Discussing “Developing Secure Systems with UMLSec” 15 FEB 2006 - Joe Combs.

Slides:



Advertisements
Similar presentations
1 Aspects of IEEE P1471 Viewpoints in Unified Modeling Language (UML) Manzur Ashraf, BRAC University Humayra Binte Ali, Dhaka University Md.Mahfuz Ashraf,
Advertisements

Object-Oriented Software Engineering Visual OO Analysis and Design
UML an overview.
Chapter 11 Component-Level Design
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 12Slide 1 Software Design l Objectives To explain how a software design may be represented.
Modeling Main issues: What do we want to build How do we write this down ©2008 John Wiley & Sons Ltd. vliet.
Software Requirements Engineering
Chapter 22 Object-Oriented Systems Analysis and Design and UML Systems Analysis and Design Kendall and Kendall Fifth Edition.
Object-Oriented Analysis and Design
2-1 © Prentice Hall, 2007 Chapter 2: Introduction to Object Orientation Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph.
Introduction To System Analysis and Design
L4-1-S1 UML Overview © M.E. Fayad SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.
Unified Modeling (Part I) Overview of UML & Modeling
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 14 Slide 1 Object-oriented design 2.
© Copyright Eliyahu Brutman Programming Techniques Course.
Lab 6 CPIT 250 System Analysis and Design.
Sharif University of Technology Session # 7.  Contents  Systems Analysis and Design  Planning the approach  Asking questions and collecting data 
Unified Modeling Language
Object-Oriented Analysis and Design
UML Sequence Diagrams Michael L. Collard, Ph.D. Department of Computer Science Kent State University.
UMLSec IS 2935: Developing Secure Systems Courtesy of Jan Jürjens, who developed UMLsec Lecture 10.
UML - Development Process 1 Software Development Process Using UML (2)
UML Unified Markup Language Ziya Karakaya Atılım University, Computer Engineering
Object Oriented Analysis By: Don Villanueva CS 524 Software Engineering I Fall I 2007 – Sheldon X. Liang, Ph. D.
Model-based Security with UMLsec Software & Systems Engineering Informatics, Munich University of Technology Germany
An Introduction to Software Architecture
Unified Modeling Language, Version 2.0
Introduction To System Analysis and Design
Copyright 2002 Prentice-Hall, Inc. Chapter 2 Object-Oriented Analysis and Design Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey.
1 UML Basic Training. UML Basic training2 Agenda  Definitions: requirements, design  Basics of Unified Modeling Language 1.4  SysML.
Software Engineering Prof. Ing. Ivo Vondrak, CSc. Dept. of Computer Science Technical University of Ostrava
Unified Modeling Language* Keng Siau University of Nebraska-Lincoln *Adapted from “Software Architecture and the UML” by Grady Booch.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 14 Slide 1 Object-oriented Design.
ניתוח מערכות מידע 1 Unified Modeling Language (UML) § § The Unified Modeling Language (UML) is the industry-standard language for: Specifying, Visualizing,
Fall 2010 CS4310 Requirements Engineering A Brief Review of UML & OO Dr. Guoqiang Hu Department of Computer Science UTEP 1.
L6-S1 UML Overview 2003 SJSU -- CmpE Advanced Object-Oriented Analysis & Design Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I College.
The Unified Modeling Language Part II Omar Meqdadi SE 2730 Lecture 9 Department of Computer Science and Software Engineering University of Wisconsin-Platteville.
UML as a Specification Language for Embedded Systems. By, Mir Ahmed Ali, Asst. Professor, ECM department, SNIST. By, Prof. Narsiah sir, Director of School.
SWT - Diagrammatics Lecture 4/4 - Diagramming in OO Software Development - partB 4-May-2000.
1/26 On-demand Learning Series Software Engineering of Web Application - Object-Oriented Development & UML Hunan University, Software School.
Slide 1 Systems Analysis and Design With UML 2.0 An Object-Oriented Approach, Second Edition Chapter 2: Introduction to Object-Oriented Systems Analysis.
Unified Modeling Language. Object Oriented Methods ► What are object-oriented (OO) methods?  OO methods provide a set of techniques for analyzing, decomposing,
Object-Oriented Modeling: Static Models. Object-Oriented Modeling Model the system as interacting objects Model the system as interacting objects Match.
OMT Modeling 1. Object Model : presented by the object model and the data dictionary. 2. Dynamic Model: presented by the state diagrams and event flow.
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
Slide 1 Systems Analysis and Design With UML 2.0 An Object-Oriented Approach, Second Edition Chapter 2: Introduction to Object-Oriented Systems Analysis.
Lecture 10 March 19, 2013 UMLSec 1. Objective Overview of UMLSec How UML has been extended with security construct Some security constructs in UMLSec.
1 Technical & Business Writing (ENG-715) Muhammad Bilal Bashir UIIT, Rawalpindi.
1 Unified Modeling Language, Version 2.0 Chapter 2.
Chapter 2: Introduction to Object Orientation Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph S. Valacich, Jeffrey A.
UML Review of Use case diagrams. 2 Unified Modeling Language The Unified Modeling Language™ (UML) was developed jointly by Grady Booch, Ivar Jacobson,
Fall 2007 Week 9: UML Overview MSIS 670: Object-Oriented Software Engineering.
UML Fundamental Elements. Structural Elements Represent abstractions in our system. Elements that encapsulate the system's set of behaviors. Structural.
CS 501: Software Engineering Fall 1999 Lecture 15 Object-Oriented Design I.
Basic Characteristics of Object-Oriented Systems
WELCOME TO OUR PRESENTATION UNIFIED MODELING LANGUAGE (UML)
Slide 1 Unified Modeling Language, Version 2.0 Object-Oriented SAD.
Introduction to UML.
The Movement To Objects
Main issues: • What do we want to build • How do we write this down
Course Outcomes of Object Oriented Modeling Design (17630,C604)
Object-Oriented Analysis and Design
Systems Analysis and Design With UML 2
Systems Analysis and Design With UML 2
UMLSec IS 2935: Developing Secure Systems Courtesy of Jan Jürjens, who developed UMLsec Feb 6, 2006.
Dynamic Modeling: Defining Classes
Component-Level Design
Unified Modeling Language
Review CSE116 2/21/2019 B.Ramamurthy.
Presentation transcript:

Discussing “Developing Secure Systems with UMLSec” 15 FEB Joe Combs

What Problem are we Trying to Solve? Blindly inserting security mechanisms into a system doesn’t work Need to bring efforts to mitigate these design limitations before system is actually implemented

Introducing UMLSec Extension of Unified Modeling Language - de-facto standard for OO development Attempt to encapsulate & make available to developers knowledge on prudent security engineering Encapsulation and modularity makes OO systems very well suited to considering security

UML Diagrams of Interest Use Case - typical interaction between user and system Activity - workflow modeling/detailed explanation of use case Class - static structure of the system Interaction - sequence or collaboration diagram describes interaction between objects via message exchange State Chart - dynamic component behavior within an object Package - groups parts of a system into higher level units Deployment - describes physical arrangement in a real-world instance

UMLSec Notation Stereotypes > Extensibility mechanism used to create meta-information about an entity in the diagram Tag-Value Pairs {tag,value} Extensibility mechanism to describe a property of a model element

Use Case Diagram >: if “buys goods” then eventually “sells goods”

Activity Diagram Solution on right gives fair exchange if payment is >

Class Diagram Ensure class structure provides data security Key::newkey() guarantees confidentiality & integrity but random does not!

Interaction Diagram Purchase system sends Init message to access card passing a session key signed with M’s private key and encrypted with C’s public key C decrypts the session key with its private key and verifies signature with M’s public key Once session key has been verified in this way, C can encrypt and send secrets using the session key and pass to M on the Resp message

State Chart Diagram Ensure behavior within a component - access control, database security, etc. Transition labels: events - message called on this object [conditions] - must be true for transition to fire \actions - carried out if transition fires

Package Diagram Uses visibility of parts within packages to reason about access privileges

Deployment Diagram Express security requirements on physical layer of the system: communication links hardware security etc.

Security Patterns Operation rx() leaks information on the account balance

The Wrapper Pattern Ensures no low read after a high write

Now What? UMLSec provides a mechanism for communicating security concerns, bringing security up to the requirements and design phases of the lifecycle Where can this go from here? Incorporate UMLSec notation for association, generalization, etc. Formal methods approaches?