SECURITY REQUIREMENT FROM PROBLEM FRAMES PERPECTIVE Fabricio Braz 01/25/08.

Slides:

Advertisements

Similar presentations

Use Case Diagrams Damian Gordon.

Advertisements

Operating System Security

Analysis Modeling.

These handouts and documents with attachments are not final, complete, or definitive instruments. This information is for guidance purposes only. You should.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

OASIS Reference Model for Service Oriented Architecture 1.0

1 An Overview of Computer Security computer security.

Software Testing and Quality Assurance

Introducing Computer and Network Security

The Architecture Design Process

© 2005 Prentice Hall12-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.

Four Dark Corners of Requirements Engineering

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 2 Wenbing Zhao Department of Electrical and Computer Engineering.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

CSC271 Database Systems Lecture # 21. Summary: Previous Lecture  Phases of database SDLC  Prototyping (optional)  Implementation  Data conversion.

Practical IS security design in accordance with Common Criteria Security and Protection of Information 2005 František VOSEJPKA S.ICZ a.s. June 5, 2005.

Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.

12 NYCRR PART PUBLIC EMPLOYER WORKPLACE VIOLENCE PREVENTION PROGRAMS.

Project Analysis Course ( ) Week 2 Activities.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Security Risk Assessment Applied Risk Management July 2002.

BUSINESS B1 Information Security.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

The Security Analysis Process University of Sunderland CSEM02 Harry R. Erwin, PhD.

5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 6 Slide 1 Software Requirements.

Chapter 5 Entity–Relationship Modeling

Computer Science and Engineering 1 Service-Oriented Architecture Security 2.

Intro: Use Case and Use Case Diagram Documentation.

Software Requirements Presented By Dr. Shazzad Hosain.

SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

Firewall Technologies Prepared by: Dalia Al Dabbagh Manar Abd Al- Rhman University of Palestine

University of Toronto Department of Computer Science © Steve Easterbrook. This presentation is available free for non-commercial use with attribution.

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

7 Systems Analysis and Design in a Changing World, Fifth Edition.

Chapter 10 Normalization Pearson Education © 2009.

Use Cases Use Cases are employed to describe the functionality or behavior of a system. Each use case describes a different capability that the system.

Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.

IS550: Software requirements engineering Dr. Azeddine Chikh 2. Functional and non-functional requirements.

IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.

IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.

SIMPLE IRA Chapter 23 Employee Benefit & Retirement Planning Copyright 2011, The National Underwriter Company1 What is it? SIMPLE stands for “Savings Incentive.

CS212: Object Oriented Analysis and Design Lecture 32: Use case and Class diagrams.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Systems Analysis and Design in a Changing World, Fourth Edition

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Winter 2007SEG2101 Chapter 31 Chapter 3 Requirements Specifications.

Chapter Six Working with NDS Security. Chapter Objectives Describe NDS security and list the object and property rights Identify the NDS security needs.

Prepared By: Razif Razali 1 TMK 264: COMPUTER SECURITY CHAPTER SIX : ADMINISTERING SECURITY.

Use Case Diagrams. Introduction In the previous Lecture, you saw a brief review of the nine UML diagrams. Now that you have the clear, you'll start to.

CS 501: Software Engineering Fall 1999 Lecture 15 Object-Oriented Design I.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.

Computer Science / Risk Management and Risk Assessment Nathan Singleton.

1.3 Operating system services An operating system provide services to programs and to the users of the program. It provides an environment for the execution.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.

1 CS490 Database Management Systems. 2 CS490 Database Normalization.

Presentation on Software Requirements Submitted by

Chapter 4 – Requirements Engineering

Security Issues Formalization

Control system network security issues and recommendations

Answer the questions to reveal the blocks and guess the picture.

Maryna Komarova (ENST)

SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691

Database Management system

ONAP Risk Assessment – Preparation Material - Overview of the Process - Terminology - Assumptions

Presentation transcript:

SECURITY REQUIREMENT FROM PROBLEM FRAMES PERPECTIVE Fabricio Braz 01/25/08

Objective To present the core idea from the following articles, both based on problem frames: –Using trust assumptions with security requirements –Analysis and Component-based Realization of Security Requirements Analyze if they show alternatives to evolve our approach (everybody)

PROBLEM FRAMES SECURITY REQUIREMENT FROM PROBLEM FRAMES PERPECTIVE

Intro (1) All computing problems involve the interaction between domains –tangible (people, equipment, network) –intangible (information) –has interfaces, defined by the phenomena visible to others domains

Intro (2) Performs the transformation to satisfy the requirement The interplay of phenomena between the machine and its connected domains define what the machine has to do to satisfy the requirement Specification  expression of the behavior of phenomena visible at the boundary of the domains Requirements  description of the problem to be solved Machine

Intro (3) Requirements –permit passage from one room to another –physically separate rooms when possible Specification (it’s up to designer) –different phenomena and its boundaries (how it works) door, blank, garden maze –R: A Λ F Λ S  R, where A Λ F Λ S must be non- contradirory

Diagrams Context diagram Problem diagram Problem classes (not considered)

Context Diagram Domains of interest in a system Their interconnection The phenomena (events, operation calls, messages) on the interfaces between them

HS Subset System Requirements Salary, personal, and benefits information shall be able to be entered, changed, and deleted by HR staff. This information is referred to as payroll information Each employee shall be able to view a subset of his or her own personal and benefits information. Users shall have access to kiosks located at convenient locations throughout the building and able to display an ‘address list’ subset of personal information consisting of any employee’s name, office, and work telephone number At most 24 hours of modifications to information shall be vulnerable to loss.

