Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Model-Driven Approach for Dev. & Operations of Security-sensitive IS Hasan Sayani Jim Chen Mary Hoferek Graduate School of Mgmt & Technology University.

Published byGabriella Conley Modified over 10 years ago

Similar presentations

Presentation on theme: "A Model-Driven Approach for Dev. & Operations of Security-sensitive IS Hasan Sayani Jim Chen Mary Hoferek Graduate School of Mgmt & Technology University."— Presentation transcript:

1 A Model-Driven Approach for Dev. & Operations of Security-sensitive IS Hasan Sayani Jim Chen Mary Hoferek Graduate School of Mgmt & Technology University of Maryland University College

2 Copyright, H. Sayani, MD., March 2, 2006 2 Introduction zLeveraging Work Flow yOriginated in Industrial Engineering xTracking Materials through Processes xApplies to Information Systems as well yMay be used to model Information Systems xAt any phase of the development cycle xNon-threatening to functional users yAvailable as part of Microsofts Vista and Office 2007 yDocument management packages (e.g. Hershey Systems) yWe use it to model Security yFits into a Meta-Meta view of IS

3 Copyright, H. Sayani, MD., March 2, 2006 3 Data-Activity-Control- Constraint (Meta-meta)

4 Copyright, H. Sayani, MD., March 2, 2006 4 Major Building Block of WF zThe Activity (e.g., in IDEF0) components yControl (logical) yPerformance (using specified Procedure) yData Input yData Output yDatabase Interaction (added explicitly) zEnhanced for our model

5 Copyright, H. Sayani, MD., March 2, 2006 5 The Visualized Activity Model

6 Copyright, H. Sayani, MD., March 2, 2006 6 Diagrammatic Ontology of the Activity Model

7 Copyright, H. Sayani, MD., March 2, 2006 7 Ontology of the Activity Model (Culture) zCULTURE CONTENTS REPORTWed Feb 28 17:49:08 2007 zOBJECTS: z-------- z 1) ACTIVITY z 2) DATABASE z 3) ICOM zRELATIONSHIPS: z-------------- z 1) PROCESS z Role:1 OUTPUT z Role Player(s) OBJ: ICOM z Role:2 INPUT z Role Player(s) OBJ: ICOM z Role:3 PROCESS z Role Player(s) OBJ: ACTIVITY z Role:4 CONTROL z Role Player(s) OBJ: ICOM z Role:5 DATA z Role Player(s) OBJ: DATABASE z Role:6 MECHANISM z Role Player(s) OBJ: ICOM zPROPERTIES z---------- z 1) PROCEDURE

8 Copyright, H. Sayani, MD., March 2, 2006 8 Work Flow zThe stringing together of Activities to perform a functional task zInterspersed with a special type of Activity yRoutes to the next Activity yVia Procedure using classic control constructs yCan be used across Life Cycle

9 Copyright, H. Sayani, MD., March 2, 2006 9 Security Concerns zComponents ySpecifically targeted xControl (logical) xPerformance (using specified Procedure) xData Input xData Output xDatabase Interaction yOr, generally aimed at Activity

10 Copyright, H. Sayani, MD., March 2, 2006 10 Diagrammatic Ontology of the Security Model

11 Copyright, H. Sayani, MD., March 2, 2006 11 Overlay of Security on Work Flow

12 Copyright, H. Sayani, MD., March 2, 2006 12

13 Copyright, H. Sayani, MD., March 2, 2006 13 Visualization of Work Flow

14 Copyright, H. Sayani, MD., March 2, 2006 14 Control z Functional control z Security Control

15 Copyright, H. Sayani, MD., March 2, 2006 15 Control Constraints z Sequence of control flow constructs z Conditional constructs (if-then-else) z Iteration constructs (while loop)

16 Copyright, H. Sayani, MD., March 2, 2006 16 Routing

17 Copyright, H. Sayani, MD., March 2, 2006 17 Security: Access Control z Identification z Authentication z Authorization

18 Copyright, H. Sayani, MD., March 2, 2006 18 Example IF (Identification = OK) AND (Authentication = OK) AND (Authorization = OK) THEN DO X ELSE EXIT

19 Copyright, H. Sayani, MD., March 2, 2006 19 Benefits z Good tracking mechanism in the hierarchy z Good tracking mechanism in the systems development life cycle

20 Copyright, H. Sayani, MD., March 2, 2006 20 Application Environments z Role-based access of data z Network security z Intrusion detection z Forensics

21 Copyright, H. Sayani, MD., March 2, 2006 21 A Database Perspective zLast year, we talked about data centric view rather than work flow.

