Integrating Access Control Design into the Software Development Process G. Brose (Xtradyne AG) M. Koch, P.Löhr (FU Berlin) IDPT‘02, June 2002.

Slides:

Advertisements

Similar presentations

Kellan Hilscher. Definition Different perspectives on the components, behavioral specifications, and interactions that make up a software system Importance.

Advertisements

Analysis Modeling.

© 2005 by Prentice Hall Appendix 2 Automated Tools for Systems Development Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 8 Slide 1 System modeling 2.

Access Control in CORBA Gerald Brose Institut für Informatik Freie Universität Berlin Oberseminar AG Softwaretechnik, Albert-Ludwigs-Universität Freiburg.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

A typed Access Control Model for CORBA Gerald Brose Institut für Informatik Freie Universität Berlin, Germany ESORICS 2000, October 4-6, Toulouse, France.

Software Testing and Quality Assurance

Practical Object-Oriented Design with UML 2e Slide 1/1 ©The McGraw-Hill Companies, 2004 PRACTICAL OBJECT-ORIENTED DESIGN WITH UML 2e Chapter 5: Restaurant.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 8 Slide 1 System models.

L4-1-S1 UML Overview © M.E. Fayad SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.

Uml and Use Cases CS 414, Software Engineering I Mark Ardis Rose-Hulman Institute January 9, 2003.

Modified from Sommerville’s originalsSoftware Engineering, 7th edition. Chapter 8 Slide 1 System models.

7M701 1 Software Engineering Software Requirements Sommerville, Ian (2001) Software Engineering, 6 th edition: Chapter 5

1 SWE Introduction to Software Engineering Lecture 15 – System Modeling Using UML.

Creating Architectural Descriptions. Outline Standardizing architectural descriptions: The IEEE has published, “Recommended Practice for Architectural.

Modified from Sommerville’s originalsSoftware Engineering, 7th edition. Chapter 8 Slide 1 System models.

Using Use Case Scenarios and Operational Variables for Generating Test Objectives Javier J. Gutiérrez María José Escalona Manuel Mejías Arturo H. Torres.

Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.

SOFTWARE ENGINEERING BIT-8 APRIL, 16,2008 Introduction to UML.

International Workshop on Web Engineering ACM Hypertext 2004 Santa Cruz, August 9-13 An Engineering Perspective on Structural Computing: Developing Component-Based.

Metadata Tools and Methods Chris Nelson Metanet Conference 2 April 2001.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 7 Slide 1 System models l Abstract descriptions of systems whose requirements are being.

Chapter 4 System Models A description of the various models that can be used to specify software systems.

System models Abstract descriptions of systems whose requirements are being analysed Abstract descriptions of systems whose requirements are being analysed.

Changing Perspective From Structured to Object-oriented.

Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)

Modeling Dynamic Role- based Access Constraints using UML Khaled Alghathbar George Mason University, USA and King Saud University, Riyadh, Saudi Arabia.

Prepared by: Sanaz Helmi Hoda Akbari Zahra Ahmadi Sharif University of Tech. Summer 2006 An Introduction to.

Odyssey A Reuse Environment based on Domain Models Prepared By: Mahmud Gabareen Eliad Cohen.

Key Takeaway Points A use case is a business process; it begins with an actor, ends with the actor, and accomplishes a business task for the actor. Use.

Using UML, Patterns, and Java Object-Oriented Software Engineering Chapter 4, Requirements Elicitation.

Copyright 2002 Prentice-Hall, Inc. Chapter 2 Object-Oriented Analysis and Design Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey.

Information System Development Courses Figure: ISD Course Structure.

Chapter 7 System models.

System models l Abstract descriptions of systems whose requirements are being analysed.

Pertemuan 19 PEMODELAN SISTEM Matakuliah: D0174/ Pemodelan Sistem dan Simulasi Tahun: Tahun 2009.

Modified by Juan M. Gomez Software Engineering, 6th edition. Chapter 7 Slide 1 Chapter 7 System Models.

Software Engineering, 8th edition Chapter 8 1 Courtesy: ©Ian Somerville 2006 April 06 th, 2009 Lecture # 13 System models.

