Integrating Digital Media and Educational Software Applications
Integrating Access Control Design into the Software Development Process
description
Transcript of Integrating Access Control Design into the Software Development Process
![Page 1: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/1.jpg)
Integrating Access Control Design into the Software Development
Process
G. Brose (Xtradyne AG)
M. Koch, P.Löhr (FU Berlin)
IDPT‘02, June 2002
![Page 2: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/2.jpg)
Overview
Motivation View-based Access Control Integrating Access Control in UML
– security analysis– security design
Generation of the Access Control Policy specification
Conclusion
![Page 3: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/3.jpg)
Motivation
Security aspects are inherent in any modern software system
But: Security is not a part in the development process Why ?:
– security requirements are difficult to analyze and model– system engineers are not security experts
Problems: – Unsatisfied security requirements – Integration difficulties
![Page 4: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/4.jpg)
Our approach - Aims
Systematic support for software engineers who need to produce secure software
Integration into the software development process with UML
How ? – Use of existing UML model elements – Security design with UML tools– No security expert knowledge neccessary – UML design for the generation of security specifications
![Page 5: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/5.jpg)
Our approach – What we have done
Integration of view based access control policy design into the software development process with UML
Generation of the access control specification from the UML design model to configure a CORBA-based infrastructure (Raccoon)
![Page 6: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/6.jpg)
View-based Access Control
Design and management of access control policies in object-oriented systems
Extension of role-based access control by views
View is a set of access rights Views are specified in the View Policy
Language (VPL)
![Page 7: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/7.jpg)
View Policy Language (VPL)
IDL: VPL:
interface Paper { view Reading controls Paper { void read(out string s); allow read; } void write(in string s); void append(in string s); view Writing: Reading void correct(in string s); restricted_to Author { void submit(): allow }; write; append; }
view Submit controls Paper { allow submit; }
![Page 8: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/8.jpg)
View Policy Language
policy Conference { view Reading {...} view Writing {...} view Submit {...}
roles Chair;
Reviewer; Author;
}
![Page 9: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/9.jpg)
Integrating Access Control – Overview
VPLVPLIDLIDL
IDLIDL
functional requirements
functionaldesign
security design
+
+
security requirements+
generation
![Page 10: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/10.jpg)
Integrating Access Control
Security Requirements
![Page 11: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/11.jpg)
Security analysis
Functional requirements are expresed in use cases
Security requirements are added to the use case models
Access control information is inherent in functional system requirements and facilitates the integration
![Page 12: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/12.jpg)
Example: Digital Calendar
![Page 13: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/13.jpg)
Actors and Role Identification
UML actor: – a coherent set of specific behaviors that users of an
entity have when interacting with an entity.
VBAC role:– sets of functions that an individual user has as part
of an organization
VBAC role = UML Actor
![Page 14: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/14.jpg)
Actors and Role Identification
RoleCalendar owner
RoleOther
RoleSecretary
![Page 15: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/15.jpg)
Identification of use case accesses
Extracting accesses from the informal use case descriptions
Attaching notes to communication associations in the use case diagram– allowed and denied accesses– high-level and informal
Analyst considers and expresses security aspects already in the analysis phase
![Page 16: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/16.jpg)
Identification of use case accesses
edit entry: The calendar owner can read his/her entriesand modify them. Modifications may cover the time,the day, and the room. The secretary of the calendar ownercan read the calendar entries and make the calendarmodifications, too.
update room: A secretary books a room on behalf of the calendar owner. The calendar owner is not allowed to booka room by her-/himself.
