural analysis Create a Pattern Model using PADL Comparison with Real objects - using Java Reflection API Compare all attributes, associations Display accuracy. Sergio An Approach to Formalise Security Patterns 13/ 19
Behavioural analysis Sergio An Approach to Formalise Security Patterns 14/ 19
Behavioural Analysis Create Coloured Petri Net Model by CPN-Tools Using XML extractor from the .cpn file Using Classes, Interfaces to keep the information on Java structure Extract method internal structure from .java file Compare expressions and attributions from the java source code with the Petri net arc inscription. Display accuracy Sergio An Approach to Formalise Security Patterns 15/ 19
Behavioural analysis Expressions and Attributions Sergio An Approach to Formalise Security Patterns 16/ 19
Future Work Testing with a Real System Single Access Point, Roles, Session Evaluate Version with Simulation of Petri Net model More Formal Methods Provide running analysis. Sergio An Approach to Formalise Security Patterns 17/ 19
Future Work Find the pattern in some complex structure Petri Net restriction - named places and transitions Different calls, same idea (length and size) Sergio An Approach to Formalise Security Patterns 18/ 19
Acknowledgment Sergio An Approach to Formalise Security Patterns 19/ 19

Recommended

Mobile Multimodal Interaction: An Investigation and Implementation of Context...
Mobile Multimodal Interaction: An Investigation and Implementation of Context...Mobile Multimodal Interaction: An Investigation and Implementation of Context...
Mobile Multimodal Interaction: An Investigation and Implementation of Context...Mafer Solorzano
 
Reverse Engineering: a European IPR Perspective
Reverse Engineering: a European IPR PerspectiveReverse Engineering: a European IPR Perspective
Reverse Engineering: a European IPR PerspectiveDaniel Russo
 
Presentation networking(1)
Presentation networking(1)Presentation networking(1)
Presentation networking(1)cegonsoft1999
 
Bachelors in mobile computing and internet
Bachelors in mobile computing and internetBachelors in mobile computing and internet
Bachelors in mobile computing and internetitft college
 
Ppap13a.ppt
Ppap13a.pptPpap13a.ppt
Ppap13a.pptPtidej Team
 
MSR Asia Summit
MSR Asia SummitMSR Asia Summit
MSR Asia SummitPtidej Team
 
Rsse12.ppt
Rsse12.pptRsse12.ppt
Rsse12.pptPtidej Team
 
Icsoc12 tooldemo.ppt
Icsoc12 tooldemo.pptIcsoc12 tooldemo.ppt
Icsoc12 tooldemo.pptPtidej Team
 

Recommended

Mobile Multimodal Interaction: An Investigation and Implementation of Context...
Mobile Multimodal Interaction: An Investigation and Implementation of Context...Mobile Multimodal Interaction: An Investigation and Implementation of Context...
Mobile Multimodal Interaction: An Investigation and Implementation of Context...Mafer Solorzano
 
Reverse Engineering: a European IPR Perspective
Reverse Engineering: a European IPR PerspectiveReverse Engineering: a European IPR Perspective
Reverse Engineering: a European IPR PerspectiveDaniel Russo
 
Presentation networking(1)
Presentation networking(1)Presentation networking(1)
Presentation networking(1)cegonsoft1999
 
Bachelors in mobile computing and internet
Bachelors in mobile computing and internetBachelors in mobile computing and internet
Bachelors in mobile computing and internetitft college
 
Ppap13a.ppt
Ppap13a.pptPpap13a.ppt
Ppap13a.pptPtidej Team
 
MSR Asia Summit
MSR Asia SummitMSR Asia Summit
MSR Asia SummitPtidej Team
 
Rsse12.ppt
Rsse12.pptRsse12.ppt
Rsse12.pptPtidej Team
 
Icsoc12 tooldemo.ppt
Icsoc12 tooldemo.pptIcsoc12 tooldemo.ppt
Icsoc12 tooldemo.pptPtidej Team
 
