model-based security analysis and applications to security
TRANSCRIPT
Model-based Security Analysis and Applications to Security Economics (Invited Talk)
J. Jürjens, A. S. Ahmadian
The project ClouDAT was supported by the Ministry of Innovation, Science, Research and Technology of the German State of North Rhine-
Westphalia and EFRE under grant number 300267
Model-based Security Analysis and Applications to Security Economics
Jan JürjensAmir Shayan AhmadianTechnical University of Dortmund
09.02.2015
How to Develop Secure IT-Systems ?
Modern software engineering approaches usually do not consider security
Traditional, practical approaches for security assurance do not provide a holistic, integrated assurance which would scale to the complexity modern systems
Solution: Model-based development with UML
4/25
Model-Based Security Engineering with UMLsec
Security Requirements
UMLsec Models
Secure Code
Configurations
Runtime System
Configure
Verify
Execute
Analyze against
Weave in
Code-/ Testgen.
Generate / Verify
Configure
Evolution
5/25
Security Requirements
UMLsec Models
Secure Code
Configurations
Runtime System
Security Requirements Engineering
Identify security requirements within the requirements elicitation
Idea: „Requirements Mining“ in security standards
6/25
Security Requirements
UMLsec Models
Secure Code
Configurations
Runtime System
Modeling with UMLsec
Documentation and automated analysis of security-relevant information
Idea: UML for system modelingSecurity-relevant information as:
• Lightweight extensions (Stereotypes, Constraints, Tags)• Heavy extensions (UMLsec 2.0 Analysis Model)
7/25
UMLsec 2.0
UML Meta-Model
UML Stereotype Package
Analysis Model
Transfor-mation
<<extends>>
UMLsec 2.0
Each UMLsec 2.0 Profile is constructed from:
• A standard UML profile package defining stereotypes• Analysis Model defines a new meta-model• A transformation
8/25
Security Requirements
UMLsec Models
Secure Code
Configurations
Runtime System
Model-Based Security Analysis
Automated analysis of the system models
Idea: Generate logical formulas formalizing security requirementsAutmated theorem prover or modelchecker to automaticallycheck the requirements
9/25
Security Requirements
UMLsec Models
Secure Code
Configurations
Runtime System
Security Analysis of Configuration Data
Verification if security policies are enforced by user permissions
Idea: Automated analysis of business process models against security policiesApex (Architecture for auditable business process execution) project atFraunhofer institute
10/25
UMLsec Tool Support
CARiSMA
Offers an unprecedented opportunity for high-quality critical systems development
It enables:• Compliance analysis• Risk analysis• Security analysis
Is a reimplemented variant of the former UMLsec tool
11/25
Cloud Computing
NIST defines cloud computing as:
Measured Service
Broad Network Access
Rapid Elasticity
Resource Pooling
On-Demand Self-Service
Software as Service (SaaS)
Platform as a Service (PaaS)
Infrastructure as a Service (Iaas)
Public
Private
Hybrid
Community
13/25
ClouDAT Project
• Nationally funded by Ministry of Education and Research
• Small and medium enterprises (SMEs)
• Cloud computing services
• Security is important for cloud customers
• Certification of applied security mechanisms
• ISO 27001 (tailoring)
• Create a documentation of the cloud system using patterns and a defined process
15/25
Cloud System Analysis Pattern
The aim of this phase is defining the scope and boundaries of the information security management system
17/25
…
…
Refining the Assets
The asset list containing all the assets of the organization and relevant aspects
18/25
Providing a catalogue of common threats and vulnerabilities
Providing a catalogue of common risks
19/25
A catalogue of predefined security requirements is provided
Instantiating Security Requirements
20/25
Documentation
• When all risk ratings are below the risk acceptance level, the final documentation for certification can be generated
• The generated documentation generally fulfills the ISO 27001 requirements
• It can be used for certification
22/25
Conclusion
Model-based Security AnalysisUMLsec 2.0
• Stereotypes• Analysis Model
ClouDAT• A pattern based certification technique to certify SMEs• Based on ISO 27001• Delivers a documentation • Risk analysis is an indispensable part of certification• The process contains
• Assets, threats and vulnerabilities identification• Risk assessment• Security requirements elicitation• Applying the proper security controls
23/25