SoSPa: A System of Security Patterns for engineering Secure Systems

MoDELS Conference

SoSPa: a System of Security design Patterns © 2015 Phu Hong Nguyen et al.

SoSPa: a System of Security Patterns for engineering Secure Systems

Phu Hong Nguyen1,2, Koen Yskout3, Thomas Heyman3, Jacques Klein2, Riccardo Scandariato3,4, and Yves Le Traon2

1 Simula Research Laboratory, Norway 2 SnT, University of Luxembourg, Luxembourg

3 iMinds-DistriNet, KU Leuven, Belgium 4 Chalmers & University of Gothenburg, Sweden


Outline

2

Motivation

Conclusions

SoSPa and its application


Outline

3

Phu Hong Nguyen, Max Kramer, Jacques Klein, Yves Le Traon, “An extensive systematic review on the Model-Driven Development of secure systems”, Information and Software Technology, Volume 68, 2015, Pages 62-81

Koen Yskout, Riccardo Scandariato, and Wouter Joosen. "Do Security Patterns Really help Designers?." Software Engineering (ICSE), 2015 37th International Conference on. IEEE. 2015.

1) Motivation


A SLR of MDS: Significant MDS approaches vs. Less common or emerging MDS approaches.



A SLR of MDS: Significant MDS approaches vs. Less common or emerging MDS approaches.




There is a lack of MDS approaches addressing multiple security concerns systematically.


Aspect-Oriented Modelling (AOM) could be leveraged more.



Security Patterns could be the solution but…


Using a catalog of security patterns improves neither the productivity of the software designer, nor the security of the design.



We need more than abstract patterns: bridge the gap of abstract security patterns with their detailed designs, their application,

especially their interrelations.

Authentication Enforcer pattern

Steel, Chritopher, and Ramesh Nagappan. Core Security Patterns: Best Practices and Strategies for J2EE", Web Services, and Identity Management. Pearson Education India, 2006.


How to systematically design the security of Crisis Management Systems (CMS)?

Jörg Kienzle, Nicolas Guelfi, and Sadaf Mustafiz. “Crisis management systems: a case study for aspect-oriented modeling". in Transactions on Aspect-Oriented Software Development XI, pp. 109-144. Springer Berlin Heidelberg, 2010.


CMS - A complex, distributed system but must be secure.

Jörg Kienzle, Nicolas Guelfi, and Sadaf Mustafiz. Crisis management systems: a case study for aspect-oriented modeling. in Transactions on Aspect-Oriented Software Development XI, pp. 109-144. Springer Berlin Heidelberg, 2010.


Some misuse cases related to user accounts, access control, accountability data, transmitted data


Security patterns are often too abstract with good intention but no clear semantics that make them difficult to be implemented and

applied, especially together.

Improperly integrating authentication, user session, and

authorisation solutions could lead to access rights misused,

and sensitive data leaked.

Wrongly implementing an encryption channel for data transmission and also an auditing

mechanism that intercepts and records the transmitted data may result in encrypted log

entries that are useless for auditing purposes.

Constructing a logging solution for accountability must be aware of an existing authorisation solution in the same system to produce the logs correctly. Depending on how these two work together, the logs might

contain nothing, or meaningless info, or different types of info…


Recall: the challenges

15


Outline

16

2) SoSPa and its application1) Motivation


SOLUTION: An MDS approach based on a library-like System of Security design Patterns (shortly called SoSPa).

•Securitydesignpa1ernsarespecifiedasreusableaspectmodels.•Arefinementprocessfromabstractdesignpa1ernstodetailed

securitydesignpa0erns.•Inter-pa3ernrela4onsguidessystema9callyselec9ngtheright

securitydesignpa1ernsforthejob.


SOLUTION: Security Patterns are specified as Reusable Aspect Models (RAM): pattern refinement based on hierarchical RAM models

AspectSessionpa1ern


Extended RAM metamodel to support SoSPa


Feature model for specifying the interrelations among security patterns.


Interrelations among the security patterns


A partial feature model of Authentication. Let’s build a complete authentication solution for CMS.


The RAM of high-level Authentication pattern: 1) authentication means a check is called, how to check depends on lower-lever patterns; 2) a

protected method |m can only be executed if “authenticated”


Have to manage the user credentials directly? DirectAuthentiation pattern is a solution


A partial feature model of Authentication. Let’s build a complete authentication solution for CMS.


Pattern-Driven Secure Systems Development Process


A partial view of CMS with part of the createMission function. How to make sure that only authenticated, authorised person can

createMission? and a log of this action is created and secured?

Jörg Kienzle, Nicolas Guelfi, and Sadaf Mustafiz. Crisis management systems: a case study for aspect-oriented modeling. in Transactions on Aspect-Oriented Software Development XI, pp. 109-144. Springer Berlin Heidelberg, 2010.


Selected security design patterns for building the security solution for Crisis Management Systems.


Woven model: The woven class diagram of CMS including security patterns’ classes.


Woven Model: Message View


Outline

31

3) Conclusions and Future Work

1) Motivation2) SoSPa


SoSPa

32


Future Work: Idea 1) The Impact of Security Patterns regarding other Quality Attributes, e.g. Performance, Usability.

O. Alam, J. Kienzle, and G. Mussbacher. “Concern-Oriented Software Design”. In: International Conference on Model Driven Engineering Languages and Systems. 2013.


Future Work: Idea 2) Test Templates embedded into Security Patterns for Testing the application of security patterns.

T. Kobashi et al. “Validating Security Design Patterns Application Using Model Testing”. In: Availability, Reliability and Security (ARES), 2013 Eighth International Conference on. IEEE. 2013, pp. 62–71.


Future Work: Idea 2) Test Templates embedded into Security Patterns for Testing the application of security patterns.


Future Work: Idea 3) An empirical study: “Does SoSPa really help Designers?”. Would it help in terms of increasing the productivity of

designers and the security of system being built?

With SoSPa

?



Future Work: Idea 4) A Hybrid MDS Approach of SoSPa with other Ad-hoc Security Solutions based on Domain-Specific Languages?

?


Future Work: Idea 5) Develop a Domain-Specific Language of Security Patterns

?


Thank you for your attention! Q&A &more…Email: [email protected]

Twitter: @nguyenhongphu

Phu Hong Nguyen, Koen Yskout, Thomas Heyman, Jacques Klein, Riccardo Scandariato, and Yves Le Traon. “SoSPa: A System of Security Design Patterns for Systematically Engineering Secure Systems.” In ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems. 2015.

mailto:[email protected]