MDA and Security October 12, 2006 FAU Secure Systems Group Patrick Morrison.

Slides:



Advertisements
Similar presentations
ARCH-05 Application Prophecy UML 101 Peter Varhol Principal Product Manager.
Advertisements

Traditional Approach to Design
Improved software quality through semantic descriptions (Skutt) Karlstad University Dept. of Computer Science UML introduction A short introduction.
Software Testing and Quality Assurance
Chapter 2 Data Models Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
Page 1 Model Based Software Development - a pragmatic view Mikkel Lauritsen Intentia R&D A/S
Software Reuse Building software from reusable components Objectives
Fall 2007CS 225 Introduction to Software Design Chapter 1.
Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.
1 Pertemuan 14 Perencanaan, Desain dan Administrasi Databases Matakuliah: >/ > Tahun: > Versi: >
HAS. Patterns The use of patterns is essentially the reuse of well established good ideas. A pattern is a named well understood good solution to a common.
CS 290C: Formal Models for Web Software Lecture 6: Model Driven Development for Web Software with WebML Instructor: Tevfik Bultan.
© Copyright Eliyahu Brutman Programming Techniques Course.
Lecture Nine Database Planning, Design, and Administration
Course Instructor: Aisha Azeem
Introduction to Software Design Chapter 1. Chapter 1: Introduction to Software Design2 Chapter Objectives To become familiar with the software challenge.
Software Architecture. Agenda " Why architect? " What is architecture? " What does an architect do? " What principles guide the process of architecting?
Framework for Model Creation and Generation of Representations DDI Lifecycle Moving Forward.
Using UML Models for the Performance Analysis of Network Systems Nico de Wet and Pieter Kritzinger Department of Computer Science University of Cape Town.
ARCH-6: UML Modeling with Enterprise Architect Phillip Magnay Technical Architect.
Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.
Object-Oriented Design. From Analysis to Design Analysis Artifacts –Essential use cases What are the problem domain processes? –Conceptual Model What.
2 1 Chapter 2 Data Model Database Systems: Design, Implementation, and Management, Sixth Edition, Rob and Coronel.
The Design Discipline.
© Drexel University Software Engineering Research Group (SERG) 1 Based on the paper by Philippe Kruchten from Rational Software.
Database System Development Lifecycle © Pearson Education Limited 1995, 2005.
Free Mini Course: Applying SysML with MagicDraw
Executable UML The Models are the Code - Executable UML CS387 Paul Krause.
Design Patterns OOD. Course topics Design Principles UML –Class Diagrams –Sequence Diagrams Design Patterns C#,.NET (all the course examples) Design Principles.
Object Oriented Analysis and Design Introduction.
Introduction to MDA (Model Driven Architecture) CYT.
Copyright 2002 Prentice-Hall, Inc. Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich Chapter 20 Object-Oriented.
Introduction to Software Design Chapter 1. Chapter Objectives  To become familiar with the software challenge and the software life cycle  To understand.
Secure Systems Research Group - FAU Classifying security patterns E.B.Fernandez, H. Washizaki, N. Yoshioka, A. Kubo.
SOFTWARE DESIGN.
Software Architecture in Practice Architectural description (The reduced version)
Using UML, Patterns, and Java Object-Oriented Software Engineering Chapter 4, Requirements Elicitation.
Model-Driven Architecture And The Secure Systems Methodology Masters Thesis Defense 11/16/2007 Patrick Morrison.
Chapter Two ( Data Model) Objectives Introduction to Data Models What are the Data Models Why they are important Learn how to design a DBMS.
1 UML Basic Training. UML Basic training2 Agenda  Definitions: requirements, design  Basics of Unified Modeling Language 1.4  SysML.
University of Southern California Center for Systems and Software Engineering Model-Based Software Engineering Supannika Koolmanojwong Spring 2013.
Model Driven Development An introduction. Overview Using Models Using Models in Software Feasibility of MDA MDA Technologies The Unified Modeling Language.
Systems Analysis and Design in a Changing World, 3rd Edition
© 2005 Prentice Hall10-1 Stumpf and Teague Object-Oriented Systems Analysis and Design with UML.
Fall 2010 CS4310 Requirements Engineering A Brief Review of UML & OO Dr. Guoqiang Hu Department of Computer Science UTEP 1.
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
Object-Oriented Modeling: Static Models. Object-Oriented Modeling Model the system as interacting objects Model the system as interacting objects Match.
An Architecture to Support Context-Aware Applications
Chapter 6 – Architectural Design Lecture 1 1Chapter 6 Architectural design.
Dr D. Greer, Queens University Belfast )Chapter Six 1 Software Engineering Chapter Six Software Design Quality Learning Outcomes.
Lecture 9-1 : Intro. to UML (Unified Modeling Language)
Design Reuse Earlier we have covered the re-usable Architectural Styles as design patterns for High-Level Design. At mid-level and low-level, design patterns.
ATIS’ Service Oriented Networks (SON) Activity Andrew White, Nokia Siemens Networks DOCUMENT #:GSC15-PLEN-81r1 FOR:Presentation SOURCE:ATIS AGENDA ITEM:PLEN.
FIPA Abstract Architecture London FIPA meeting January 24-29, 2000 from: TC-A members.
Computer Science 340 Software Design & Testing Software Architecture.
Review of Parnas’ Criteria for Decomposing Systems into Modules Zheng Wang, Yuan Zhang Michigan State University 04/19/2002.
Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 4 Slide 1 Software Processes.
Rational Unified Process Fundamentals Best Practices of Software Engineering Rational Unified Process Fundamentals Best Practices of Software Engineering.
Object-Oriented Systems. Goals Object-Oriented Methodologies – The Rumbaugh et al. OMT – The Booch methodology – Jacobson's methodologies.
CS223: Software Engineering Lecture 14: Architectural Patterns.
Requirement Engineering with URN: Integrating Goals and Scenarios Jean-François Roy Thesis Defense February 16, 2007.
From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.
Ontologies Reasoning Components Agents Simulations An Overview of Model-Driven Engineering and Architecture Jacques Robin.
From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.
Chapter 5 – System Modeling Lecture 1 1Chapter 5 System modeling.
Design Concepts ch-8
Evaluating Compuware OptimalJ as an MDA tool
Constructing MDA-based Application Using Rational XDE for .NET
Chapter 5 Architectural Design.
Presentation transcript:

MDA and Security October 12, 2006 FAU Secure Systems Group Patrick Morrison

Agenda Motivation for “MDA and Security” Secure Systems Methodology, with patterns A quick tour of MDA, in English this time Example Application MDA in the development lifecycle Evaluation Criteria Contributions Next Steps

The problem of Security “A good percentage of the software deployed in industrial/commercial applications is of poor quality, it is unnecessarily complex, and contains numerous flaws that can be exploited by attackers.” “We believe that the solution lies in developing secure software from the beginning, applying security principles along the whole life cycle…We see the use of patterns as a fundamental way, even for developers with little experience, to implicitly apply security principles.” [MDSSP, EBF, et. al.]

Secure Systems Methodology [MDSSP] StageTasks RequirementsUse case based role and attack analysis AnalysisAuthorized semantic analysis patterns DesignCoordinated application of patterns to multiple architectural layers ImplementationMDA Code Generation

Methodology Patterns

Design (and other) patterns “A design pattern names, abstracts and identifies the key aspects of a common design structure that makes it useful for creating a reusable object-oriented design” [GOF, pg 3]

The promise of MDA by using “precise but abstract and graphical representations of algorithms, MDA allows the construction of computing systems from models that can be understood much more quickly and deeply than can programming language “code” [MDAD, pg. xiv].

