Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip...
-
Upload
evangeline-bridges -
Category
Documents
-
view
213 -
download
0
Transcript of Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip...
![Page 1: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/1.jpg)
Security Pattern Mining and Certification: An Evidence-Based Approach
Jungwoo Ryoo and Phillip LaplantePenn State University
Rick KazmanUniversity of Hawaii
![Page 2: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/2.jpg)
2
Software Patterns
• Recurring problems– Well known solutions– Example: how to build a castle
• No need to– Start from scratch
• Gang of Four– Erich Gamma et al., Design Patterns. Addison Wesley,
1994.
Background
12/18/2009 Penn State University University of Hawaii
![Page 3: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/3.jpg)
3
Types of Patterns
12/18/2009 Penn State University University of Hawaii
Early DesignAnalysis
Implementation
Testing
Requirements ElicitationInception
Deployment
Detailed Design
Software Development Life Cycle
Architectural Patterns
Design Patterns
Background
![Page 4: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/4.jpg)
4
Architectural vs. Design Patterns
• Architectural pattern– Addresses overarching/cross-cutting concerns
such as• Security• Performance• Usability• Modifiability• Reusability
• Design pattern– Addresses functional requirements
12/18/2009 Penn State University University of Hawaii
Background
![Page 5: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/5.jpg)
5
Patterns Community
12/18/2009 Penn State University University of Hawaii
Background
![Page 6: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/6.jpg)
6
Architectural Pattern Characteristics
• Community-driven– Size
• Context-bound– Problem domain-specific
• Multiple forces– Quality attributes
12/18/2009 Penn State University University of Hawaii
Motivation
![Page 7: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/7.jpg)
7
Architectural Patterns: Shortcomings
• Community-driven– Long turn-around time
12/18/2009 Penn State University University of Hawaii
Motivation
![Page 8: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/8.jpg)
8
Architectural Patterns: Shortcomings
• Still too– concrete and
– restricting
as a starting point (not malleable)• Need for a more primitive concept
– Something that maps directly to a particular concern such as security
12/18/2009 Penn State University University of Hawaii
Motivation
![Page 9: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/9.jpg)
9
Architectural Patterns: Shortcomings
• Already interwoven solutions
• Due to their multi-force nature– No rigorous way to verify the
• Effectiveness in addressing a particular quality attribute
• Influence on other quality attributes
12/18/2009 Penn State University University of Hawaii
Motivation
![Page 10: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/10.jpg)
10
Introducing Tactics
• More fine grained concept than architectural patterns– Decomposition of an architectural pattern
• Identification of building blocks of an architectural pattern
– Mapping between a single quality attribute and an architectural pattern
– Establishing the traceability
12/18/2009 Penn State University University of Hawaii
Our Approach
![Page 11: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/11.jpg)
11
Types of Patterns
12/18/2009 Penn State University University of Hawaii
Early DesignAnalysis
Implementation
Testing
Requirements ElicitationInception
Deployment
Detailed Design
Software Development Life Cycle
Architectural Patterns
Design Patterns
Our Approach
Very Early Design
Tactics
![Page 12: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/12.jpg)
12
Tactics: Benefits
• No more guess work– Architects know exactly why they need a pattern!
• Easier verification of effectiveness– Problem: privilege escalation– Solution: privilege separationvs.– Problem: Separation of concerns in Web
applications– Solution: MVC or Model View Controller
12/18/2009 Penn State University University of Hawaii
Our Approach
![Page 13: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/13.jpg)
13
After-the-Fact Security Solutions
• Today’s software security research mainly focuses on:– Testing
• Static code analysis using software tools
• Example– The Open Source Hardening Project
• Coverity® tool
12/18/2009 Penn State University University of Hawaii
Ongoing Research
![Page 14: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/14.jpg)
14
Analogy: a Secure Building
12/18/2009 Penn State University University of Hawaii
vs.
Ongoing Research
![Page 15: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/15.jpg)
15
Security Tactics Hierarchy
12/18/2009 Penn State University University of Hawaii
![Page 16: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/16.jpg)
16
Ultimate Goal of our Research
• Proactively building a
repository of high-level design strategies (referred to as tactics) whose effectiveness is verifiable, to help software architects develop their own customized structural design that is both secure and problem-specific.
12/18/2009 Penn State University University of Hawaii
Ongoing Research
![Page 17: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/17.jpg)
17
What about a Community Process?
• Of course, this repository could be built naturally through a community process based on consensus
• Problems– Time– Verification
12/18/2009 Penn State University University of Hawaii
Ongoing Research
![Page 18: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/18.jpg)
18
Methodology for Mining Tactics
• We propose that tactics be mined proactively from the existing – Open source code base and– Patterns.
• Currently, many tactics are misidentified as patterns.
12/18/2009 Penn State University University of Hawaii
Ongoing Research
![Page 19: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/19.jpg)
19
Methodology for Scientific Verification
• Open source projects can serve as a proving ground for scientifically verifying the effectiveness of a tactic.
12/18/2009 Penn State University University of Hawaii
Ongoing Research
![Page 20: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/20.jpg)
20
Evidence-Based SE through Open Source
• The methodology– Identify
• Multiple open source projects• Defect and tactic pairs
– For example, privilege escalation and separation
– Compare• The number of defects
– before and after the tactic within the same open source project by tracking the history of the defects
– With or without the tactic among multiple open source project
– Analysis• If the number of relevant defects
– Goes down– Is smaller
• The tactic is effective
12/18/2009 Penn State University University of Hawaii
Ongoing Research
![Page 21: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/21.jpg)
21
PublicationsJungwoo Ryoo, Phil Laplanteand Rick Kazman, In Search ofArchitectural Patterns forSoftware Security, Computer,42 (6): 98-100, June 2009.
12/18/2009 Penn State University University of Hawaii
![Page 22: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/22.jpg)
22
Questions and Answers
12/18/2009 Penn State University University of Hawaii
![Page 23: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/23.jpg)
Penn State University University of Hawaii 23
Relationship between Tactics and Patterns
• Tactics– Help architects with an initial architectural design
process– are building blocks of a pattern– Establish direct traceability between specific
quality attributes and a pattern
12/18/2009
![Page 24: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/24.jpg)
Penn State University University of Hawaii 24
Differences between Tactics and Patterns
• Atomicity• Force limitation• Problem specificity• Completeness• Tradeoffs between forces
12/18/2009
![Page 25: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/25.jpg)
Penn State University University of Hawaii 25
Mining Tactics from Patterns
• Compartmentalization– “Put each part in a separate security domain.
Even when the security of one part is compromised, the other parts remain secure.”
12/18/2009
Security
Resisting Attacks
Limit Access
Compartmentalization
Ongoing Research
![Page 26: Security Pattern Mining and Certification: An Evidence-Based Approach Jungwoo Ryoo and Phillip Laplante Penn State University Rick Kazman University of.](https://reader030.fdocuments.in/reader030/viewer/2022032723/56649d025503460f949d5ea0/html5/thumbnails/26.jpg)
Penn State University University of Hawaii 26
Tactics and Patterns
12/18/2009
Example
Concrete Authenticator
+authenticate(s)()
Authenticator
+authenticate(s)()+get()
Object Factory
+create()
ConcreteObjectFactory
+create()
RemoteObjectCreates
“The authenticator pattern performs authentication of a requesting process before deciding access to distributed objects.”