A Systematic Review of Model-Driven Security

APSEC 2013, Bangkok, Thailand December 05th, 2013

Phu H. Nguyen, Jacques Klein,

and Yves Le Traon

Interdisciplinary Centre for Security,

Reliability and Trust (SnT),

University of Luxembourg,

Luxembourg

Max E. Kramer

Software Design and Quality Group,

Karlsruhe Institute of Technology (KIT),

Germany

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 2

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 3

1. MDS

Outline

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 4

1. MDS

Outline

2. SLR

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 5

1. MDS

Outline

2. SLR

3. Results

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 6

Many security weaknesses already made the

headlines of the newspapers.

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 7

1. (Software) systems are getting more complex, especially including security concerns.

http://seanblanchfield.com

dbstrat.com

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 8

2. Security threats evolving fast, but are not taken into account early in the development process!

securesoftware.blogspot.com

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 9

3. Economic pressure reduces the development time and increases the frequency of demanded modifications…

http://blogs.vmware.com

Article (Fernandez-Medina2009) Fernández-Medina, E.; Jurjens, J.; Trujillo, J. & Jajodia, S. Model-Driven Development for secure information systems Information and Software Technology, 2009, 51, 809-814

Article (Fernandez-Medina2009)

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 12

Model-Driven Security with SecureUML Model Driven Security, Technical Report 414, ETH Zurich, 2004

1. Security concerns are dealt with from the very beginning, and throughout the MDS development lifecycle.

SecureUML

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 13

2. Model-Based Security Verification & Validation could check for security properties in advance!

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 14

3. MDS is productive, less error-prone by leveraging on (automated) model transformations.

www.sparxsystems.com

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 15

Why a Systematic Review of MDS?

www.replicatedtypo.com

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 16

Research Question (RQ) 1: How are the existing MDS approaches supporting the development of secure systems?

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 17

Sub-Research Questions

RQ1.1 What kinds of security mechanisms/concerns are addressed by these MDS approaches?

RQ1.2 How do the MDS approaches specify/model security requirements together with functional requirements?

RQ1.3 How model-to-model transformations (MMTs) are leveraged and which MMT engines are used?

RQ1.4 How model-to-text transformations (MTTs) are leveraged to generate code, including complete, configured security infrastructures?

Research Question (RQ) 1: How are the existing MDS approaches supporting the development of secure systems?

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 18

Sub-Research Questions

RQ1.5 Have any case studies been performed to evaluate the approaches? If yes, what results have been obtained? What other evaluation methods (other than case studies) have been applied to evaluate these approaches?

RQ1.6 Which application domains have been addressed in MDS approaches?

Research Question (RQ) 1: How are the existing MDS approaches supporting the development of secure systems?

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 19

RQ3: What are the open issues to be further investigated?

RQ2: What are the current limitations of each approach?

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 20

( “model-driven” OR “model based” OR MDA OR MDE OR model* OR UML ) AND ( specify* OR design* ) AND ( transform* OR “code generation” ) AND security

Selection Criteria

IEEE Xplore ACM Digital Library

ISI Web of Knowledge

Science Direct

Springer

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 21

Evaluation Criteria - A Taxonomy of MDS

Security concerns/mechanisms

Modeling approaches

Model-to-model transformations (MMTs)

Model-to-text transformations (MTTs)

Evaluation methods

Application domains

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 22

Results

Security concerns addressed by MDS. Why is Authorization tackled the most?

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 23

Aspect-Oriented Modeling vs. Non-AOM

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 24

Results

Model-to-model transformations

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 25

Results

Model-to-code transformations

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 26

Results

Application domains

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 27

Results in details.

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 28

Primary Approaches

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 29

• Make sure the full selection of the most relevant MDS papers for the final set.

– Manual Search

– Adopt the “Snowballing” strategy

• Expand the discussion more detailed, e.g. trends analysis.

• Expand the comparison of all MDS approaches.

Future Work

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 30

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 31

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 32

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 33

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 34

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 35

ICTSS 2010 A Systematic Review of MDS Phu H. Nguyen et al. 36

• More information? Interested? => our paper is available!

• Twitter: @nguyenhongphu

The End! Q&A