The Question(s) Can MDA be applied to the design and construction of secure systems? To what degree is it now possible to work in terms of high-level models rather than code? Does MDA allow for the creation and reuse of generic models? Does MDA reduce the amount of low-level work that needs to be done?

Combining Patterns, Security and MDA: SOUPCAN Secure grOUP Chat Application for Networks Provide invitation-only chat rooms with secure communications, allowing participants to form “cliques” in order to gossip, plan wars, etc… Example of using the secure systems methodology with MDA

SOUPCAN Requirements chosen to facilitate use of existing security patterns, e.g. Reference Monitor, Authenticator, Authorizer, Credentials, Secure Broker (Hopefully) Small enough to be implementable (Hopefully) Large enough to illustrate issues in application of MDA, Secure Systems with Patterns Methodology.

Lifecycle Step: Analysis Process: Evaluate requirements, identify use cases, high-level structure, apply patterns where appropriate Results: Application model containing UML Use Case and Class diagrams

SOUPCAN Use Cases UML Built with MagicDraw Stored as XMI data Excerpt:

Lifecycle Step: Design Process: Develop class and sequence diagrams which implement the Use Cases, apply patterns where appropriate Results: Application and Security models containing UML Class and sequence diagrams

SOUPCAN Class Diagram

It’s (Secure) Broker!

Architectural concerns for implementing Secure Broker * Diagram from MDSSP

Lifecycle Step: Implementation Process: Select a platform and platform model, make connections between the design and the platform, via the platform model Selected: MagicDraw, androMDA, C#, ASP.NET, Visual Studio, nHibernate, … Results: Code generated from the models

Implementation Details… :32,997 - discovering namespaces - :34,440 found namespace --> 'aspdotnet' :34,440 + registering component 'cartridge' :34,870 + registering component 'metafacades' :35,331 + registering component 'profile' :40,628 found namespace --> 'uml-1.4' :40,628 + registering component 'metafacades' :41,960 + registering component 'profile' :42,000 found namespace --> 'validation' :42,010 + registering component 'translation-library' :53,948 - core initialization complete: [s] - :54,568 loading model --> 'file:C://TimeTracker.Model.xmi' :58,905 referenced model --> 'jar:file:/uml14/profile/profile-.xml' :59,045 referenced model --> 'profile-datatype.xml' :59,285 referenced model --> 'profile-service.xml' :59,445 referenced model --> 'profile-process.xml' :59,576 referenced model --> 'profile-presentation.xml' :59,746 referenced model --> 'profile-meta.xml' :59,866 referenced model --> 'profile-xml.xml' :59,986 referenced model --> 'andromda-profile-persistence.xml' :01,118 - loading complete: 7.13[s] - :01,118 - validating model - :06,175 - validation complete: 5.057[s] - :07,076 INFO [AndroMDA:cs] Output: 'file:/C:../TimeTracker/VO/UserVO.cs' // Name: UserVO.cs // Attention: Generated code! Do not modify by hand! (I did anyway) // Generated by: ValueObject.vsl in andromda-cs-cartridge. using System; namespace Northwind.TimeTracker.VO { [Serializable] public class UserVO { #region Attributes and Associations private long _id; private String _userName; private String[] _roles; #endregion #region Constructors public UserVO(long id, String userName, String[] roles) { this._id = id; this._userName = userName; this._roles = roles; } … Mapping …

Evaluation Does the generated code implement the design? Can users of the system chat? How secure is the system? Is it correlated to the design models? How independent are the Application, Security and Platform models? Can, for example, the Security model be reused with a different application model? With a different platform model? Does MDA keep its promise? How much programming language coding needs to be done?

Contributions A UML Model for security, based on patterns A worked example of the Secure Systems Methodology, through Analysis, Design and Implementation. A worked example of MDA development Description of a tool chain for building MDA applications (MagicDraw, androMDA, Visual Studio 2005, etc) An example application, with requirements and design.

Next Steps… Complete design of SOUPCAN Split design into separate Application and security models, link them Document experiences, issues with using the current tools

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.