22 Copyright, H. Sayani, MD., March 2, 2006 22 Meta-Model of IS

23 Copyright, H. Sayani, MD., March 2, 2006 23 A Database Perspective zLast year, looked at 3 dimensional perspective of data analysis. ProcessesProcesses Risk

24 A Database Perspective ProcessesProcesses Threat Threshold Values Severe: 21-30 Moderate: 11-20 Minor: 1-10 Threat Threshold Values Severe: 21-30 Moderate: 11-20 Minor: 1-10 Column Sensitivity Values Highly Sensitive: 5 Sensitive: 4 Moderate: 3 Minor: 2 Not Sensitive: 1 Column Sensitivity Values Highly Sensitive: 5 Sensitive: 4 Moderate: 3 Minor: 2 Not Sensitive: 1 543214 54 321445 321445 Some Threat!!! Data elements of different sensitivities. Aggregated columns are triggered by the highest sensitivity value. Copyright, H. Sayani, MD., September 2001 24

25 Copyright, H. Sayani, MD., March 2, 2006 25 A Database Perspective zIdentify code red data items zBased on that, workflow could vary substantially

26 Copyright, H. Sayani, MD., March 2, 2006 26 Meta-Model of IS

27 Copyright, H. Sayani, MD., March 2, 2006 27 A Database Perspective zCould view preceding diagram as a commercial database engine.

28 Copyright, H. Sayani, MD., March 2, 2006 28 A Database Perspective zLook at just one aspect of workflow and see how security concerns could be addressed - Performer

29 Copyright, H. Sayani, MD., March 2, 2006 29 A Database Perspective zData Mining attack characteristics: yOrganized, technical, professional adversary yCompromised user and system credentials yKey logging programs strategically deployed yUsed SQL injection to get IDs and passwords yCompiled, malicious code was encrypted- to prevent reverse engineering yLarge amount of traffic to external address yHigh volume of traffic during non-working hours yFamiliar with organization – went after executive, research and technical accounts yNew users appeared on system yStole valid ID and established their own (Windsor, 2007).

30 Copyright, H. Sayani, MD., March 2, 2006 30 A Database Perspective zLook again at workflow model and apply to database – assume this attack. What counter measures could database professionals establish for Performer? yStole IDs so looked like authorized user yCreated own ID and gave privileges

31 Copyright, H. Sayani, MD., March 2, 2006 31 A Database Perspective zCounter measures: ySet up dummy IDs yDetermined who was targeted yIdentify data that was stolen yIdentify earliest known unauthorized action yIdentify malicious code

32 Copyright, H. Sayani, MD., March 2, 2006 32 A Database Perspective zIf protecting code red, could establish code in DBMS yTrigger when dummy ID accessed yTrigger to audit all access to data yTrigger to send back false data – basically to lie yLimit access to catalog – cant get schema yLimit all accesses to code in DBMS

33 Copyright, H. Sayani, MD., March 2, 2006 33 A Database Perspective zOutside of DBMS – problem yWent after files themselves yCommon file names in industry yEncrypted files yASM – help or hurt? yCan DBMS files be set up so that only DBMS can access? Just a thought

34 Copyright, H. Sayani, MD., March 2, 2006 34 A Database Perspective zData and workflow interwoven zJust some ideas today. Good food for thought

35 Copyright, H. Sayani, MD., March 2, 2006 35 A Database Perspective zReference: Windsor, S. Case Study of a Professional Hackers Data Mining Intrusion. Presented at 2007 Maryland CyberSecurity Forum. February 22, 2007 at UMUC.

Download ppt "A Model-Driven Approach for Dev. & Operations of Security-sensitive IS Hasan Sayani Jim Chen Mary Hoferek Graduate School of Mgmt & Technology University."

Similar presentations

Using the SQL Access Advisor

Using the SQL Access Advisor
Requirements Engineering Processes – 2

Requirements Engineering Processes – 2
1

1
Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.

Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.
© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.

© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 4 Computing Platforms.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley

Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
RXQ.11.4.1 Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment (11.3.2.1)

RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
Document #07-2I RXQ.11.4.1 Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) (mod 7/25 & clean-up 8/20) Customer Supplier.

Document #07-2I RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) (mod 7/25 & clean-up 8/20) Customer Supplier.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.

1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.

Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.

Similar presentations

Ads by Google