Icsm07 tooldemo.pdf
Icsm07 tooldemo.pdfIcsm07 tooldemo.pdf
Icsm07 tooldemo.pdfPtidej Team
 
Mribp13.ppt
Mribp13.pptMribp13.ppt
Mribp13.pptPtidej Team
 
Wcre12c.ppt
Wcre12c.pptWcre12c.ppt
Wcre12c.pptPtidej Team
 
Wcre13a.ppt
Wcre13a.pptWcre13a.ppt
Wcre13a.pptPtidej Team
 
Wcre12b.ppt
Wcre12b.pptWcre12b.ppt
Wcre12b.pptPtidej Team
 
Ssbse12b.ppt
Ssbse12b.pptSsbse12b.ppt
Ssbse12b.pptPtidej Team
 
Wcre13b.ppt
Wcre13b.pptWcre13b.ppt
Wcre13b.pptPtidej Team
 
See12.ppt
See12.pptSee12.ppt
See12.pptPtidej Team
 
Ssbse12a.ppt
Ssbse12a.pptSsbse12a.ppt
Ssbse12a.pptPtidej Team
 
Wcre13c.pdf
Wcre13c.pdfWcre13c.pdf
Wcre13c.pdfPtidej Team
 
Software Design Patterns in Theory
Software Design Patterns in TheorySoftware Design Patterns in Theory
Software Design Patterns in TheoryPtidej Team
 
Quality and Software Design Patterns
Quality and Software Design PatternsQuality and Software Design Patterns
Quality and Software Design PatternsPtidej Team
 
AsianPLoP'14: How and Why Design Patterns Impact Quality and Future Challenges
AsianPLoP'14: How and Why Design Patterns Impact Quality and Future ChallengesAsianPLoP'14: How and Why Design Patterns Impact Quality and Future Challenges
AsianPLoP'14: How and Why Design Patterns Impact Quality and Future ChallengesPtidej Team
 
Software Design Patterns in Practice
Software Design Patterns in PracticeSoftware Design Patterns in Practice
Software Design Patterns in PracticePtidej Team
 
Jcom02.ppt
Jcom02.pptJcom02.ppt
Jcom02.pptPtidej Team
 
Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Chadni Islam
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
 
Security Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and VerificationSecurity Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and VerificationHironori Washizaki
 
TESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsTESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsHironori Washizaki
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...Kim Hammar
 
Network simulator survey
Network simulator surveyNetwork simulator survey
Network simulator surveyWei Lin
 
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011dma1965
 

More Related Content

Viewers also liked

Icsm07 tooldemo.pdf
Icsm07 tooldemo.pdfIcsm07 tooldemo.pdf
Icsm07 tooldemo.pdfPtidej Team
 
Software Design Patterns in Theory
Software Design Patterns in TheorySoftware Design Patterns in Theory
Software Design Patterns in TheoryPtidej Team
 
Quality and Software Design Patterns
Quality and Software Design PatternsQuality and Software Design Patterns
Quality and Software Design PatternsPtidej Team
 
AsianPLoP'14: How and Why Design Patterns Impact Quality and Future Challenges
AsianPLoP'14: How and Why Design Patterns Impact Quality and Future ChallengesAsianPLoP'14: How and Why Design Patterns Impact Quality and Future Challenges
AsianPLoP'14: How and Why Design Patterns Impact Quality and Future ChallengesPtidej Team
 
Software Design Patterns in Practice
Software Design Patterns in PracticeSoftware Design Patterns in Practice
Software Design Patterns in PracticePtidej Team
 

Viewers also liked (15)