Context Diagram of HR Sys

Problem Diagram Describes a problem in the system, expressed by a requirement. Projection of the context, showing only the domains or groups of domains of interest to the particular problem. Kind of problem diagram that describes the problem as one of a known set of problem classes, showing how a given requirement is to be satisfied using the pattern that the problem class represents

HS Subset System Requirements Salary, personal, and benefits information shall be able to be entered, changed, and deleted by HR staff. This information is referred to as payroll information Each employee shall be able to view a subset of his or her own personal and benefits information. Users shall have access to kiosks located at convenient locations throughout the building and able to display an ‘address list’ subset of personal information consisting of any employee’s name, office, and work telephone number At most 24 hours of modifications to information shall be vulnerable to loss.

Problem Diagram of Display HR System Requirement Requirement Domain Machine Shared Phenomena Constraining

SECURITY REQUIREMENTS SECURITY REQUIREMENT FROM PROBLEM FRAMES PERPECTIVE

Information Security Buzzwords Asset –something in the context of the system, tangible or not, that is to be protected Threat –the potential for abuse of an asset that will cause harm Vulnerability –weakness in the system that an attack exploits to realize a threat

Security Requirements Definition Express constraints on the behavior of a system sufficient to satisfy security goals (CIA) Limit undesired system behavior as much as possible while still satisfying the system’s requirements Constraints on functional requirements, intended to reduce the scope of vulnerabilities

USING TRUST ASSUMPTIONS WITH SECURITY REQUIREMENTS B. HALEY AND C. LANEY AND D. MOFFETT AND BASHAR NUSEIBEH SECURITY REQUIREMENT FROM PROBLEM FRAMES PERPECTIVE

Security Requirements CIA general goals to assets Actions which violate the goal  threat –performing action X on/to/which asset Y could cause harm Z HR system –Exposing salary data could reduce employee morale, lowering productivity. –Changing salary data could increase salary costs, lowering earnings. –Exposing addresses (to headhunters) could cause loss of employees, raising costs.

Security Requirements by Problem Frames Analysis of context or problem diagrams –An threaten asset must be a domain or contained in a domain, or be found in the phenomena Employ constraints on functionality that ensure that the asset cannot be abused in the way the threat description requires –changes and/or additions to the domains or phenomena: changing the behavior of the domains in the context, requiring specific behavior of the machine adding trust assumptions explaining why undesired behavior is believed not to occur

Display HR System Revisited

Trust Assumptions An assumption by a requirements engineer that, in order to satisfy a security requirement, the membership or specification of a domain can depend on certain properties. The requirements engineer trusts the assumption to be true. These assumed properties or assertions act as domain restrictions; they restrict the domain in some way that contributes to the satisfaction of the security requirement.

Trust Assumptions Purposes Contribute to the security argument –in the context of the system and with information known at that point, the system is adequately secure Avoid analysis scope creep (recursive process) –due to domain properties that cannot be verified with the information in hand One trust assumptions may play a role in satisfying multiple security requirements

Trust Assumptions Example The computers must operate for at least 8 h in the event of a power failure Security requirement –adding backup generators to the system –appropriate phenomena would be added so that the machine can detect the power loss, control the generators, detect going beyond 8 h Should I believe that the generators are attack resistant?

Trust Assumptions Representation Identification of the domain being restricted by the trust assumption Effect of the trust assumption Narrative description of the restriction(s) Preconditions List of security requirements (the constraints) satisfied TA1.1:People Credentials keep private

TAs – Using authentication

TA – Credentials keep private (1) The dependent domain: People. Effect: The People domain is restricted to contain individuals who are using their own credentials. Explanation: Before the restriction, the people domain can contain individuals who have credentials that may or may not have been allocated to them. After application of the restriction, the people domain can contain only individuals who have credentials allocated to them and who are using their own credentials. Preconditions: This trust assumption depends on TA1.2— that administrators will not expose one person’s credentials to another person.

TA – Credentials keep private (2) Justification: The employees of this company are all stockholders who stand to benefit greatly from the success of the company, and therefore will respect the security rules out of self interest. The employees are also all security experts who understand at a visceral level the reasons for keeping credentials private. For these reasons we assume that they will not expose their credentials, either accidentally or intentionally. Security requirements partially satisfied: Address information shall be restricted to employees.

TAs – Using building security

TA – Building Security (1) The dependent domain: Employees. The effect: The original People domain is restricted to contain Employees. Explanation: Before the restriction, the people domain contains individuals, whether or not they can actually enter the building. After application of the restriction, the people domain contains only employees, the permitted occupants of the building. Preconditions. This trust assumption depends on the existence and operation of a building security system.

TA – Building Security (2) Justification: The entrances to the building are protected by professional security staff who verify that people entering the building are employees. If a person who is not an employee is permitted entrance, that person is escorted by a member of security staff while in the building. Security requirements partially satisfied: Address information shall be restricted to employees.