1 / 21

MDA and Security

MDA and Security. October 12, 2006 FAU Secure Systems Group Patrick Morrison. Agenda. Motivation for “MDA and Security” Secure Systems Methodology, with patterns A quick tour of MDA, in English this time Example Application MDA in the development lifecycle Evaluation Criteria

teenie
Télécharger la présentation

MDA and Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. MDA and Security October 12, 2006 FAU Secure Systems Group Patrick Morrison

  2. Agenda • Motivation for “MDA and Security” • Secure Systems Methodology, with patterns • A quick tour of MDA, in English this time • Example Application • MDA in the development lifecycle • Evaluation Criteria • Contributions • Next Steps

  3. The problem of Security • “A good percentage of the software deployed in industrial/commercial applications is of poor quality, it is unnecessarily complex, and contains numerous flaws that can be exploited by attackers.” • “We believe that the solution lies in developing secure software from the beginning, applying security principles along the whole life cycle…We see the use of patterns as a fundamental way, even for developers with little experience, to implicitly apply security principles.” • [MDSSP, EBF, et. al.]

  4. Secure Systems Methodology [MDSSP]

  5. Methodology Patterns

  6. Design (and other) patterns • “A design pattern names, abstracts and identifies the key aspects of a common design structure that makes it useful for creating a reusable object-oriented design” [GOF, pg 3]

  7. The promise of MDA • by using “precise but abstract and graphical representations of algorithms, MDA allows the construction of computing systems from models that can be understood much more quickly and deeply than can programming language “code” [MDAD, pg. xiv].

  8. The Question(s) • Can MDA be applied to the design and construction of secure systems? • To what degree is it now possible to work in terms of high-level models rather than code? • Does MDA allow for the creation and reuse of generic models? • Does MDA reduce the amount of low-level work that needs to be done?

  9. Combining Patterns, Security and MDA: SOUPCAN • Secure grOUP Chat Application for Networks • Provide invitation-only chat rooms with secure communications, allowing participants to form “cliques” in order to gossip, plan wars, etc… • Example of using the secure systems methodology with MDA

  10. SOUPCAN • Requirements chosen to facilitate use of existing security patterns, e.g. Reference Monitor, Authenticator, Authorizer, Credentials, Secure Broker • (Hopefully) Small enough to be implementable • (Hopefully) Large enough to illustrate issues in application of MDA, Secure Systems with Patterns Methodology.

  11. Lifecycle Step: Analysis • Process: Evaluate requirements, identify use cases, high-level structure, apply patterns where appropriate • Results: Application model containing UML Use Case and Class diagrams

  12. SOUPCAN Use Cases • UML Built with MagicDraw • Stored as XMI data • Excerpt: <UML:Actorxmi.id="249272_1" name="Host" /> <UML:Actorxmi.id="940417_17" name="Participant" /> <UML:Actorxmi.id="448524_33" name="Administrator" /> <UML:UseCasexmi.id="949209_49" name="Administration" /> <UML:UseCasexmi.id=“838290_60" name="Invitation" /> <UML:UseCasexmi.id="896208_71" name="Registration" /> <UML:UseCasexmi.id="428793_82" name="Chat" /> <UML:Association xmi.id="975434_95"> <UML:Association.connection> <UML:AssociationEndxmi.id="250191_93" isNavigable="true" participant="249272_1" /> <UML:AssociationEndxmi.id="742224_94" isNavigable="true" participant="838290_60" /> </UML:Association.connection> </UML:Association>

  13. Lifecycle Step: Design • Process: Develop class and sequence diagrams which implement the Use Cases, apply patterns where appropriate • Results: Application and Security models containing UML Class and sequence diagrams

  14. SOUPCAN Class Diagram

  15. SOUPCAN Class Diagram It’s (Secure) Broker!

  16. Architectural concerns for implementing Secure Broker * Diagram from MDSSP

  17. Lifecycle Step: Implementation • Process: Select a platform and platform model, make connections between the design and the platform, via the platform model • Selected: MagicDraw, androMDA, C#, ASP.NET, Visual Studio, nHibernate, … • Results: Code generated from the models

  18. Implementation Details… Mapping… :32,997 - discovering namespaces - :34,440 found namespace --> 'aspdotnet' :34,440 + registering component 'cartridge' :34,870 + registering component 'metafacades' :35,331 + registering component 'profile' :40,628 found namespace --> 'uml-1.4' :40,628 + registering component 'metafacades' :41,960 + registering component 'profile' :42,000 found namespace --> 'validation' :42,010 + registering component 'translation-library' :53,948 - core initialization complete: 22.373[s] - :54,568 loading model --> 'file:C://TimeTracker.Model.xmi' :58,905 referenced model --> 'jar:file:/uml14/profile/profile-.xml' :59,045 referenced model --> 'profile-datatype.xml' :59,285 referenced model --> 'profile-service.xml' :59,445 referenced model --> 'profile-process.xml' :59,576 referenced model --> 'profile-presentation.xml' :59,746 referenced model --> 'profile-meta.xml' :59,866 referenced model --> 'profile-xml.xml' :59,986 referenced model --> 'andromda-profile-persistence.xml' :01,118 - loading complete: 7.13[s] - :01,118 - validating model - :06,175 - validation complete: 5.057[s] - :07,076 INFO [AndroMDA:cs] Output: 'file:/C:../TimeTracker/VO/UserVO.cs' // Name: UserVO.cs // Attention: Generated code! Do not modify by hand! (I did anyway) // Generated by: ValueObject.vsl in andromda-cs-cartridge. using System; namespace Northwind.TimeTracker.VO { [Serializable] public class UserVO { #region Attributes and Associations private long _id; private String _userName; private String[] _roles; #endregion #region Constructors public UserVO(long id, String userName, String[] roles) { this._id = id; this._userName = userName; this._roles = roles; } …

  19. Evaluation • Does the generated code implement the design? Can users of the system chat? • How secure is the system? Is it correlated to the design models? • How independent are the Application, Security and Platform models? Can, for example, the Security model be reused with a different application model? With a different platform model? • Does MDA keep its promise? How much programming language coding needs to be done?

  20. Contributions • A UML Model for security, based on patterns • A worked example of the Secure Systems Methodology, through Analysis, Design and Implementation. • A worked example of MDA development • Description of a tool chain for building MDA applications (MagicDraw, androMDA, Visual Studio 2005, etc) • An example application, with requirements and design.

  21. Next Steps… • Complete design of SOUPCAN • Split design into separate Application and security models, link them • Document experiences, issues with using the current tools

More Related