SoSPa: A System of Security Patterns for engineering Secure Systems

MoDELS Conference

SoSPa: a System of Security Patterns for engineering Secure Systems

Phu Hong Nguyen1,2, Koen Yskout3, Thomas Heyman3, Jacques Klein2, Riccardo Scandariato3,4, and Yves Le Traon2

1 Simula Research Laboratory, Norway 2 SnT, University of Luxembourg, Luxembourg

3 iMinds-DistriNet, KU Leuven, Belgium 4 Chalmers & University of Gothenburg, Sweden

Outline

Motivation

Conclusions

SoSPa and its application

Outline

Phu Hong Nguyen, Max Kramer, Jacques Klein, Yves Le Traon, “An extensive systematic review on the Model-Driven Development of secure systems”, Information and Software Technology, Volume 68, 2015, Pages 62-81

Koen Yskout, Riccardo Scandariato, and Wouter Joosen. "Do Security Patterns Really help Designers?." Software Engineering (ICSE), 2015 37th International Conference on. IEEE. 2015.

1) Motivation

A SLR of MDS: Significant MDS approaches vs. Less common or emerging MDS approaches.

There is a lack of MDS approaches addressing multiple security concerns systematically.

Aspect-Oriented Modelling (AOM) could be leveraged more.

Security Patterns could be the solution but…

Using a catalog of security patterns improves neither the productivity of the software designer, nor the security of the design.

We need more than abstract patterns: bridge the gap of abstract security patterns with their detailed designs, their application,

especially their interrelations.

Authentication Enforcer pattern

Steel, Chritopher, and Ramesh Nagappan. Core Security Patterns: Best Practices and Strategies for J2EE", Web Services, and Identity Management. Pearson Education India, 2006.

How to systematically design the security of Crisis Management Systems (CMS)?

Jörg Kienzle, Nicolas Guelfi, and Sadaf Mustafiz. “Crisis management systems: a case study for aspect-oriented modeling". in Transactions on Aspect-Oriented Software Development XI, pp. 109-144. Springer Berlin Heidelberg, 2010.

CMS - A complex, distributed system but must be secure.

Jörg Kienzle, Nicolas Guelfi, and Sadaf Mustafiz. Crisis management systems: a case study for aspect-oriented modeling. in Transactions on Aspect-Oriented Software Development XI, pp. 109-144. Springer Berlin Heidelberg, 2010.

Some misuse cases related to user accounts, access control, accountability data, transmitted data

Security patterns are often too abstract with good intention but no clear semantics that make them difficult to be implemented and

applied, especially together.

Improperly integrating authentication, user session, and

authorisation solutions could lead to access rights misused,

and sensitive data leaked.

Wrongly implementing an encryption channel for data transmission and also an auditing

mechanism that intercepts and records the transmitted data may result in encrypted log

entries that are useless for auditing purposes.

Constructing a logging solution for accountability must be aware of an existing authorisation solution in the same system to produce the logs correctly. Depending on how these two work together, the logs might

contain nothing, or meaningless info, or different types of info…

Recall: the challenges

Outline

2) SoSPa and its application1) Motivation

SOLUTION: An MDS approach based on a library-like System of Security design Patterns (shortly called SoSPa).

•Securitydesignpa1ernsarespecifiedasreusableaspectmodels.•Arefinementprocessfromabstractdesignpa1ernstodetailed

securitydesignpa0erns.•Inter-pa3ernrela4onsguidessystema9callyselec9ngtheright

securitydesignpa1ernsforthejob.

SOLUTION: Security Patterns are specified as Reusable Aspect Models (RAM): pattern refinement based on hierarchical RAM models

AspectSessionpa1ern

Extended RAM metamodel to support SoSPa

Feature model for specifying the interrelations among security patterns.

Interrelations among the security patterns

A partial feature model of Authentication. Let’s build a complete authentication solution for CMS.

The RAM of high-level Authentication pattern: 1) authentication means a check is called, how to check depends on lower-lever patterns; 2) a

protected method |m can only be executed if “authenticated”

Have to manage the user credentials directly? DirectAuthentiation pattern is a solution

A partial feature model of Authentication. Let’s build a complete authentication solution for CMS.

Pattern-Driven Secure Systems Development Process

A partial view of CMS with part of the createMission function. How to make sure that only authenticated, authorised person can

createMission? and a log of this action is created and secured?

Jörg Kienzle, Nicolas Guelfi, and Sadaf Mustafiz. Crisis management systems: a case study for aspect-oriented modeling. in Transactions on Aspect-Oriented Software Development XI, pp. 109-144. Springer Berlin Heidelberg, 2010.

Selected security design patterns for building the security solution for Crisis Management Systems.

Woven model: The woven class diagram of CMS including security patterns’ classes.

