a model driven approach towards designing and analysing
play

A Model-driven Approach Towards Designing and Analysing Secure - PowerPoint PPT Presentation

Mar 02, 2024 •205 likes •774 views

A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun Shei Secure and Dependable Software Systems (SenSe) Haralambos Mouratidis Stylianos Kapetanakis Aidan Delaney Overview What is Cloud Computing?

  1. A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun Shei Secure and Dependable Software Systems (SenSe) Haralambos Mouratidis Stylianos Kapetanakis Aidan Delaney

  2. Overview What is Cloud Computing? Current Challenges Cloud Modelling Language • Definitions • Relationships • Models Process • Activities Analysis Conclusion

  3. 1 What is Cloud Computing? “Delivery of hosted services over the Internet.”

  4. 2 Cloud Computing Properties • Why do we need to define and model cloud computing properties? • How are the properties determined from the literature? • What is our approach to capture these concepts? Traditional (On-premise) Cloud-based Physical access on host Remote access through Access machine network connection Acquisition Architecture management Service selection Initial capital, maintenance Pay-as-you-go based on Costs and support usage Provisioning Purchase, install and set-up Self-service, spin-up time in infrastructure, typically days minutes Dependent on service Security Company policy provider Elasticity according to Scalability Process for adding nodes demand User model Single-tenancy Multi-tenancy

  5. 3 Definitions National Institute of Technology and Standards (NIST) Definition 1 : "Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.” The cloud model is composed of five essential characteristics, three service models, and four deployment models. [1] Mell, Peter, and Tim Grance. "The NIST definition of cloud computing." (2011).

  6. 4 Definitions NIST Definition Model - http://www.cloudcontrols.org/wp-content/uploads/2011/06/NIST_Visual_Model_of_Cloud_Computing_Definition.jpg

  7. 5 Current Challenges • Lack of systematic approaches to tackle cloud-specific security issues at a requirements engineering level • Existing work fails to provide specialised concepts to capture security properties in cloud computing • No automated security analysis support to produce cloud security requirements Table 1: Limitations in related SRE work [1]. [1] Shei, S., Alcaniz, L. M., Mouratidis, H., Delaney, A., Rosado, D. G., & Fernández-Medina, E. (2015). Modelling secure cloud systems based on system requirements. Proceedings of the ESPRE, Ottawa, NT, Canada , 19-24.

  8. 6 Current Challenges • Data security • Loss of control • Geographical distribution • Multi-tenancy • Redundancy • Privacy issues • Jurisdiction • USA Patriot Act (law enforcement agencies can access your data without your consent or knowledge). Amazon Web Services - Infrastructure: North America and Europe AWS - http://aws.amazon.com/about-aws/global-infrastructure/

  9. 7 How do we describe concepts for modelling cloud security requirements with sufficient expressive power to capture RQ1 domain-specific cloud computing software systems from a security requirements engineering perspective? Why are we asking this question? We formulate this question because we need to know what concepts are required to describe cloud security issues in software systems. How do we answer this? -A cloud security framework is produced, consisting of three components (RC1) -Modelling language to capture cloud security concepts (RC2) -Systematic process to construct cloud models (RC3) -Architecture for automating analysis (RC4) How does this help advance the field? The framework builds upon established security requirements engineering work and extends the field with cloud computing specific concepts.

  10. 8 How do we systematically apply security and cloud computing concepts in order to model cloud computing RQ2 systems, perform security analysis and obtain cloud security requirements? Why are we asking this question? To ensure well-formed models of secure cloud systems are produced, allowing us to perform security analysis. How do we answer this? We formalise our concepts to provide the syntax and semantics for analysing cloud security through a formal approach (RC5). How does this help advance the field? There is a lack of work formalising cloud computing concepts from a security requirements engineering perspective. What still needs to be done? The formalisation process is iterative, where each cycle is carried out in conjunction with the validation through running examples.

  11. 9 How can we semi-automatically generate system configurations enforcing the security properties of cloud RQ3 deployments based on cloud security requirements? Why are we asking this question? To address the lack of support to automate security analysis using cloud models, to produce cloud security requirements. How do we answer this? We apply our formal concepts to perform security analysis on real-life case studies in order to validate our cloud security requirements (RC6). How does this help advance the field? This provides the groundwork for non-security experts to apply our framework and extend the formal concepts through tool support. What still needs to be done? Identifying case studies and applying our formal concepts in order to validate our claims.