Sommerville 2004,Mejia-Alvarez 2009Software Engineering, 7th edition. Chapter 8 Slide 1 System models.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Unified Modeling Language* Keng Siau University of Nebraska-Lincoln *Adapted from “Software Architecture and the UML” by Grady Booch.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 14 Slide 1 Object-oriented Design.

L6-S1 UML Overview 2003 SJSU -- CmpE Advanced Object-Oriented Analysis & Design Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I College.

TAL7011 – Lecture 4 UML for Architecture Modeling.

Dr. Darius Silingas | No Magic, Inc. Domain-Specific Profiles for Your UML Tool Building DSL Environments with MagicDraw UML.

Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.

System Context and Domain Analysis Abbas Rasoolzadegan.

Christoph F. Eick University of Houston Organization 1. What are Ontologies? 2. What are they good for? 3. Ontologies and.

SPE-RFI-R ： FEB.1999 ： NUL-ITD-Iwata 2-01 Needs for Software Development Model Hiromichi Iwata Information Technologies.

The Unified Modeling Language (UML)

CSC480 Software Engineering Lecture 8-9 September 20, 2002.

Domain Classes – Part 1.  Analyze Requirements as per Use Case Model  Domain Model (Conceptual Class Diagram)  Interaction (Sequence) Diagrams  System.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 8 Slide 1 System models.

Week IV in SOS  Tuesday Project Time -- 4:15pm-5pm URL for project(s) due to Judy by Friday 5pm  Friday Paper  OOAD Handouts thru last Thursday (see.

® A Proposed UML Profile For EXPRESS David Price Seattle ISO STEP Meeting October 2004.

Lecture 9-1 : Intro. to UML (Unified Modeling Language)

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

Lecture 14 22/10/15. The Object-Oriented Analysis and Design  Process of progressively developing representation of a system component (or object) through.

XASTRO-2 Presentation CCSDS SAWG th November 2004.

21/1/ Analysis - Model of real-world situation - What ? System Design - Overall architecture (sub-systems) Object Design - Refinement of Design.

 What to do if you want to build a new house? › Buy a bunch of wood and nails and start immediately. › Or, put some blueprints to follow, and plan of.

© Duminda Wijesekera, 2003 Consistent and Complete Access Control Policies in Use Cases Khaled Alghathbar George Mason University, USA and King Saud University,

CSCI 383 Object-Oriented Programming & Design Lecture 7 Martin van Bommel.

Modified from Sommerville’s originalsSoftware Engineering, 7th edition. Chapter 14 Slide 1 Object-Oriented Design.

Page 1 Hitachi Ltd. – FhI FOKUS TTCN-3 User Conference, June 2005 MDA based approach for generation of TTCN-3 test specifications Hideto Ogawa, Hitachi.

Engineering, 7th edition. Chapter 8 Slide 1 System models.

Chapter 5 – System Modeling

Software Design Lecture : 15.

PASSI (Process for Agent Societies Specification and Implementation)

Presentation transcript:

Integrating Access Control Design into the Software Development Process G. Brose (Xtradyne AG) M. Koch, P.Löhr (FU Berlin) IDPT‘02, June 2002

Overview Motivation View-based Access Control Integrating Access Control in UML – security analysis – security design Generation of the Access Control Policy specification Conclusion

Motivation Security aspects are inherent in any modern software system But: Security is not a part in the development process Why ?: – security requirements are difficult to analyze and model – system engineers are not security experts Problems: – Unsatisfied security requirements – Integration difficulties

Our approach - Aims Systematic support for software engineers who need to produce secure software Integration into the software development process with UML How ? – Use of existing UML model elements – Security design with UML tools – No security expert knowledge neccessary – UML design for the generation of security specifications

Our approach – What we have done Integration of view based access control policy design into the software development process with UML Generation of the access control specification from the UML design model to configure a CORBA-based infrastructure (Raccoon)

View-based Access Control Design and management of access control policies in object-oriented systems Extension of role-based access control by views View is a set of access rights Views are specified in the View Policy Language (VPL)

