An AspectOriented Approach to Security Requirements Analysis - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

An AspectOriented Approach to Security Requirements Analysis

Description:

Extension points. Order Goods Use Case Description ... Denial of Service. Elevation of Privilege. Threats in Order Goods Use Case. 4. Main flow ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 30
Provided by: vgo6
Category:

less

Transcript and Presenter's Notes

Title: An AspectOriented Approach to Security Requirements Analysis


1
An Aspect-Oriented Approach to Security
Requirements Analysis
  • Dianxiang Xu, Vivek Goel, Ken Nygard
  • Department of Computer Science
  • North Dakota State University

2
Agenda
  • Introduction
  • Related Work
  • The Aspect-Oriented Approach
  • Modeling Crosscutting Threats
  • Modeling Mitigation Aspects
  • Conclusions

3
Introduction
  • Security requirements are often considered
    non-/extra- functional
  • Analysis is typically associated with functional
    requirements.
  • Adversarys perspective of security
  • Tends to tightly couple functional and security
    requirements
  • Requires close interaction between non-security
    analysts and security experts

4
Related Work
  • Misuse/Abuse Cases
  • Anti-Goal Approach
  • Threat Modeling
  • Aspect-Oriented Requirements Analysis

5
Use/Misuse/Abuse Cases
  • Use Cases
  • Popular tool for eliciting functional
    requirements.
  • Written in an easy to understand narrative.
  • Misuse cases (Sindre and Opdahl)
  • Negative use cases based on the idea of rogue
    users successfully attacking systems.
  • Abuse cases (McDermott)
  • Represent interaction between malefactors and the
    system that result in harm to an asset

6
Aspect-Oriented Requirements
  • AOSD
  • Modularity for crosscutting concerns.
  • AOSD with Use Cases (Jacobson Ng)
  • Join points use case elements
  • Pointcuts extension points
  • Aspects use cases
  • Security Perspective
  • Threats are misuse cases

7
Our Aspect Approach
  • Use Cases functional requirements.
  • Crosscutting Threat Aspects
  • Identification
  • Modeling
  • Mitigation Aspects
  • Identification of security join points and
    pointcuts
  • Modeling of mitigation advices

8
Use Case Diagrams
9
Use Case Templates
  • Use case number name
  • Goal
  • Actor
  • Preconditions
  • Main flow of events
  • Alternate flows
  • Post conditions
  • Extension points

10
Order Goods Use Case Description
11
Crosscutting Nature of Threats
  • Threats of the Order Goods use case
  • Data Modification Steps 1, 2 and 6
  • Other use cases may be threatened by the same
    threat.
  • Register Customer is threatened by the same
    threat at Steps1 and 2 of Main flow.

12
Identifying Crosscutting Threats
  • CIA Security Goals
  • STRIDE
  • Spoofing Identity
  • Tampering Data
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege

13
Threats in Order Goods Use Case
14
Threat Aspects
  • Join Point
  • Use case name
  • Use case section
  • Step number
  • Pointcut
  • A (named) group of join points
  • Advice
  • Threat descriptions

15
ModData Pointcut Model
16
Threat Description
  • Threat name
  • Threat category
  • Threat objective
  • Threat preconditions
  • Threat flow
  • Threat postconditions
  • Alternate flows
  • Remarks

17
Threat Description for Modification of Stored Data
18
Modification of Stored Data Threat Aspect
19
Mitigation Aspects
  • Mitigation aspects
  • Alleviate the crosscutting threats.
  • Modeling Process
  • Identification and grouping of security pointcuts
  • Modeling of mitigation advice
  • Bundling of the security pointcuts and mitigation
    advice into aspects.

20
Security Pointcuts
  • A collection of points of security where the
    mitigation logic needs to be inserted
  • Includes one or more threat pointcuts.
  • One mitigation aspect can be used for one or more
    threats.

21
Mitigation Advice
  • Advice name
  • Mitigation type
  • Mitigation category
  • Objective
  • Preconditions
  • Mitigation flow
  • Post conditions
  • Prevention advice
  • Reaction advice
  • Alternate flow
  • Remarks

22
Encrypt Data Store Advice
23
Encrypt Stored Data Aspect
24
Understanding Requirements
  • Relationships between use cases and threats
    (mitigations) are many to many
  • Different Questions
  • Threats for a given use case?
  • Use cases involved in a given threat?
  • Use cases involved in a given mitigation?

25
Different Views
  • Perspective of the use cases
  • The points of vulnerability, and the available
    mitigation aspects.
  • Perspective of the threats
  • Threatening use cases, the threat join points and
    mitigation aspects.
  • Perspective of the mitigation aspects
  • The security join points and the crosscutting
    threat aspects.

26
Consistency Issues
  • Generalization
  • Include Relationship
  • Extend Relationship
  • Threats in Mitigation Flow

27
The Case Study
28
Conclusions
  • Aspect-oriented analysis of functional and
    security requirements.
  • Structured way to model crosscutting threats and
    mitigations
  • Advantages
  • Improved modularity
  • Adaptability
  • Reusability
  • Future Work
  • Tool support for threat and mitigation modeling

29
Q/A?
  • Thank You !
Write a Comment
User Comments (0)
About PowerShow.com