This preview shows page 1-2-3-4-5-6-7-8-9-67-68-69-70-71-72-73-74-75-76-134-135-136-137-138-139-140-141-142 out of 142 pages.
Security PatternsRonald Wassermann and Betty H.C. Cheng∗Software Engineering and Network Systems LaboratoryDepartment of Computer Science and EngineeringMichigan State UniversityEast Lansing, Michigan 48824, USAEmail: {wasser17,chengb}@cse.msu.eduAbstractDesign patterns propose generic solutions to recurring design problems. Commonly, theypresent a solution in a well-structured form that facilitates its reuse in a different context. Re-cently, there has been growing interest in identifying pattern-based designs for the domain ofsystem security termed Security Patterns. Currently, those patterns lack comprehensive struc-ture that conveys essential information inherent to security engineering. This paper describesresearch into investigating an appropriate template for Security Patterns that is tailored to meetthe needs of secure system development. In order to maximize comprehensibility, we make useof well-known notations such as the Unified Modeling Language (UML) to represent structuraland behavioral aspects of design. Furthermore, we investigate how verification can be enabledby adding formal constraints to the patterns.∗Please contact B. Cheng for all correspondences.iContents1 Introduction 12 Background 22.1 Viega’s and McGraw’s ten principles . . . . . . . . . . . . . . . . . . . . . . . . . . . 22.1.1 Principle 1: Secure the weakest link. . . . . . . . . . . . . . . . . . . . . . . . 32.1.2 Principle 2: Practice defense in depth. . . . . . . . . . . . . . . . . . . . . . . 32.1.3 Principle 3: Fail securely. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.1.4 Principle 4: Follow the principle of least privilege. . . . . . . . . . . . . . . . 42.1.5 Principle 5: Compartmentalize. . . . . . . . . . . . . . . . . . . . . . . . . . . 42.1.6 Principle 6: Keep it simple. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.1.7 Principle 7: Promote privacy. . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.1.8 Principle 8: Remember that hiding secrets is hard. . . . . . . . . . . . . . . . 52.1.9 Principle 9: Be reluctant to trust. . . . . . . . . . . . . . . . . . . . . . . . . 62.1.10 Principle 10: Use your community resources. . . . . . . . . . . . . . . . . . . 62.1.11 Tradeoffs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62.2 The Unified Modeling Language (UML) . . . . . . . . . . . . . . . . . . . . . . . . . 72.2.1 UML class diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72.2.2 UML sequence diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.2.3 UML state diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.3 The Pattern Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Security Patterns 123.1 Security Patterns and previous work . . . . . . . . . . . . . . . . . . . . . . . . . . . 123.2 Security Pattern Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Examples of Security Patterns 174.1 Single Access Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184.2 Check Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264.3 Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334.4 Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39ii4.5 Full View With Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454.6 Limited View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484.7 Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 514.8 Multilevel Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 Formal Verification 615.1 Formal analysis techniques and tools . . . . . . . . . . . . . . . . . . . . . . . . . . . 615.2 Exemplary verification 01 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 635.2.1 System design . . . . . . . . . . . . . …
View Full Document