Modeling Complex Systems by Separating Application and Security Concerns H. Gomaa, M. Shin, "Modeling Complex Systems by Separating Application and Security.

Slides:

Advertisements

Similar presentations

Cover Slide ~ Semantic Web Pilot Program Elements ~ Presented by Cola Atkinson – BBN 07 May 2003.

Advertisements

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Distributed Systems Major Design Issues Presented by: Christopher Hector CS8320 – Advanced Operating Systems Spring 2007 – Section 2.6 Presentation Dr.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 12Slide 1 Software Design l Objectives To explain how a software design may be represented.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Towards A Theory Of Insider Threat Assessment Authors: Ramkumar Chinchani, Anusha Iyer Hung Q Ngo, Shambhu Upadhyaya International Conference on Dependable.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Secure Systems Research Group - FAU Aspect Oriented Programming Carlos Oviedo Secure Systems Research Group.

ECEN 5053, Paradigms & Patterns, Wk 81 Paradigms & Patterns - 3 ECEN 5053 SW Eng of Distributed Systems University of Colorado, Boulder.

Securing the Broker Pattern Patrick Morrison 12/08/2005.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

Software Engineering Techniques for the Development of System of Systems Seminar of “Component Base Software Engineering” course By : Marzieh Khalouzadeh.

Role Based Access Control Venkata Marella. Access Control System Access control is the ability to permit or deny the use of a particular resource by a.

How to Prepare for the Fall Exam COM380/CIT304 Harry Erwin, PhD University of Sunderland.

Introduction To System Analysis and Design

1 Distributed Computing Algorithms CSCI Distributed Computing: everything not centralized many processors.

1 SWE Introduction to Software Engineering Lecture 23 – Architectural Design (Chapter 13)

1 Modeling peer-peer file sharing systems Ge, Z.; Figueiredo, D.R.; Sharad Jaiswal; Kurose, J.; Towsley, D.; INFOCOM Twenty-Second Annual Joint Conference.

1 Clark Wilson Implementation Shilpa Venkataramana.

Elisa Bertino Dept. of Computer Science University of Milano Page 1 Author-X Secure and selective access and flexible distribution mechanisms for XML documents.

Proceso kintamybių modeliavimas Modelling process variabilities Donatas Čiukšys.

What is an Architecture?. An Example? Invoice OrderDelivery Customer.

Research and Projects Name: Aloysius. A. EDOH Name: Alo Address: Ext 3344.

1 CS 456 Software Engineering. 2 Contents 3 Chapter 1: Introduction.

Jaeki Song ISQS6337 JAVA Lecture 16 Other Issues in Java.

An Introduction to Software Architecture

CSCE 548 Secure Software Development Test 1 Review.

Language-Based Information-Flow Security Richard Mancusi CSCI 297.

Architecture-Based Runtime Software Evolution Peyman Oreizy, Nenad Medvidovic & Richard N. Taylor.

© Yilmaz “Agent-Directed Simulation – Course Outline” 1 Course Outline Dr. Levent Yilmaz M&SNet: Auburn M&S Laboratory Computer Science &

Integrating Security Design Into The Software Development Process For E-Commerce Systems By: M.T. Chan, L.F. Kwok (City University of Hong Kong)

Aspect Oriented Programming Razieh Asadi University of Science & Technology Mazandran Babol Aspect Component Based Software Engineering (ACBSE)

Constrained Evolutionary Optimization Yong Wang Associate Professor, PhD School of Information Science and Engineering, Central South University

CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics CHARLES UNIVERSITY IN PRAGUE faculty of mathematics.

Computer Science 725 – Software Security Presentation “Decentralized Trust Management” Decentralized Trust ManagementDecentralized Trust Management M.

Introduction To System Analysis and Design

International Cash Management 28 Lecture Chapter Objectives To explain the difference in analyzing cash flows from a subsidiary perspective versus.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 3 Slide 1 Critical Systems 1.

Automated Control in Cloud Computing: Challenges and Opportunities Harold C. Lim, Shivnath Babu, Jeffrey S. Chase, and Sujay S. Parekh ACM’s First Workshop.