![Page 17: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/17.jpg)
Identification of use case accesses
<<deny>>
![Page 18: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/18.jpg)
Security analysis - summary
UML Actors = VBAC Roles Modeling of denied communications in use
cases Making implicit access information in natural
use case description explicit in notes
![Page 19: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/19.jpg)
Integrating Access Control
Security Design
![Page 20: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/20.jpg)
Security Design
Starting point is the use case diagram
Class diagram (for CORBA interfaces)
View Diagram – views on CORBA interfaces
![Page 21: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/21.jpg)
Security Design
![Page 22: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/22.jpg)
View Diagram
Notes in use case diagrams are the starting point for view definition
![Page 23: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/23.jpg)
View Diagram
For each note N:– View V(N,I) = all access rights with respect to
interface I– access rights are permissions to access the
operation– <<deny>> association defines a view with denials
View diagram contains all views for one interface
View diagram is drawn “like“ a class diagram
![Page 24: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/24.jpg)
View Diagram
roles to which the viewcan be assigned
![Page 25: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/25.jpg)
View Diagram
![Page 26: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/26.jpg)
View Diagram
RoomBooking
Secretary
bookcancel
NoRoomBooking
CalendarOwner
_cancel_book
IDL:Room
denials
![Page 27: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/27.jpg)
View Diagram
Explicit representation of views and assignment to roles
Designer can check the assignment and detect too powerful roles
![Page 28: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/28.jpg)
VPL Generation
UML CASE Tool
XMI export XMLXML
PolicyServerPolicyServer
RoleServerRole
Server
VPLVPLXSLT
RACCOON
![Page 29: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/29.jpg)
VPL Generation
policy Calendar { roles Other Secretary: Other CalendarOwner: Secretary}
UML VPL
![Page 30: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/30.jpg)
VPL Generation
UML VPL
View RoomBooking controls Room restricted to Secretary{ allow book cancel}
RoomBooking
Secretary
bookcancel
NoRoomBooking
CalendarOwner
_cancel_book
IDL:Room
![Page 31: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/31.jpg)
VPL Generation
RoomBooking
Secretary
bookcancel
NoRoomBooking
CalendarOwner
_cancel_book
IDL:Room
UML VPL
View RoomBooking controls Room restricted to Secretary{ deny book cancel}
![Page 32: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/32.jpg)
Conclusion
Systematic approach to integrate access control policy design into the devlopment process with UML
Security requirments are considered early UML model is used to genarte the VPL UML tools can be used No security expert knowledge necessary
![Page 33: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/33.jpg)
Weitere Folien
![Page 34: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/34.jpg)
Access Control
Preventing unauthorized access to resources Authorized accesses are specified in access control
policies Security models are ...
– discretionary access control (e.g., Access Contol List)– mandatory access control (e.g. lattice-based access control)– role-based access control– view-based access control– ....
![Page 35: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/35.jpg)
View Policy Language
Object/Type
Role/Subject
o:Paper Paper
Author Reading
Reviewer
Jack Writing,Submit
Access Control Matrix
![Page 36: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/36.jpg)
Client Serveraccess_object()
Object
allow/deny access?
Roles
DomainDomain PolicyPolicy
Role Mgmt. Domain Mgmt. Policy Mgmt.
Role Server
Policy Server
DomainServer
Raccoon - Architecture
![Page 37: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/37.jpg)
Raccoon
VPLVPL
Development
IDLIDL
IDLIDL RACCOON
Deployment
management infrastructure
![Page 38: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/38.jpg)
Actors and Role Identification
UML role: – „named specific behavior of an entity participating in
a particular context“– modeled by named association ends
UML actor: – „a coherent set of roles that users of an entity can
play when interacting with an entity. An actor has one role for each use case with which it communicates“
![Page 39: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/39.jpg)
Role Diagram
Access Control roles and specialization of roles
Actors of the use cas diagram
Other
Secretary
CalendarOwner
![Page 40: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/40.jpg)
Forbidden Use Cases
Specification of possible, but unallowed use case accesses
Documentation of unauthorized accesses
Stereotype <<deny>> for denied communication associations
![Page 41: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/41.jpg)
Forbidden Use Cases
<<deny>>
![Page 42: Integrating Access Control Design into the Software Development Process](https://reader036.fdocuments.in/reader036/viewer/2022070413/56814d12550346895dba4ffd/html5/thumbnails/42.jpg)
Security design - summary
View Diagrams are based on informal accesses in the notes of use cases
Role Diagram is based on the actors in use case diagrams