Presentation is loading. Please wait.

Presentation is loading. Please wait.

Extending a secure development methodology to distributed systems

Published byJanis Robinson Modified over 6 years ago

Similar presentations

Presentation on theme: "Extending a secure development methodology to distributed systems"— Presentation transcript:

1 Extending a secure development methodology to distributed systems
Yamile Villafuerte Florida Atlantic University Advisor: Eduardo B. Fernandez

2 Agenda Methodology Overview
Extending the methodology to distributed applications Financial Institution Example Conclusions

3 Methodology Overview Security principles must be applied at every development stage: Requirements: List of all possible attacks. Deduce policies to mitigate attacks. Analysis: Analysis patterns with predefined authorizations based on roles. Design: Interfaces can be used to enforce authorizations. Distribution provides another dimension where security restrictions can be applied.

4 Extending the Methodology
Choices at the design stage for distributed applications: Requirements Analysis Design Implementation Centralized Distributed Web Services Remote Objects Fixed Network Wireless Network

5 Extending the Methodology
How can we keep consistency of the security constraints across all development stages? How can we represent security constraints in the lower levels? What are the implications of wireless devices in our design models? Representation using UML deployment diagrams

6 Wireless Devices Challenges
Limitations: Limited power Limited communications bandwidth Limited processing power Relatively unreliable network connection Mobile Tend to get destroyed accidentally or maliciously Have effect on security

7 Mapping I Fixed Networks Wireless Networks UML Application
<?xml version=”1.0” ?> -<Customer = “Info”> <name>Juan</name> </Customer> Web Services SAML, XML Encryption, XML Signature, XKMS, WS-Security CORBA Security, Sec. Broker, Dist. Objects UML Application XML Application Distribution Security Constraints WS Security Dist. Objects Security C1 C2 WS1 WS2 O1 O2 XACML (u1,op1,c1) SAML WS-Policy Simplified Standards

8 Mapping II XACML will allow us to express the security constraints defined in the conceptual model in XML Simplified versions of security standards.

9 Authorization rule using XACML
"Permit manager to open account." There is a lot of XML notation there, but essentially the rule permits a specific subject, to perform a specific action against a specific resource.

10 A Financial Institution Example
Use Case Diagram

11 Analysis Model with RBAC Authorization

12 Design Model

13 Correspondence of Rights
Rights defined for Customer (subject) Views and wireless devices received a subset of these rights. Example: Wireless device can not download a complete list of transactions (limited number of records), but can read balance.

14 Correspondence of Rights

15 Conclusions and future work
We presented some ideas of how to map applications and security constraints defined in the analysis stage. More work needs to be done to elaborate simplified versions of the security standards for web services and to map distribution and hardware.

Download ppt "Extending a secure development methodology to distributed systems"

Similar presentations

DDBMS Security - Bakul Gada.

DDBMS Security - Bakul Gada.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Unifying the Conceptual levels of Network Security through use of Patterns. PhD Proposal Ajoy Kumar Secure Systems Research Group – Florida Atlantic University.

Unifying the Conceptual levels of Network Security through use of Patterns. PhD Proposal Ajoy Kumar Secure Systems Research Group – Florida Atlantic University.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Secure Middleware (?) Patrick Morrison 3/1/2006 Secure Systems Group.

Secure Middleware (?) Patrick Morrison 3/1/2006 Secure Systems Group.
Secure Systems Research Group - FAU Security patterns Eduardo B. Fernandez Dept. of Computer Science and Engineering Florida Atlantic University Boca Raton,

Secure Systems Research Group - FAU Security patterns Eduardo B. Fernandez Dept. of Computer Science and Engineering Florida Atlantic University Boca Raton,
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 6.
1 Restricted to Nortel Networks Internal Review Ebusiness Infrastructure Platform.

1 Restricted to Nortel Networks Internal Review Ebusiness Infrastructure Platform.
Incorporating database systems into a secure software development methodology Eduardo B. Fernandez, Jan Jurjens, Nobukazu Yoshioka, and Hironori Washizaki.

Incorporating database systems into a secure software development methodology Eduardo B. Fernandez, Jan Jurjens, Nobukazu Yoshioka, and Hironori Washizaki.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
INFO 355Week #61 Systems Analysis II Essentials of design INFO 355 Glenn Booker.

INFO 355Week #61 Systems Analysis II Essentials of design INFO 355 Glenn Booker.
Mobile Databases: a Selection of Open Issues and Research Directions Authors: Rachid Guerraoui et al. Sources: SIGMOD Record, 33(2), pp.78-83, 2004 Adviser:

Mobile Databases: a Selection of Open Issues and Research Directions Authors: Rachid Guerraoui et al. Sources: SIGMOD Record, 33(2), pp.78-83, 2004 Adviser:
Patterns for Location and Context-based access control

Patterns for Location and Context-based access control
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
SAML, XACML & the Terrorism Information Sharing Environment “Interoperable Trust Networks” XML Community of Practice February 16, 2005 Martin Smith Program.

SAML, XACML & the Terrorism Information Sharing Environment “Interoperable Trust Networks” XML Community of Practice February 16, 2005 Martin Smith Program.

Similar presentations

Ads by Google