  12. 10 Our Approach How is this addressed? -Cloud Modelling language to capture cloud security concepts -Cloud Meta-Model aligning concepts from requirements engineering, security and cloud computing domains -A cloud security framework to provide systematic guidance How does this help advance the field? The components of our framework builds upon established security requirements engineering work and extends the field with cloud computing specific concepts.

  13. 11 Structure of Thesis • Split into three parts; state of the art, secure cloud environment framework, validation and evaluation

  14. 12 What are the research deliverables? • Secure Cloud Framework • Security analysis (First-order logic) • Validation through case studies

  15. 13 Health-care Example Protection of Personal Data • Health Insurance Portability and Accountability Act (HIPAA) • European Parliament and Council Directive 95/46/EC Migrating to Cloud Computing Systems • Loss of control over sensitive assets • Reliance on third-parties to implement security measures

  16. 14 Organisational View

  17. 15 Cloud Modelling Language • Extension of the Secure Tropos methodology

  18. Definitions 16 • Meta-model extended with cloud computing concepts

  19. 17 Definitions Cloud Service • A cloud service provides a specific computing capability, relies on a combination of virtual and physical assets and is enabled through cloud computing characteristics as defined by NIST.  Capability: String  Deployment Model: «Enumeration» DeploymentModel  Service Model: «Enumeration» ServiceModel

  20. 18 Definitions Cloud Service Provider • A Cloud Service Provider (CSP) provides the resources required to deliver cloud services.  Name: String

  21. 19 Definitions Cloud User • A Cloud user represents actors who require cloud services to satisfy their strategic needs.  Name: String  End-User: Bool

  22. 20 Definitions Virtual Resource • A virtual resource represents intangible assets in a cloud computing system.  Resource Description: String  Type: «Enumeration» ResourceType  Visibility: «Enumeration» Visibility

  23. 21 Definitions Physical Infrastructure • A physical infrastructure represents a tangible system which, given a geographical location, hosts group of physical assets within its local proximity.  Resource Description: String  Node Set: [NodeID]  Location: «Enumeration» JurisdictionType

  24. 22 Definitions Infrastructure Node • An infrastructure node represents a single instance of a computing component such as a server, data storage or network connection.  Resource Description: String  NodeID: Integer  Type: «Enumeration» NodeType  Location: «Enumeration» JurisdictionType  Tenancy: «Enumeration» Tenancy

  25. 23 Definitions Security Constraint • A security restriction placed on a cloud service by an actor, representing the stakeholders security needs.  Description: String  Dependee: Cloud Service Provider  Dependent: Actor  Security Property: «Enumeration» HighlevelCloudSR  Satisfaction: Bool

  26. 24 Definitions Security Objective • The security objective describes criteria contributing towards the satisfaction of security needs.  Description: String  Security Property: «Enumeration» HighlevelCloudSR

  27. 25 Definitions Threat • Threats represent circumstances that have the potential to cause loss; or problems that can put the security features of the system in danger,  Description: String  Impact: Int

  28. 26 Definitions Security Mechanism • A security mechanism represents security methods for satisfying security objectives.  Description: String  Security Property: «Enumeration» HighlevelCloudSR

  29. 27 Definitions Vulnerability • A weakness of an asset or group of assets that can be exploited by one or more threats.  Description: String  Attack Method: String  Impact: Int

  30. Relationships 28 • Meta-model showing relationships between the security and cloud computing concepts

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Using Groove for analysing RPGame models Model Driven Engineering Brent van Bladel University of

Using Groove for analysing RPGame models Model Driven Engineering Brent van Bladel University of

Using Groove for analysing RPGame models Using Groove for analysing RPGame models Model Driven Engineering Brent van Bladel University of Antwerp 22 January 2015 Using Groove for analysing RPGame models Overview Type graph Transformation

359 views • 25 slides
Value-driven Approach Designing Extended Data Warehouses Nabila BERKANI & Selma KHOURI

Value-driven Approach Designing Extended Data Warehouses Nabila BERKANI & Selma KHOURI

Laboratoire dInformatique et dAutomatique pour les Systmes Value-driven Approach Designing Extended Data Warehouses Nabila BERKANI & Selma KHOURI Carlos ORDONEZ Ladjel BELLATRECHE ESI University of Houston LIAS/ISAE-ENSMA

494 views • 13 slides
Analysing geoadditive regression data: a mixed model approach Thomas Kneib Institut f ur