View Policy Language (VPL) IDL: VPL: interface Paper { view Reading controls Paper { void read(out string s); allow read; } void write(in string s); void append(in string s); view Writing: Reading void correct(in string s); restricted_to Author { void submit(): allow }; write; append; } view Submit controls Paper { allow submit; }

View Policy Language policy Conference { view Reading {...} view Writing {...} view Submit {...} roles Chair; Reviewer; Author; }

Integrating Access Control – Overview VPL IDL functional requirements functional design security design + + security requirements + generation

Integrating Access Control Security Requirements

Security analysis Functional requirements are expresed in use cases Security requirements are added to the use case models Access control information is inherent in functional system requirements and facilitates the integration

Example: Digital Calendar

Actors and Role Identification UML actor: – a coherent set of specific behaviors that users of an entity have when interacting with an entity. VBAC role: – sets of functions that an individual user has as part of an organization VBAC role = UML Actor

Actors and Role Identification Role Calendar owner Role Other Role Secretary

Identification of use case accesses Extracting accesses from the informal use case descriptions Attaching notes to communication associations in the use case diagram – allowed and denied accesses – high-level and informal Analyst considers and expresses security aspects already in the analysis phase

Identification of use case accesses edit entry: The calendar owner can read his/her entries and modify them. Modifications may cover the time, the day, and the room. The secretary of the calendar owner can read the calendar entries and make the calendar modifications, too. update room: A secretary books a room on behalf of the calendar owner. The calendar owner is not allowed to book a room by her-/himself.

Identification of use case accesses >

Security analysis - summary UML Actors = VBAC Roles Modeling of denied communications in use cases Making implicit access information in natural use case description explicit in notes

Integrating Access Control Security Design

Starting point is the use case diagram Class diagram (for CORBA interfaces) View Diagram – views on CORBA interfaces

Security Design

View Diagram Notes in use case diagrams are the starting point for view definition

View Diagram For each note N: – View V(N,I) = all access rights with respect to interface I – access rights are permissions to access the operation – > association defines a view with denials View diagram contains all views for one interface View diagram is drawn “like“ a class diagram

View Diagram roles to which the view can be assigned

View Diagram

denials

View Diagram Explicit representation of views and assignment to roles Designer can check the assignment and detect too powerful roles

VPL Generation UML CASE Tool XMI export XML Policy Server Policy Server Role Server Role Server VPL XSLT RACCOON

VPL Generation policy Calendar { roles Other Secretary: Other CalendarOwner: Secretary } UMLVPL

VPL Generation UML VPL View RoomBooking controls Room restricted to Secretary { allow book cancel }

VPL Generation UML VPL View RoomBooking controls Room restricted to Secretary { deny book cancel }

Conclusion Systematic approach to integrate access control policy design into the devlopment process with UML Security requirments are considered early UML model is used to genarte the VPL UML tools can be used No security expert knowledge necessary

Weitere Folien

Access Control Preventing unauthorized access to resources Authorized accesses are specified in access control policies Security models are... – discretionary access control (e.g., Access Contol List) – mandatory access control (e.g. lattice-based access control) – role-based access control – view-based access control –....

View Policy Language Object/Type Role/Subject o:PaperPaper AuthorReading Reviewer JackWriting, Submit Access Control Matrix

Client Server access_object() Object allow/deny access? Roles Domain Policy Role Mgmt.Domain Mgmt. Policy Mgmt. Role Server Policy Server Domain Server Raccoon - Architecture

Raccoon VPL Development IDL RACCOON Deployment management infrastructure

Actors and Role Identification UML role: – „named specific behavior of an entity participating in a particular context“ – modeled by named association ends UML actor: – „a coherent set of roles that users of an entity can play when interacting with an entity. An actor has one role for each use case with which it communicates“

Role Diagram Access Control roles and specialization of roles Actors of the use cas diagram

Forbidden Use Cases Specification of possible, but unallowed use case accesses Documentation of unauthorized accesses Stereotype > for denied communication associations

Forbidden Use Cases >

Security design - summary View Diagrams are based on informal accesses in the notes of use cases Role Diagram is based on the actors in use case diagrams