Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Model-Driven Approach for Dev. & Operations of Security-sensitive IS Hasan Sayani Jim Chen Mary Hoferek Graduate School of Mgmt & Technology University.

Similar presentations


Presentation on theme: "A Model-Driven Approach for Dev. & Operations of Security-sensitive IS Hasan Sayani Jim Chen Mary Hoferek Graduate School of Mgmt & Technology University."— Presentation transcript:

1 A Model-Driven Approach for Dev. & Operations of Security-sensitive IS Hasan Sayani Jim Chen Mary Hoferek Graduate School of Mgmt & Technology University of Maryland University College

2 Copyright, H. Sayani, MD., March 2, Introduction zLeveraging Work Flow yOriginated in Industrial Engineering xTracking Materials through Processes xApplies to Information Systems as well yMay be used to model Information Systems xAt any phase of the development cycle xNon-threatening to functional users yAvailable as part of Microsofts Vista and Office 2007 yDocument management packages (e.g. Hershey Systems) yWe use it to model Security yFits into a Meta-Meta view of IS

3 Copyright, H. Sayani, MD., March 2, Data-Activity-Control- Constraint (Meta-meta)

4 Copyright, H. Sayani, MD., March 2, Major Building Block of WF zThe Activity (e.g., in IDEF0) components yControl (logical) yPerformance (using specified Procedure) yData Input yData Output yDatabase Interaction (added explicitly) zEnhanced for our model

5 Copyright, H. Sayani, MD., March 2, The Visualized Activity Model

6 Copyright, H. Sayani, MD., March 2, Diagrammatic Ontology of the Activity Model

7 Copyright, H. Sayani, MD., March 2, Ontology of the Activity Model (Culture) zCULTURE CONTENTS REPORTWed Feb 28 17:49: zOBJECTS: z z 1) ACTIVITY z 2) DATABASE z 3) ICOM zRELATIONSHIPS: z z 1) PROCESS z Role:1 OUTPUT z Role Player(s) OBJ: ICOM z Role:2 INPUT z Role Player(s) OBJ: ICOM z Role:3 PROCESS z Role Player(s) OBJ: ACTIVITY z Role:4 CONTROL z Role Player(s) OBJ: ICOM z Role:5 DATA z Role Player(s) OBJ: DATABASE z Role:6 MECHANISM z Role Player(s) OBJ: ICOM zPROPERTIES z z 1) PROCEDURE

8 Copyright, H. Sayani, MD., March 2, Work Flow zThe stringing together of Activities to perform a functional task zInterspersed with a special type of Activity yRoutes to the next Activity yVia Procedure using classic control constructs yCan be used across Life Cycle

9 Copyright, H. Sayani, MD., March 2, Security Concerns zComponents ySpecifically targeted xControl (logical) xPerformance (using specified Procedure) xData Input xData Output xDatabase Interaction yOr, generally aimed at Activity

10 Copyright, H. Sayani, MD., March 2, Diagrammatic Ontology of the Security Model

11 Copyright, H. Sayani, MD., March 2, Overlay of Security on Work Flow

12 Copyright, H. Sayani, MD., March 2,

13 Copyright, H. Sayani, MD., March 2, Visualization of Work Flow

14 Copyright, H. Sayani, MD., March 2, Control z Functional control z Security Control

15 Copyright, H. Sayani, MD., March 2, Control Constraints z Sequence of control flow constructs z Conditional constructs (if-then-else) z Iteration constructs (while loop)

16 Copyright, H. Sayani, MD., March 2, Routing

17 Copyright, H. Sayani, MD., March 2, Security: Access Control z Identification z Authentication z Authorization

18 Copyright, H. Sayani, MD., March 2, Example IF (Identification = OK) AND (Authentication = OK) AND (Authorization = OK) THEN DO X ELSE EXIT

19 Copyright, H. Sayani, MD., March 2, Benefits z Good tracking mechanism in the hierarchy z Good tracking mechanism in the systems development life cycle

20 Copyright, H. Sayani, MD., March 2, Application Environments z Role-based access of data z Network security z Intrusion detection z Forensics

21 Copyright, H. Sayani, MD., March 2, A Database Perspective zLast year, we talked about data centric view rather than work flow.

22 Copyright, H. Sayani, MD., March 2, Meta-Model of IS

23 Copyright, H. Sayani, MD., March 2, A Database Perspective zLast year, looked at 3 dimensional perspective of data analysis. ProcessesProcesses Risk

24 A Database Perspective ProcessesProcesses Threat Threshold Values Severe: Moderate: Minor: 1-10 Threat Threshold Values Severe: Moderate: Minor: 1-10 Column Sensitivity Values Highly Sensitive: 5 Sensitive: 4 Moderate: 3 Minor: 2 Not Sensitive: 1 Column Sensitivity Values Highly Sensitive: 5 Sensitive: 4 Moderate: 3 Minor: 2 Not Sensitive: Some Threat!!! Data elements of different sensitivities. Aggregated columns are triggered by the highest sensitivity value. Copyright, H. Sayani, MD., September

25 Copyright, H. Sayani, MD., March 2, A Database Perspective zIdentify code red data items zBased on that, workflow could vary substantially

26 Copyright, H. Sayani, MD., March 2, Meta-Model of IS

27 Copyright, H. Sayani, MD., March 2, A Database Perspective zCould view preceding diagram as a commercial database engine.

28 Copyright, H. Sayani, MD., March 2, A Database Perspective zLook at just one aspect of workflow and see how security concerns could be addressed - Performer

29 Copyright, H. Sayani, MD., March 2, A Database Perspective zData Mining attack characteristics: yOrganized, technical, professional adversary yCompromised user and system credentials yKey logging programs strategically deployed yUsed SQL injection to get IDs and passwords yCompiled, malicious code was encrypted- to prevent reverse engineering yLarge amount of traffic to external address yHigh volume of traffic during non-working hours yFamiliar with organization – went after executive, research and technical accounts yNew users appeared on system yStole valid ID and established their own (Windsor, 2007).

30 Copyright, H. Sayani, MD., March 2, A Database Perspective zLook again at workflow model and apply to database – assume this attack. What counter measures could database professionals establish for Performer? yStole IDs so looked like authorized user yCreated own ID and gave privileges

31 Copyright, H. Sayani, MD., March 2, A Database Perspective zCounter measures: ySet up dummy IDs yDetermined who was targeted yIdentify data that was stolen yIdentify earliest known unauthorized action yIdentify malicious code

32 Copyright, H. Sayani, MD., March 2, A Database Perspective zIf protecting code red, could establish code in DBMS yTrigger when dummy ID accessed yTrigger to audit all access to data yTrigger to send back false data – basically to lie yLimit access to catalog – cant get schema yLimit all accesses to code in DBMS

33 Copyright, H. Sayani, MD., March 2, A Database Perspective zOutside of DBMS – problem yWent after files themselves yCommon file names in industry yEncrypted files yASM – help or hurt? yCan DBMS files be set up so that only DBMS can access? Just a thought

34 Copyright, H. Sayani, MD., March 2, A Database Perspective zData and workflow interwoven zJust some ideas today. Good food for thought

35 Copyright, H. Sayani, MD., March 2, A Database Perspective zReference: Windsor, S. Case Study of a Professional Hackers Data Mining Intrusion. Presented at 2007 Maryland CyberSecurity Forum. February 22, 2007 at UMUC.


Download ppt "A Model-Driven Approach for Dev. & Operations of Security-sensitive IS Hasan Sayani Jim Chen Mary Hoferek Graduate School of Mgmt & Technology University."

Similar presentations


Ads by Google