Unformatted text preview:

UMLSecCritical/High assurance Systems DevelopmentQuality vs. costModel-based SecurityGoal: Secure by DesignModel-based Security EngineeringSecure by designUsing UMLChallengesUML Extension GoalsThe High-assurance design UML profilesUML - ReviewSummary of UML ComponentsDependencyUML run-through: Class diagramsUML run-through: StatechartsUML run–through: Activity diagramsUML run-through: Sequence DiagramsUML Deployment diagramsUML PackageUML Extension mechanismsBasic Security RequirementsBasic Security Requirements IIProblemsCauses ICauses IIDifficultiesPrevious approachesHolistic view on SecurityRequirements on UML extensionSlide 31UMLsec: general ideasStereotypesSlide 34UMLsec profileSlide 36<<Internet>> , <<encrypted>> , …Requirements with use case diagrams«fair exchange»Slide 40<<secure links>> Example<<secure links>> ExampleSlide 43<<secure dependency>>Example <<secure dependency>>Slide 46<<no down–flow>>Example <<no down-flow>>Slide 49<<data security>>NotationExample <<data security>>Slide 53<<guarded access>>Example <<guarded access>>Does UMLsec meet requirements?Design PrinciplesSlide 58Security PatternsSolution: Wrapper PatternSecure channel pattern:Simple solutionSlide 63UMLSecUMLSecLecture 10IS 2935: Developing Secure SystemsCourtesy of Jan Jürjens, who developed UMLsecIS 2935: Developing Secure SystemsCourtesy of Jan Jürjens, who developed UMLsecCourtesy of Jan JürjensCritical/High assurance Systems Development•High quality development of critical systems (dependable, security-critical, real-time,...) is difficult.•Many systems developed, deployed, used that do not satisfy their criticality/security requirements, sometimes with spectacular failures.•Many flaws found in design/implementation–CERT reportsNo coherent and complete methodology to ensure security in the construction of large general-purpose systems exists …Courtesy of Jan JürjensQuality vs. cost•Systems on which human life and commercial assets depend need careful development.•Systems operating under possible system failure or attack need to be free from weaknesses/flaws•Correctness in conflict with cost.•Thorough methods of system design not used if too expensive.Courtesy of Jan JürjensModel-based Security•Goal: –Make the transition from human ideas to executed systems easy–Increase quality/assurance with bounded time-to-market and cost.RequirementsModelsCodeCourtesy of Jan JürjensGoal: Secure by DesignConsider critical properties•from very early stages•within development context•taking an expansive view •seamlessly throughout the development lifecycle.High Assurance/Secure design by model analysis.High Assurance/Secure implementation by test generation.Courtesy of Jan JürjensModel-based Security EngineeringCombined strategy:•Verify models against requirements•Generate code from models where reasonable•Write code and generate test sequences otherwise.RequirementsModelsCodeVerifyCode Gen. Test Gen.Courtesy of Jan JürjensSecure by design•Establish the system fulfills the security requirements–At the design level–By analyzing the model•Make sure the code is secure–Generate test sequences from the modelCourtesy of Jan JürjensUsing UML•UML–Provides unprecedented opportunity for high-quality and cost- and time-efficient high-assurance systems development:•De-facto standard in industrial modeling: large number of developers trained in UML.•Relatively precisely defined •Many tools (specifications, simulation, …).Courtesy of Jan JürjensChallenges•Adapt UML to critical system application domains.•Correct use of UML in the application domains.•Conflict between flexibility and unambiguity in the meaning of a notation.•Improving tool-support for critical systems development with UML (analysis, …).Courtesy of Jan JürjensUML Extension Goals•Extensions for high assurance systems development.–evaluate UML specifications for weaknesses in design–encapsulate established rules of prudent critical/secure systems engineering as checklist–makes available to developers not specialized in critical systems–consider critical requirements from early design phases, in system context–make certification cost-effectiveCourtesy of Jan JürjensThe High-assurance design UML profiles•Recurring critical security requirements, failure/adversary scenarios, concepts offered as stereotypes with tags on component-level.•Use associated constraints to evaluate specifications and indicate possible weaknesses.–Ensures that UML specification provides desired level of critical requirements.•Link to code via test-sequence generation.Courtesy of Jan JürjensUML - ReviewUnified Modeling Language (UML):•visual modeling for OO systems•different views on a system•high degree of abstraction possible•de-facto industry standard (OMG)•standard extension mechanismsCourtesy of Jan JürjensSummary of UML Components•Use case diagram–discuss requirements of the system•Class diagram –data structure of the system•Statechart diagram–dynamic component behavior•Activity diagram–flow of control between components•Sequence diagram–interaction by message exchange•Deployment diagram –physical environment•Package/Subsystem–collect diagrams for system partCurrent: UML 1.5 (released Mar 2003)Courtesy of Jan JürjensDependencysubtypesupertypedependencyCourtesy of Jan JürjensUML run-through: Class diagrams•Class structure of system.•Classes with attributes and operations/signals;–relationships between classes.Courtesy of Jan JürjensUML run-through: Statecharts•Dynamic behavior of individual component.•Input events cause state change and output actions.event[guard]/actione[g]/aCourtesy of Jan JürjensUML run–through: Activity diagrams•Specify the control flow between components within the system, at higher degree of abstraction than state-charts and sequence diagrams.For each component orobjectSynchronization barA special case ofState-chartA special case ofState-chartaction stateSub-activityCourtesy of Jan JürjensUML run-through: Sequence Diagrams•Describe interaction between objects or components via message exchange.Courtesy of Jan JürjensUML Deployment diagrams•Describe the physical layer on which the system is to be implemented.Logical (connections)Courtesy of Jan JürjensUML Package•May be used to organize model elements into groups within a physical systemCourtesy of Jan JürjensUML Extension


View Full Document

Pitt IS 2935 - Developing Secure System

Download Developing Secure System
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Developing Secure System and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Developing Secure System 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?