Download presentation
Presentation is loading. Please wait.
1
Security analysis of COM with Alloy
Presenter: AliReza Namvar
2
Outline Motivation Problem Review of COM Security in COM
Modeling with Alloy Preliminary Conclusions References
3
Motivation Security aspects in SD Architectural infrastructures
Network security protocols Secure applications Architectural infrastructures Security in infrastructures Component-based SD Secure component communications Secure communication of part objects of an application How to preserve secure communication of objects? Considering distributed apps,…Web application. Such infrastructures are used as de-facto-standard in industrial development so the design and validation is a major concern
4
Problem Formal analysis of existing component based architectural frameworks Case study: modeling security in COM Analysis Tool: Alloy Analyzer Evolution of Security model of COM Extracting Invariant abstractions Specifying the invariants in Alloy so the design and validation is a major concern Analyzing their key properties is vital for their effective and safe use.
5
Overview of COM What is COM? Interface negotiation
Legal/outer vs. inner components An infrastructure for the creation, operation, and management of components. Language and compiler independent, binary version of type coercion Outers follows normal rules of interface negotiation.inner comps are aggregated by other components and they do not obey standard COM rules
6
Security in COM Two categories of security
Activation Call Utilizes OS security: permissions of a user to start a code, etc Based on DCE RPC security architecture Security in cross-process, cross-network server Activation:Dictates how new objects are started , how to connect new and existing objs….Seuring public services Call:security in established connection Read only /read write So the preserving security is much more sophisticated
7
Security in COM(cntd) “Service Control Manager” Call Security
CoRegisterClassObject, IRunningObjectTable::Register IActivationSecurity Interface Call Security DCE RPC mechanism Automatic by COM infrastructure CSS:general APIs,server-side APIs, call-context interfaces to support static and dynamic activation security 1-provides APIs that applications may use to do their own security checking 2-based on setup information..security checking for the processes Not exclusive
8
Alloy A first-order notation : Combines the best features of Z and UML
Schema structuring and a simple set-theoretic semantics Various declaration shorthands State machines with operations over complex states. Alloy has data structures:table,tree, etc Invariant-based reasoning:Formulate assertions that claim an invariant is preserved.
9
Why Alloy Specification in first order logic Finite Search
Atomic representation for objects Relational language Finite Search Deep semantic analysis Offers fully automatic analysis of object models Checks consistency of constraints Simulates execution of operations No Composite structures
10
Source: http://theory.lcs.mit.edu/~dnj/talks/
Analysis approach Alloy Analyzer is a model refuter! When an assertion is found to be false, it generates a counterexample. Incremental process Source:
11
Preliminary Conclusions
First model: Declarative model of Security in COM Extracting security patterns in COM Describes systems state and behavior by listing properties
12
References Box, D., Essential COM, Addison-Wesley, 1998
Jackson D. and Sullivan K., “COM Revisited: Tool Assisted Modelling of an Architectural Framework”, Proc. ACM SIGSOFT Conf. Foundations of Software Engineering. San Diego, November 2000. Jackson D., Alloy: Lightweight Modelling and Analysis with Alloy.(Alloy’s Book) Microsoft Corporation, The Component Object Model Specification,version 0.9, October 24, 1995, available at:
13
specification
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.