Secure Systems Research Group - FAU Classifying security patterns E.B.Fernandez, H. Washizaki, N. Yoshioka, A. Kubo.

Slides:



Advertisements
Similar presentations
Software Architecture Design Chapter 12 Part of Design Analysis Designing Concurrent, Distributed, and Real-Time Applications with UML Hassan Gomaa (2001)
Advertisements

SEBGIS 2005, Agia Napa, Cyprus, October 31 - November 4, 2005 MECOSIG Adapted to the Design of Distributed GIS F. Pasquasy, F. Laplanche, J-C. Sainte &
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Page 1 Building Reliable Component-based Systems Chapter 7 - Role-Based Component Engineering Chapter 7 Role-Based Component Engineering.
Software Testing and Quality Assurance
Pittsburgh, PA Copyright 2004, Carnegie Mellon University. All rights reserved. Concepts for Writing Effective Process Guidance Suzanne Garcia.
Communication Notation Part V Chapter 15, 16, 18 and 19.
Chapter 6 Methodology Conceptual Databases Design Transparencies © Pearson Education Limited 1995, 2005.
Secure Systems Research Group - FAU Security patterns Eduardo B. Fernandez Dept. of Computer Science and Engineering Florida Atlantic University Boca Raton,
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Lecture Fourteen Methodology - Conceptual Database Design
Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.
L ECTURE 9 – PROCESS MODELLING PART 1 Data Flow Diagrams for Process Modelling Multi-level Data Flow Diagrams Logical Vs Physical DFDs Steps to Construct.
Methodology Conceptual Database Design
Foundations This chapter lays down the fundamental ideas and choices on which our approach is based. First, it identifies the needs of architects in the.
Chapter 9 Architecture Alignment. 9 – Architecture Alignment 9.1 Introduction 9.2 The GRAAL Alignment Framework  System Aspects  The Aggregation.
Incorporating database systems into a secure software development methodology Eduardo B. Fernandez, Jan Jurjens, Nobukazu Yoshioka, and Hironori Washizaki.
Chapter One Overview of Database Objectives: -Introduction -DBMS architecture -Definitions -Data models -DB lifecycle.
Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.
Architectural Design.
LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
Chapter 10 Architectural Design
CONTI’2008, 5-6 June 2008, TIMISOARA 1 Towards a digital content management system Gheorghe Sebestyen-Pal, Tünde Bálint, Bogdan Moscaliuc, Agnes Sebestyen-Pal.
1 Yolanda Gil Information Sciences InstituteJanuary 10, 2010 Requirements for caBIG Infrastructure to Support Semantic Workflows Yolanda.
An Introduction to Software Architecture
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Methodology - Conceptual Database Design Transparencies
Software School of Hunan University Database Systems Design Part III Section 5 Design Methodology.
Methodology Conceptual Databases Design
1 Chapter 15 Methodology Conceptual Databases Design Transparencies Last Updated: April 2011 By M. Arief
SOFTWARE DESIGN AND ARCHITECTURE LECTURE 07. Review Architectural Representation – Using UML – Using ADL.
SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.
Organizing Your Information
Methodology - Conceptual Database Design. 2 Design Methodology u Structured approach that uses procedures, techniques, tools, and documentation aids to.
1/26/2004TCSS545A Isabelle Bichindaritz1 Database Management Systems Design Methodology.
Methodology: Conceptual Databases Design
1 Systems Analysis and Design in a Changing World, Thursday, January 18, 2007.
CS 4310: Software Engineering Lecture 4 System Modeling The Analysis Stage.
1 Introduction to Software Engineering Lecture 1.
Methodology - Conceptual Database Design
Review of Software Process Models Review Class 1 Software Process Models CEN 4021 Class 2 – 01/12.
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
What is Object-Oriented?  Organization of software as a collection of discreet objects that incorporate both data structure and behavior.
Using security patterns to develop secure systems Eduardo B. Fernandez Florida Atlantic University.
Chapter 5 System Modeling. What is System modeling? System modeling is the process of developing abstract models of a system, with each model presenting.
Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.
Chapter 2 Database Environment.
1 Chapter 2 Database Environment Pearson Education © 2009.
Methodology Conceptual Databases Design
Software Engineering Lecture 4 System Modeling The Analysis Stage.
Chapter 2 Database Environment.
Methodology Conceptual Database Design
OO Methodology OO Architecture.
Chapter 2 Database Environment.
Chapter 2 Database Environment Pearson Education © 2009.
Chapter 2 Database Environment Pearson Education © 2009.
The ANSI/SPARC Architecture aka the 3 Level Architecture
Chapter 5 Designing the Architecture Shari L. Pfleeger Joanne M. Atlee
University of Houston-Clear Lake
Software Architecture
Design Model Like a Pyramid Component Level Design i n t e r f a c d s
Analysis models and design models
An Introduction to Software Architecture
Methodology Conceptual Databases Design
Chapter 2 Database Environment Pearson Education © 2014.
Chapter 2 Database Environment Pearson Education © 2009.
Chapter 2 Database Environment Pearson Education © 2009.
Presentation transcript:

Secure Systems Research Group - FAU Classifying security patterns E.B.Fernandez, H. Washizaki, N. Yoshioka, A. Kubo

Secure Systems Research Group - FAU Need for classification A good number of security patterns have been described in the literature and two books (catalogs) have appeared However, these are mostly unstructured We need guidance for the designers on how to select appropriate patterns A good classification of security patterns can help

Secure Systems Research Group - FAU Several classifications Types of patterns Architectural concerns Architectural layers Text similarity Pattern diagrams

Secure Systems Research Group - FAU What type of pattern? An architectural pattern. They usually describe global system architecture concepts, e.g., do we need authentication between two distributed units? We consider this association to be the most convenient because security is a global property of a system. A design pattern. The fact that security can be considered an aspect of a software subsystem has made some groups consider them design patterns. However, design patterns are oriented towards code flexibility and do not consider global aspects, necessary for security. An analysis pattern. Security constraints should be defined at the highest possible level, i.e. at the conceptual model of the application. For example, we can define which users have which roles and what rights they need to perform their duties. This means that at least some security patterns are analysis patterns. A special type of pattern. We can add new sections or remove some sections from the standard template patterns but we don’t see a compelling reason for an entirely new type of pattern.

Secure Systems Research Group - FAU Architectural classification Since we consider security patterns to be architectural patterns, we should look at software architecture classifications. Avgeriou and Zdun classify architectural patterns using the type of concerns they address, e.g. Layered Structure, Data Flow, Adaptation, User Interaction, Distribution. This means we should classify security patterns according to their concerns, e.g. patterns for access control, cryptography, file control, identity, firewalling, etc. For example, authentication in distributed systems is considered in: Authenticator, Remote Authenticator /Authorizer, and Credential. Chapters 7 and 8 of [Sch06] are organized this way. Another type of concern is the general structuring of a system into core (host), perimeter, and external [Hafiz06]. Too coarse.

Secure Systems Research Group - FAU Levels of abstraction Patterns can be defined at several levels of abstraction. The highest level is typically a principle or a very fundamental concept, e.g. the concept of Reference Monitor, which indicates that every access must be intercepted and checked Another example shows that firewalls, database authorization systems, and operating system access control systems are special cases of access control systems

Secure Systems Research Group - FAU Firewall abstractions

Secure Systems Research Group - FAU Architectural layers We can think of a computer system as a hierarchy of layers, where the application layer uses the services of the database and operating system layers, which in turn, execute on a hardware layer. These layers provide another dimension for classification. Two basic principles of security are: Security constraints should be defined at the highest layer, where their semantics are clear, and propagated to the lower levels, which enforce them. All the layers of the architecture must be secure.

Secure Systems Research Group - FAU Classification using archit. levels

Secure Systems Research Group - FAU Levels and concerns

Secure Systems Research Group - FAU Automated similarity relationships Kubo et al. have proposed an automated relation analysis technique for patterns. This technique utilizes existing text processing techniques (such as TF-IDF and vector space model) to extract patterns from documents and to calculate the strength of pattern relations based on document similarity.

Secure Systems Research Group - FAU Automated analysis results

Secure Systems Research Group - FAU Pattern diagrams A pattern diagram uses these classifications to help the designer navigate in the design space. For example, an operating system designer can start from a Secure Process and use a Controlled Process Creator to create new processes in a secure way (controlling their initial rights). These processes can then execute in a Controlled Virtual Address Space (with controlled rights). The general structure of the virtual address space is defined through a Virtual Address Space Structure Selection.

Secure Systems Research Group - FAU Patterns for operating systems

Secure Systems Research Group - FAU Conclusions Patterns can be classified according to many viewpoints. A good classification can make their selection easier and more precise We have shown three possibilities: using as reference the architectural/functional objectives of the patterns, using as reference the architectural layers of a system, and looking at linguistic similarities in their descriptions Combining these classifications and expressing them as pattern diagrams which summarize the relevant patterns at a given stage or for a given concern, can guide designers in the selection of appropriate patterns Future work will include the development of further patterns and refining these classifications and incorporate them in our methodology and in a MDD approach

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.