Describing Early Security Requirements using Use Case Maps Jameleddine Hassine King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia

Slides:

Advertisements

Similar presentations

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.

Advertisements

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.

Lecture 1: Overview modified from slides of Lawrie Brown.

Security in Software Engineering PRESENTED BY ROHIT MUKHERJEE AND RAMAKRISHNA VEERAVALLI.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Software Testing and Quality Assurance

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

SWE Introduction to Software Engineering

The Architecture Design Process

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

1 Steve Chenoweth Tuesday, 10/18/11 Week 7, Day 2 Right – One view of the layers of ingredients to an enterprise security program. From

Addressing Non- functional Requirements in Software Architecture By: Dennis Bystritsky.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Stephen S. Yau CSE , Fall Security Strategies.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

Course Instructor: Aisha Azeem

Software Architecture. Agenda " Why architect? " What is architecture? " What does an architect do? " What principles guide the process of architecting?

Introduction to Network Defense

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 1.

Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)

Security Architecture

Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.

Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.

Abstract Use Case Map (UCM) scenarios are useful for elicitation and analysis of software requirements However, they must be used in cooperation with complementary.

Chapter 6 Architectural Design.

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:

Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

What security is about in general? Security is about protection of assets –D. Gollmann, Computer Security, Wiley Prevention –take measures that prevent.

. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #

Early Availability Requirements Modeling using Use Case Maps KAMARUL ZAMAN BIN PANATIK MAN

Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.

McGraw-Hill/Irwin © 2013 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 11 Computer Crime and Information Technology Security.

1 Software Architecture in Practice Quality attributes (The amputated version)

Towards a Reference Quality Model for Digital Libraries Maristella Agosti Nicola Ferro Edward A. Fox Marcos André Gonçalves Bárbara Lagoeiro Moreira.

Generating Software Documentation in Use Case Maps from Filtered Execution Traces Edna Braun, Daniel Amyot, Timothy Lethbridge University of Ottawa, Canada.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.

Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.

Software Requirements Specification Document (SRS)

Chapter 19: Building Systems with Assurance Dr. Wayne Summers Department of Computer Science Columbus State University

M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:

OOD OO Design. OOD-2 OO Development Requirements Use case analysis OO Analysis –Models from the domain and application OO Design –Mapping of model.

Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.

Requirement Elicitation Review – Class 8 Functional Requirements Nonfunctional Requirements Software Requirements document Requirements Validation and.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Network Architecture Characteristics  Explain four characteristics that are addressed by.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)

Computer Security Introduction

CS457 Introduction to Information Security Systems

Information Security, Theory and Practice.

Design for Security Pepper.

CS 450/650 Fundamentals of Integrated Computer Security

Security Engineering.

Security in Networking

Chapter 19: Building Systems with Assurance

Chapter 5 Designing the Architecture Shari L. Pfleeger Joanne M. Atlee

Security in Computing, Fifth Edition

Presentation transcript:

Describing Early Security Requirements using Use Case Maps Jameleddine Hassine King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia 1 Abdelwahab Hamou-Lhadj Concordia University, Montreal, Canada F O R U M th International Conference on System Design Languages Smart Cities, October 12-14, Berlin, Germany

Outline  Motivation  What is Security?  Architectural Security Tactics  Modeling Security in Use Case Maps  UCM Attack Detection Modeling  UCM Attack Resistance, Reaction, and Recovery Modeling  UCM Security-Enabled Metamodel  Discussion  Conclusion & Future Work 2

Motivation  Non-functional requirements (NFR), such as availability and security, are often critical for the success of a software product.  Address NFRs at the earliest stages of system development life cycle.  Security concerns are often postponed to the very end of the design process causing serious design challenges that usually translate into software vulnerabilities.  Describe high-level security requirements using the Use Case Maps language (part of the ITU-T standard User Requirements Notation (URN)). 3

 The term 'security' is used in the sense of minimizing the vulnerabilities (i.e., any weakness that could be exploited to violate a system or its data) of assets (i.e., anything of value) and resources. [ITU-T rec. E.800]  Security [ITU-T rec. X.1051] can be characterized in terms of ( CIA triad ):  Confidentiality : set of rules that limits access to information.  Integrity: the assurance that the information is trustworthy and accurate.  Availability : A guarantee of reliable access to the information by authorized people.  Other characteristics, such as authentication (e.g., checking the identity of a client), authorization (e.g., checking whether a client might invoke a certain operation), and non-repudiation (which refers to the accountability of the communicating parties), are used to support security. 4 What is Security?

Architectural Security Tactics 5 [Bass et al. 2012]

Architectural Availability Tactics 6 [Bass et al. 2012]

Modelling Security in Use Case Maps 1.Bind the type of the deployed security tactic with UCM responsibilities using metadata attributes:  SecCategory: Species the security category, if any, that the responsibility is implementing. This attribute may take one of the following four values: DetectAttacks, ResistAttacks, ReactAttacks, and RecoverAttacks.  SecTactic: Denotes the deployed security tactic (i.e., one of the seventeen defined tactics). 2.Model, at the scenario path level, how different security categories can be deployed. 7

UCM Attack Detection Modeling  SecCategory has the value DetectAttacks.  SecTactic has one of the following four values: 1.DetectIntrusion, 2.DetectServiceDenial, 3.VerifyMessageIntegrity, 4.DetectMessageDelay. 8

UCM Attack Resistance, Reaction, and Recovery Modeling 1.Modeled using metadata attributes: SecCategory and SecTactic 2.Modeled using of cascading failure scenario paths: A failure scenario path starts with a failure start point ( ) and has a guarding condition that can be modified as part of a responsibility expression. 3.The definition of a hierarchical structure of UCM maps (using UCM stubs) on the failure scenario paths. 9

UCM Attack Resistance, Reaction, and Recovery Modeling- Generic Example 10

11 UCM Security-Enabled Metamodel

12 UCM Security-Enabled Metamodel Hassine J.: Describing and assessing availability requirements in the early stages of system development. Software and System Modeling 14(4): (2015) DOI /s

UCM Security-Enabled Metamodel  Reuse of the existing set of availability metaclasses to model availability requirements such as component redundancy and fault recovery.  A responsibility may implement one and only one security tactic (as described using the 0..1 relationship multiplicity in the metamodel).  If there is a need to realize more than one security tactic, a responsibility shall be refined into multiple responsibilities. 13

Discussion  Security requirements as assets and services that have to be protected against possible attacks.  Guard functional behavior against potential threats.  Attach security requirements, as metadata attributes, to vulnerable responsibilities.  Defense/recovery mechanisms are implemented using failure scenario paths.  We don’t model how an attack will break the system  If such information is available, the vulnerabilities would have been fixed at the functional level.  We specify the types of measures (using the security tactics) that the system should implement.  Simpler and faster than approaches based on threat modeling. 14

Conclusions and future work  Proposed a new approach to model security requirements at the very early stages of system development.  Extended the Use Case Maps language to cover security tactics.  Conduct qualitative and quantitative analysis of UCM-based security requirements. 15