Icsm07 tooldemo.pdf
Icsm07 tooldemo.pdfIcsm07 tooldemo.pdf
Icsm07 tooldemo.pdf
 
Mribp13.ppt
Mribp13.pptMribp13.ppt
Mribp13.ppt
 
Wcre12c.ppt
Wcre12c.pptWcre12c.ppt
Wcre12c.ppt
 
Wcre13a.ppt
Wcre13a.pptWcre13a.ppt
Wcre13a.ppt
 
Wcre12b.ppt
Wcre12b.pptWcre12b.ppt
Wcre12b.ppt
 
Ssbse12b.ppt
Ssbse12b.pptSsbse12b.ppt
Ssbse12b.ppt
 
Wcre13b.ppt
Wcre13b.pptWcre13b.ppt
Wcre13b.ppt
 
See12.ppt
See12.pptSee12.ppt
See12.ppt
 
Ssbse12a.ppt
Ssbse12a.pptSsbse12a.ppt
Ssbse12a.ppt
 
Wcre13c.pdf
Wcre13c.pdfWcre13c.pdf
Wcre13c.pdf
 
Software Design Patterns in Theory
Software Design Patterns in TheorySoftware Design Patterns in Theory
Software Design Patterns in Theory
 
Quality and Software Design Patterns
Quality and Software Design PatternsQuality and Software Design Patterns
Quality and Software Design Patterns
 
AsianPLoP'14: How and Why Design Patterns Impact Quality and Future Challenges
AsianPLoP'14: How and Why Design Patterns Impact Quality and Future ChallengesAsianPLoP'14: How and Why Design Patterns Impact Quality and Future Challenges
AsianPLoP'14: How and Why Design Patterns Impact Quality and Future Challenges
 
Software Design Patterns in Practice
Software Design Patterns in PracticeSoftware Design Patterns in Practice
Software Design Patterns in Practice
 
Jcom02.ppt
Jcom02.pptJcom02.ppt
Jcom02.ppt
 

Similar to Ppap13b.ppt

Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Chadni Islam
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspectiveDr. Anish Cheriyan (PhD)
 
Security Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and VerificationSecurity Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and VerificationHironori Washizaki
 
TESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsTESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsHironori Washizaki
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...Kim Hammar
 
Network simulator survey
Network simulator surveyNetwork simulator survey
Network simulator surveyWei Lin
 
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011dma1965
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecurityKim Hammar
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...apidays
 
Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...hack2s
 
Course overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsCourse overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsSanket Shikhar
 
GridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateGridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateAndy Bochman
 
Security in Machine Learning
Security in Machine LearningSecurity in Machine Learning
Security in Machine LearningFlavio Clesio
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...lior mazor
 
Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationArchitecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationChadni Islam
 
#1 formal methods – introduction for software engineering
#1 formal methods – introduction for software engineering#1 formal methods – introduction for software engineering
#1 formal methods – introduction for software engineeringSharif Omar Salem
 
CrAlSim: A Cryptography Algorithm Simulator
CrAlSim: A Cryptography Algorithm SimulatorCrAlSim: A Cryptography Algorithm Simulator
CrAlSim: A Cryptography Algorithm SimulatorIRJET Journal
 
our project presentation on online trading
our project presentation on online tradingour project presentation on online trading
our project presentation on online tradingBindiya syed
 
Digital Twins for Security Automation
Digital Twins for Security AutomationDigital Twins for Security Automation
Digital Twins for Security AutomationKim Hammar
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation IJECEIAES
 

Similar to Ppap13b.ppt (20)

Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...Architecture-centric Support for Integrating Security Tool in a Security Orch...
Architecture-centric Support for Integrating Security Tool in a Security Orch...
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective
 
Security Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and VerificationSecurity Patterns: Research Direction, Metamodel, Application and Verification
Security Patterns: Research Direction, Metamodel, Application and Verification
 
TESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern ApplicationsTESEM: A Tool for Verifying Security Design Pattern Applications
TESEM: A Tool for Verifying Security Design Pattern Applications
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
 
Network simulator survey
Network simulator surveyNetwork simulator survey
Network simulator survey
 
AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011AMI Security 101 - Smart Grid Security East 2011
AMI Security 101 - Smart Grid Security East 2011
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber Security
 
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
INTERFACE by apidays 2023 - Security Exposure Management in API First World, ...
 
Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...Hack2Secure Assists Organization in Secure Application Development Through BS...
Hack2Secure Assists Organization in Secure Application Development Through BS...
 
