Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Model Driven Security - MDSec2012
Transcript of Model Driven Security - MDSec2012
Ulrich Frank Augmented Enterprise Models as a Foundation for Generating Security-Related Software: Requirements and Objectives Communication Barriers Sophisticated Criminal Attackers Justify Costs More corporate resources, assets and business process are represented in IS Protecting IT– New Challenges Computing and Data resources are more distributed Technical and financial evaluation of solutions
Impact evaluation Organizational Complexities Technical Complexities Business Considerations Technical Considerations Financial Considerations Organizational Considerations Different Areas of Relevance The Goal: Develop a comprehensive IT security solution Foster participation of different stakeholders Relate IT security to business Design and implement IS security infrastructures Assess and reduce risks Overcome technical complexities Overcome organizational complexities The Means: Enriching EM with IT Security Concepts currently there is only marginal account for security issues in enterprise modelling The first step towards developing a new DSML is requirements analysis Literature Ask prospective users about their needs and expectation from the targeted DSML Use scenario development approach (Frank, 2010) Developing DSML - A Challenging Task General Requirements Include Concepts of different perspectives Facilitate Communication Support throughout life cycle abstractions, specific views, graphical notations Use Scenarios Can we use our model for security code generation? The Idea: Identifying opportunities for code generation Define (high level) requirements that the modelling language should satisfy in order to support these opportunities 1 2 Use Scenarios •To which data entities/attributes can a position/role/user access?
•Which access permissions (create, delete, read, update) are given to a position/role/user to perform on a data or its attributes?
•Which business process activities a specific role/ position/user is allowed to perform?
•Who is allowed to access (read/create/delete/update) a specific data entity / data file or to an IT resource?
Under which conditions is a role/position/user allowed to access a data entity / IT resource or to perform an activity? Augmented Org. Structure - Illustrative Questions user Org. Unit position Resources / Activities Who? What? How? under which conditions? 1st Opportunity: Related Requirements RBAC ABAC DB permission tables WSDL files Deployment Descriptors permission sets Which security requirements are related to an IT resource?
Which measures are used to satisfy a security requirement?
What is the cost of adding a security measure resource?
Which security measure is expected to be the most effective?
How is a security measure implemented or configured?
What is the number of attack attempts on an IT resource? What is the number of successful attempts?
What is the average number of attacks per year on a resource?
Who is allowed to use/access a resource (e.g. web service, database, hardware and file)?
What is the justification for purchasing a certain security measure? Augmented IT Resource Diagram - Illustrative Questions 2nd Opportunity: Risk assessment and management Attack history Financial reports Report Generation Access Control - Authorization Generation Related Requirements 5. include risk management concepts 6. type level - instance level integration Which data entities are related to confidential business processes ?
Which data entities/attributes should be encrypted?
What is the security level of a certain entity/attribute?
Which algorithms should be used for their encryption? Augmented Object Model - Illustrative Questions 3rd Opportunity: encryption code generation 7. indicate that an entity/attribute should be encrypted
8. assign different security levels to entities/attributes
9. support technical parameter specification for each security level (encryption algorithm, key-pool...) Related Requirements It should be possible to: Different levels of abstraction: Meta-model Type-level Instance level Summary 3 opportunities to use models for code generation where identified
9 corresponding requirements were derived Continue validating the requirements
Develop the Security modeling method
Validate the method empirically. Future steps: Are there other opportunities?
Are the requirements exhaustive?
requires validation with practitioners / researchers... ? Thank you! Questions? Suggestions? The focus is on opportunities which use the advantages of MEMO: MEMO allows discussion on a higher level of abstraction and integration of different concepts Access Control MEMO supports integration of concepts from different perspectives and from different levels of abstraction Reports Generation Encryption MEMO supports extending a language with new concepts as well as generation of corresponding editors 1. Defining access rights (permission sets) for organizational entities to access different objects. 2. Adding constraints on permissions 3. Modeling permission inheritance. 4. Specification of configuration details for code generation. Threat Threat realization XACML Costs Augmented Organizational structure Augmented IT Landscape Augmented Object Model