 |
|
||||||||||
Model-Driven Security with SecureUML
Almost daily do we hear about newly detected software vulnerabilities, allowing attackers to steal or destroy information, to enter protected areas, or to cause denial of services. Especially systems connected to the Internet are in danger and need to be well designed and carefully implemented to minimize attacking possibilities.
Model Driven Security (MDS) embraces a model-centric development approach to increase the security of software systems. It is based on the observations that (1) security mechanisms are rather easy to state but difficult to realize and (2) that security is often neglected in favor of "real" features. As a consequence, security is considered late in the design process and realized badly yielding to insecure systems and potentially to costly damage during operations.
The vision of the MDS project is to offer a variety of functionality to software engineers assisting them in making systems more secure more easily.
MDS Blueprint
UML
XMI (XML Metadata Interchange) is a standard format used by UML tools to export the various kinds of UML diagrams. We designed a security modelling language, SecureUML, that allows to specify access control requirements in arbitrary UML design models.
Unfortunately, each UML tool uses a slightly different version of XMI making interoperability a challenge. Therefore, an important step for MDS is to extract the MDS-model off the UML model.
System Generation
Starting from the MDS-model, code and security configuration is automatically generated for different platforms. Generators for Java plus JAAS or Permis as well as for C#/.Net already exist. Further candidate platforms are: EJB, WebServices, Java plus the SpringFramework.
Verification
Determine security properties of the model using theorem provers, such as Isabelle/HOL-OCL. We developed a transformation from MDS models using SecureUML to generic UML/OCL models. Using this transformation, it is possible to use Isabelle/HOL-OCL to analyse security properties of the design model. For an alternative approach, we are investigating to add specialized support for analysing access control requirements to Isabelle/HOL-OCL, resulting in Isabelle/HOL-OCL/SecureUML.
Model Checking
Determine security properties of the model using model checkers, such as SPIN.
Test Cases
Model information is used to automatically generate test suites to be applied on (not automatically generated) systems.
Development Process Integration
To allow for seamless use, the functionality needs to be integrated into the process used by the software engineers. Possible integration points are UML-tools, IDEs (Eclipse) or build tools (Ant, Maven).
Projects
In the context of MDS, we offer a variety of projects
References
- Model Driven Security, Technical Report 414, ETH Zurich, 2004
- MDA (Model Driven Architecture)
- RBAC (Role-Based Access Control), standard of NIST
- Java Security
- Permis, University of Salford
Wichtiger Hinweis:
Diese Website wird in älteren Versionen von Netscape ohne
graphische Elemente dargestellt. Die Funktionalität der
Website ist aber trotzdem gewährleistet. Wenn Sie diese
Website regelmässig benutzen, empfehlen wir Ihnen, auf
Ihrem Computer einen aktuellen Browser zu installieren. Weitere
Informationen finden Sie auf
folgender
Seite.
Important Note:
The content in this site is accessible to any browser or
Internet device, however, some graphics will display correctly
only in the newer versions of Netscape. To get the most out of
our site we suggest you upgrade to a newer browser.
More
information
!!! Dieses Dokument stammt aus dem ETH Web-Archiv und wird nicht mehr gepflegt !!!
!!! This document is stored in the ETH Web archive and is no longer maintained !!!
!!! This document is stored in the ETH Web archive and is no longer maintained !!!