Course overview Cybersecurity and its applications
Course overview Cybersecurity and its applicationsCourse overview Cybersecurity and its applications
Course overview Cybersecurity and its applications
 
GridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security UpdateGridWise 2010 Cyber Security Update
GridWise 2010 Cyber Security Update
 
Security in Machine Learning
Security in Machine LearningSecurity in Machine Learning
Security in Machine Learning
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
 
Architecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automationArchitecture centric support for security orchestration and automation
Architecture centric support for security orchestration and automation
 
#1 formal methods – introduction for software engineering
#1 formal methods – introduction for software engineering#1 formal methods – introduction for software engineering
#1 formal methods – introduction for software engineering
 
CrAlSim: A Cryptography Algorithm Simulator
CrAlSim: A Cryptography Algorithm SimulatorCrAlSim: A Cryptography Algorithm Simulator
CrAlSim: A Cryptography Algorithm Simulator
 
our project presentation on online trading
our project presentation on online tradingour project presentation on online trading
our project presentation on online trading
 
Digital Twins for Security Automation
Digital Twins for Security AutomationDigital Twins for Security Automation
Digital Twins for Security Automation
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation
 

More from Ptidej Team

From IoT to Software Miniaturisation
From IoT to Software MiniaturisationFrom IoT to Software Miniaturisation
From IoT to Software MiniaturisationPtidej Team
 
Presentation by Lionel Briand
Presentation by Lionel BriandPresentation by Lionel Briand
Presentation by Lionel BriandPtidej Team
 
Manel Abdellatif
Manel AbdellatifManel Abdellatif
Manel AbdellatifPtidej Team
 
Azadeh Kermansaravi
Azadeh KermansaraviAzadeh Kermansaravi
Azadeh KermansaraviPtidej Team
 
CSED - Manel Grichi
CSED - Manel GrichiCSED - Manel Grichi
CSED - Manel GrichiPtidej Team
 
Cristiano Politowski
Cristiano PolitowskiCristiano Politowski
Cristiano PolitowskiPtidej Team
 
Will io t trigger the next software crisis
Will io t trigger the next software crisisWill io t trigger the next software crisis
Will io t trigger the next software crisisPtidej Team
 
Thesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.pptThesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.pptPtidej Team
 
Thesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.pptThesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.pptPtidej Team
 

More from Ptidej Team (20)

From IoT to Software Miniaturisation
From IoT to Software MiniaturisationFrom IoT to Software Miniaturisation
From IoT to Software Miniaturisation
 
Presentation
PresentationPresentation
Presentation
 
Presentation
PresentationPresentation
Presentation
 
Presentation
PresentationPresentation
Presentation
 
Presentation by Lionel Briand
Presentation by Lionel BriandPresentation by Lionel Briand
Presentation by Lionel Briand
 
Manel Abdellatif
Manel AbdellatifManel Abdellatif
Manel Abdellatif
 
Azadeh Kermansaravi
Azadeh KermansaraviAzadeh Kermansaravi
Azadeh Kermansaravi
 
Mouna Abidi
Mouna AbidiMouna Abidi
Mouna Abidi
 
CSED - Manel Grichi
CSED - Manel GrichiCSED - Manel Grichi
CSED - Manel Grichi
 
Cristiano Politowski
Cristiano PolitowskiCristiano Politowski
Cristiano Politowski
 
Will io t trigger the next software crisis
Will io t trigger the next software crisisWill io t trigger the next software crisis
Will io t trigger the next software crisis
 
MIPA
MIPAMIPA
MIPA
 
Thesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.pptThesis+of+laleh+eshkevari.ppt
Thesis+of+laleh+eshkevari.ppt
 
Thesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.pptThesis+of+nesrine+abdelkafi.ppt
Thesis+of+nesrine+abdelkafi.ppt
 