Architectural pattern: Interceptor Source: POSA II pp 109 – 140POSA II Environment: developing frameworks that can be extended transparently Recurring.

Requirement Engineering for Trust Management : Model, Methodology Reasoning P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, “Requirements Engineering.

ARMD – Next Steps Next Steps. Why a WG There is a problem People want to work to solve the problem Scope of problem is defined Work items are defined.

Introduction Better Faster Cheaper (pick any two) On-going issue that continues to motivate research in software engineering Applications: –continue to.

A Systematic Survey of Self-Protecting Software Systems

Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.

MODEL-BASED SOFTWARE ARCHITECTURES.  Models of software are used in an increasing number of projects to handle the complexity of application domains.

Chapter 8: Aspect Oriented Programming Omar Meqdadi SE 3860 Lecture 8 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.

MDD approach for the Design of Context-Aware Applications.

Austroads Bridge Conference 2004 Hobart May 2004 Bridge Deck Behaviour Revisited Doug Jenkins Interactive Design Services.

Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.

Applying Aspect-Orientation in Designing Security Systems Shu Gao Florida International University Center for Advanced Distributed Systems Engineering.

Algorithm Analysis (Time complexity). Software development cycle -Four phases: 1.Analysis 2.Design Algorithm Design an algorithm to solve the problem.

Why Cryptosystems Fail R. Anderson, Proceedings of the 1st ACM Conference on Computer and Communications Security, 1993 Reviewed by Yunkyu Sung

A Comparison of Commercial and Military Computer Security Presenter: Ivy Jiang1 A Comparison of Commercial and Military Computer Security Policies Authors:

Discussing “Developing Secure Systems with UMLSec” 15 FEB Joe Combs.

Aspect-Oriented Software Development (AOSD)

COUGAAR 1 A CRITICAL STUDY OF THE COUGAAR AGENT-ARCHITECTURE Submitted to Prof. Lawrence Chung Tarun R. Belagodu Sasikiran Kandula.

BSA 310 Week 2 DQ 2 An organization’s technology usage opens up the issue of securing its information. In analyzing your workplace or that of an organization.

Grid Computing Security Mechanisms: the state-of-the-art

OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication Jacob Bellamy-McIntyre Christof Luterroth Gerald Weber Published.

CSCE 548 Secure Software Development Use Cases Misuse Cases

Software Security II Karl Lieberherr.

Adaptable safety and security in v2x systems

Using local variable without initialization is an error.

Object oriented analysis and design

Improved Visual Secret Sharing Scheme for QR Code Applications

Distributed Computing:

John D. McGregor Module 6 Session 1 More Design

An information flow model FM is defined by

Presentation transcript:

Modeling Complex Systems by Separating Application and Security Concerns H. Gomaa, M. Shin, "Modeling Complex Systems by Separating Application and Security Concerns", in 9th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2004), pp , Presented by: VenkataRamana

Outline  This paper discusses an approach on how to reduce system complexity of a complex application by taking into account the following points Modeling application requirements separately from security requirements designs using the UML notation. Security requirements are captured in security use cases and encapsulated in security objects. The security use cases can have parameters, whose values are passed from the business use cases that they extend. i.e. a security use case extends an application use case. The security concerns are explained by presenting them in functional view and in both static and dynamic modeling of designs of UML.

Appreciation( in the paper)  Analyzed the significance of security concerns by considering the potential threats to distributed applications like Authorization violation, Confidentiality,Integrity, System Penetration and Repudiation.

Appreciation ( my view )  In my view t his approach helps to know the performance perspective of an application by separating the security concerns.  Security mechanisms become more adaptable and there are chances of reducing implementation errors.

Critical comment  The paper says there are restrictions on extending a business use case with security use cases, but did not come up with a solution that solves the problem.  Example of a security extension case of a banking system.

Question  Some security concerns cannot be well separated in one class or method but can be cut across many classes and methods.  Example- logging, It effects every single logged part of the system.