Woven Model: Message View

Outline

3) Conclusions and Future Work

1) Motivation2) SoSPa

Future Work: Idea 1) The Impact of Security Patterns regarding other Quality Attributes, e.g. Performance, Usability.

O. Alam, J. Kienzle, and G. Mussbacher. “Concern-Oriented Software Design”. In: International Conference on Model Driven Engineering Languages and Systems. 2013.

Future Work: Idea 2) Test Templates embedded into Security Patterns for Testing the application of security patterns.

T. Kobashi et al. “Validating Security Design Patterns Application Using Model Testing”. In: Availability, Reliability and Security (ARES), 2013 Eighth International Conference on. IEEE. 2013, pp. 62–71.

Future Work: Idea 2) Test Templates embedded into Security Patterns for Testing the application of security patterns.

Future Work: Idea 3) An empirical study: “Does SoSPa really help Designers?”. Would it help in terms of increasing the productivity of

designers and the security of system being built?

With SoSPa

Future Work: Idea 4) A Hybrid MDS Approach of SoSPa with other Ad-hoc Security Solutions based on Domain-Specific Languages?

Future Work: Idea 5) Develop a Domain-Specific Language of Security Patterns

Thank you for your attention! Q&A &more…Email: phu@simula.no

Twitter: @nguyenhongphu

Phu Hong Nguyen, Koen Yskout, Thomas Heyman, Jacques Klein, Riccardo Scandariato, and Yves Le Traon. “SoSPa: A System of Security Design Patterns for Systematically Engineering Secure Systems.” In ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems. 2015.

SoSPa: A System of Security Patterns for engineering Secure Systems

Software

Secure Systems Research Group - FAU Patterns for Wireless Web Services Nelly Delessy January 19, 2006

Security patterns and secure systems design using UML · 2010-05-25 · 43 Security patterns • Analysis and design patterns are well established • There are many principles of

Two patterns for cloud computing: Secure Virtual … · Two patterns for cloud computing: Secure Virtual Machine Image ... —Secure Virtual Machine Image Repository: Avoid the poisoning

ArcGIS Secure Mobile Implementation Patternsstatistics.caricom.org/Files/Meetings/PRASC/Census... · 2019. 5. 14. · ArcGIS Secure Mobile Implementation Patterns . An Esri Security

Security Principles and Patterns for Secure Software

Secure Design Patterns - faculty.cs.nku.eduwaldenj/classes/2017/spring/csc666/... · CSC 666: Secure Software Engineering Design Patterns A solution to a problem in context that can

Secure Design Patterns

| SECURE ... · SECURE SYNOPSIS MAINS - 2018 ... Topic: Major crops cropping patterns in various parts of the country, different types of irrigation and irrigation ... What do you

Secure Systems Research Group - FAU Using patterns to compare web services standards E. Fernandez and N. Delessy

Design Principles and Patterns for Computer Systems that are … · 2005-04-26 · Design Principles and Patterns for Computer Systems that are Simultaneously Secure and Usable User

Secure Design Patterns - IDATDDC90/literature/papers/...i | CMU/SEI-2009-TR-010 Table of Contents Acknowledgments v Abstract vi 1 Introduction 1 1.1 About Secure Design Patterns 1

Worldwide Ancient Traditions meet · the refinement and skill of the latest in French cosmetology to create SoSPA: an exhilarating and rejuvenating experience. Awake your senses and

Planning matters! Tools for real town planning in the ... · •manage urban growth • secure necessary infrastructure investment • determine appropriate settlement patterns for

Chapter 2 Using Security Patterns to Develop Secure Systemsepub.uni-regensburg.de/18787/1/Mouratidis2010Ch2.pdf · 2011-07-20 · 19 Using Security Patterns to Develop Secure Systems

Three Design Patterns for Secure Distributed Systems Alan H. Karp Kevin Smathers Hewlett-Packard Laboratories

Secure Design Patterns · 2015-07-29 · design patterns to take security issues into account, are also proposed in this report. The creation of secure design patterns by generalizing

Secure Systems Research Group - FAU WS-Security and its Related Patterns Presented by Keiko Hashizume

SoSPA Menu 241215d2e5ushqwiltxm.cloudfront.net/.../04/18052826/SoSPA-Menu.pdf · 2017-04-18 · À LA CARTE SIGNATURE TREATMENTS 60 to 90 minutes Price from THB 3,200 to 3,500 So

So SPA Menu 2017 - d2e5ushqwiltxm.cloudfront.netd2e5ushqwiltxm.cloudfront.net/.../SoSPA-Menu-2017.pdf · The Moroccan Beldi black soap is ... Pink Himalaya Scrub 30 minutes THB 1,900

11 2490 SoSpa Menu GB D Munich 10.08.2011.indd 1 11.08.11 ...webster.ac.at/sites/webster.ac.at/files/attachments/sofitel_spa-druck-1-16.pdf · blutung angeregt, auch die Zellregeneration