Medicine15.ppt
Medicine15.pptMedicine15.ppt
Medicine15.ppt
 
Qrs17b.ppt
Qrs17b.pptQrs17b.ppt
Qrs17b.ppt
 
Icpc11c.ppt
Icpc11c.pptIcpc11c.ppt
Icpc11c.ppt
 
Icsme16.ppt
Icsme16.pptIcsme16.ppt
Icsme16.ppt
 
Msr17a.ppt
Msr17a.pptMsr17a.ppt
Msr17a.ppt
 
Icsoc15.ppt
Icsoc15.pptIcsoc15.ppt
Icsoc15.ppt
 

Recently uploaded

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

Recently uploaded (20)

Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 

Ppap13b.ppt

  • 1. An Approach to Formalise Security Patterns Luis Sergio da Silva Junior, ´ Ecole Polytechnique de Montr´al e March, 2013 Sergio An Approach to Formalise Security Patterns 1/ 19
  • 2. Context Software Development • Methods, Techniques and Tools • Reuse • Design Patterns • Security Patterns Sergio An Approach to Formalise Security Patterns 2/ 19
  • 3. Security Patterns Properties • Group of patterns focused on security context • Threat, Attack, Attacker, Asset etc • UML diagrams • Originally, not formally specified Sergio An Approach to Formalise Security Patterns 3/ 19
  • 4. Security Patterns Example 1 • Single Access Point • Guard Door Sergio An Approach to Formalise Security Patterns 4/ 19
  • 5. Security Patterns Sergio An Approach to Formalise Security Patterns 5/ 19
  • 6. Security Patterns Example 2 • Roles • Group of roles • Restrict Access Sergio An Approach to Formalise Security Patterns 6/ 19
  • 7. Formal Methods Definition Formal Methods (FM) consist of a set of techniques and tools based on mathematical modeling and formal logic that are used to specify and verify requirements and designs for computer systems and software OCL and extensions Petri Nets ASM others Sergio An Approach to Formalise Security Patterns 7/ 19
  • 8. Formalizing Security Patterns Correct implementation of restrictions and properties Avoid Threats and bad implementation Security Improvement Sergio An Approach to Formalise Security Patterns 8/ 19
  • 9. Petri Nets Places, Tokens and Arcs Different Types (Coloured, Temporized ) CPN-Tools Why Petri Nets ? Sergio An Approach to Formalise Security Patterns 9/ 19
  • 10. Study Case Sender-Receiver example Microarchitecture example constraint - the size of the message cannot be longer than 10 Structural analysis - PADL and Reflection structure Behavioural analysis - Comparison between the pattern and the Petri Net structure Sergio An Approach to Formalise Security Patterns 10/ 19
  • 11. Structural analysis Pattern detection through structural analysis Class diagrams Send its result to the next step Sergio An Approach to Formalise Security Patterns 11/ 19
  • 12. Structural analysis Sergio An Approach to Formalise Security Patterns 12/ 19
  • 13. Structural analysis Create a Pattern Model using PADL Comparison with Real objects - using Java Reflection API Compare all attributes, associations Display accuracy. Sergio An Approach to Formalise Security Patterns 13/ 19
  • 14. Behavioural analysis Sergio An Approach to Formalise Security Patterns 14/ 19
  • 15. Behavioural Analysis Create Coloured Petri Net Model by CPN-Tools Using XML extractor from the .cpn file Using Classes, Interfaces to keep the information on Java structure Extract method internal structure from .java file Compare expressions and attributions from the java source code with the Petri net arc inscription. Display accuracy Sergio An Approach to Formalise Security Patterns 15/ 19
  • 16. Behavioural analysis Expressions and Attributions Sergio An Approach to Formalise Security Patterns 16/ 19
  • 17. Future Work Testing with a Real System Single Access Point, Roles, Session Evaluate Version with Simulation of Petri Net model More Formal Methods Provide running analysis. Sergio An Approach to Formalise Security Patterns 17/ 19
  • 18. Future Work Find the pattern in some complex structure Petri Net restriction - named places and transitions Different calls, same idea (length and size) Sergio An Approach to Formalise Security Patterns 18/ 19
  • 19. Acknowledgment Sergio An Approach to Formalise Security Patterns 19/ 19