An AspectOriented Approach to Security Requirements Analysis - PowerPoint PPT Presentation

1 / 29
About This Presentation
Title:

An AspectOriented Approach to Security Requirements Analysis

Description:

Identification of security join points and pointcuts. Modeling of mitigation advices ... Threatening use cases, the threat join points and mitigation aspects. ... – PowerPoint PPT presentation

Number of Views:27
Avg rating:3.0/5.0
Slides: 30
Provided by: vgo63
Category:

less

Transcript and Presenter's Notes

Title: An AspectOriented Approach to Security Requirements Analysis


1
An Aspect-Oriented Approach to Security
Requirements Analysis
  • Dianxiang Xu, Vivek Goel, Ken Nygard
  • Department of Computer Science
  • North Dakota State University

2
Agenda
  • Introduction
  • Related Work
  • The Aspect-Oriented Approach
  • Modeling Crosscutting Threats
  • Modeling Mitigation Aspects
  • Conclusions

3
Introduction
  • Security requirements are often considered
    non-/extra- functional
  • Analysis is typically associated with functional
    requirements.
  • Adversarys perspective of security
  • Tends to tightly couple functional and security
    requirements
  • Requires close interaction between non-security
    analysts and security experts

4
Related Work
  • Misuse/Abuse Cases
  • Anti-Goal Approach
  • Threat Modeling
  • Aspect-Oriented Requirements Analysis

5
Use/Misuse/Abuse Cases
  • Use Cases
  • Popular tool for eliciting functional
    requirements.
  • Written in an easy to understand narrative.
  • Misuse cases (Sindre and Opdahl)
  • Negative use cases based on the idea of rogue
    users successfully attacking systems.
  • Abuse cases (McDermott)
  • Represent interaction between malefactors and the
    system that result in harm to an asset

6
Aspect-Oriented Requirements
  • AOSD
  • Modularity for crosscutting concerns.
  • AOSD with Use Cases (Jacobson Ng)
  • Join points use case elements
  • Pointcuts extension points
  • Aspects use cases
  • Security Perspective
  • Threats are misuse cases

7
Our Aspect Approach
  • Use Cases functional requirements.
  • Crosscutting Threat Aspects
  • Identification
  • Modeling
  • Mitigation Aspects
  • Identification of security join points and
    pointcuts
  • Modeling of mitigation advices

8
Use Case Diagrams
9
Use Case Templates
  • Use case number name
  • Goal
  • Actor
  • Preconditions
  • Main flow of events
  • Alternate flows
  • Post conditions
  • Extension points

10
Order Goods Use Case Description
11
Crosscutting Nature of Threats
  • Threats of the Order Goods use case
  • Data Modification Steps 1, 2 and 6
  • Other use cases may be threatened by the same
    threat.
  • Register Customer is threatened by the same
    threat at Steps1 and 2 of Main flow.

12
Identifying Crosscutting Threats
  • CIA Security Goals
  • STRIDE
  • Spoofing Identity
  • Tampering Data
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege

13
Threats in Order Goods Use Case
14
Threat Aspects
  • Join Point
  • Use case name
  • Use case section
  • Step number
  • Pointcut
  • A (named) group of join points
  • Advice
  • Threat descriptions

15
ModData Pointcut Model
16
Threat Description
  • Threat name
  • Threat category
  • Threat objective
  • Threat preconditions
  • Threat flow
  • Threat postconditions
  • Alternate flows
  • Remarks

17
Threat Description for Modification of Stored Data
18
Modification of Stored Data Threat Aspect
19
Mitigation Aspects
  • Mitigation aspects
  • Alleviate the crosscutting threats.
  • Modeling Process
  • Identification and grouping of security pointcuts
  • Modeling of mitigation advice
  • Bundling of the security pointcuts and mitigation
    advice into aspects.

20
Security Pointcuts
  • A collection of points of security where the
    mitigation logic needs to be inserted
  • Includes one or more threat pointcuts.
  • One mitigation aspect can be used for one or more
    threats.

21
Mitigation Advice
  • Advice name
  • Mitigation type
  • Mitigation category
  • Objective
  • Preconditions
  • Mitigation flow
  • Post conditions
  • Prevention advice
  • Reaction advice
  • Alternate flow
  • Remarks

22
Encrypt Data Store Advice
23
Encrypt Stored Data Aspect
24
Understanding Requirements
  • Relationships between use cases and threats
    (mitigations) are many to many
  • Different Questions
  • Threats for a given use case?
  • Use cases involved in a given threat?
  • Use cases involved in a given mitigation?

25
Different Views
  • Perspective of the use cases
  • The points of vulnerability, and the available
    mitigation aspects.
  • Perspective of the threats
  • Threatening use cases, the threat join points and
    mitigation aspects.
  • Perspective of the mitigation aspects
  • The security join points and the crosscutting
    threat aspects.

26
Consistency Issues
  • Generalization
  • Include Relationship
  • Extend Relationship
  • Threats in Mitigation Flow

27
The Case Study
28
Conclusions
  • Aspect-oriented analysis of functional and
    security requirements.
  • Structured way to model crosscutting threats and
    mitigations
  • Advantages
  • Improved modularity
  • Adaptability
  • Reusability
  • Future Work
  • Tool support for threat and mitigation modeling

29
Q/A?
  • Thank You !
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "An AspectOriented Approach to Security Requirements Analysis" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!