Analysing geoadditive regression data: a mixed model approach Thomas Kneib Institut f ur

Analysing geoadditive regression data: a mixed model approach Thomas Kneib Institut f ur Statistik, Ludwig-Maximilians-Universit at M unchen Joint work with Ludwig Fahrmeir & Stefan Lang 25.11.2005 Thomas Kneib Spatio-temporal

410 views • 28 slides
A Model-Driven Approach for Incorpora4ng Reac4ve Rules in

A Model-Driven Approach for Incorpora4ng Reac4ve Rules in

A Model-Driven Approach for Incorpora4ng Reac4ve Rules in Declara4ve Interac4ve TV Applica4ons Patrcia Dockhorn Costa, Joo Paulo A. Almeida, Igor Magri

454 views • 29 slides
Generalized Approach for Analysing Quantum Key Distribution Experiments Arpita Maitra and Suvra

Generalized Approach for Analysing Quantum Key Distribution Experiments Arpita Maitra and Suvra

Generalized Approach for Analysing Quantum Key Distribution Experiments Arpita Maitra and Suvra Sekhar Das C R Rao AIMSCS & Indian Institute of Technology Kharagpur December 18, 2019 Generalized Approach for Analysing Quantum Key

497 views • 28 slides
On an EAV Based Approach to Designing of Medical Data Model for Mobile HealthCare Service This

On an EAV Based Approach to Designing of Medical Data Model for Mobile HealthCare Service This

Petrozavodsk State University Department of Computer Science Alexander Borodin, Yulia Zavyalova On an EAV Based Approach to Designing of Medical Data Model for Mobile HealthCare Service This research is financially supported by the Ministry of

307 views • 19 slides
A Special Culture: A Mission-Driven Approach A Mission-Driven Approach CHRISTUS St. Michael

A Special Culture: A Mission-Driven Approach A Mission-Driven Approach CHRISTUS St. Michael

A Special Culture: A Mission-Driven Approach A Mission-Driven Approach CHRISTUS St. Michael Health System Chris Karam, President/CEO Jennifer Wright, Organizational Effectiveness Manager Tracy Lawrence Collin Raye Ross Perot Bill Clinton 42

360 views • 6 slides
WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was

WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was

WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was promoted by Workforce Investment Act of 1998 This approach is unique to Michigan and has been supported by the MEDC since 2006 Address

652 views • 14 slides
Towards a Behavioral Modeling of Real-Time Kernel in a Model Driven Development Approach

Towards a Behavioral Modeling of Real-Time Kernel in a Model Driven Development Approach

RTNS 2010 4th Junior Researcher Workshop on Real-Time Computing (JRWRTC10) November 4th, 2010, Toulouse, FRANCE Towards a Behavioral Modeling of Real-Time Kernel in a Model Driven Development Approach Cdrick Lelionnais & Jrme

357 views • 10 slides
Visual Modelling Environment for CBDs Final project for Model Driven Engineering, 2014-2015

Visual Modelling Environment for CBDs Final project for Model Driven Engineering, 2014-2015

Visual Modelling Environment for CBDs Final project for Model Driven Engineering, 2014-2015 Michal Deckers 2/28 Introduction & contents Implementation (part 2 of project) Designing CBD formalism for AToMPM Export model to

499 views • 28 slides
Modelling semantics developing a cognitively plausible, data-driven approach Objective

Modelling semantics developing a cognitively plausible, data-driven approach Objective

Modelling semantics developing a cognitively plausible, data-driven approach Objective Develop a model of semantics that is wide-coverage, cognitively plausible and computationally useful Data-driven approach: technically feasible,

482 views • 11 slides
Analysing Meta-Model Product Lines Esther Guerra, Juan de Lara Universidad Aut onoma de Madrid

Analysing Meta-Model Product Lines Esther Guerra, Juan de Lara Universidad Aut onoma de Madrid

Analysing Meta-Model Product Lines Esther Guerra, Juan de Lara Universidad Aut onoma de Madrid (Spain) Marsha Chechik, Rick Salay University of Toronto (Canada) Esther Guerra Analysing Meta-Model Product Lines SLE 2018 1 / 27 Motivation

492 views • 34 slides
A CSP Approach for Meta Model Instantiation Adel Ferdjoukh , Anne-Elisabeth Baert, Annie Chateau,

A CSP Approach for Meta Model Instantiation Adel Ferdjoukh , Anne-Elisabeth Baert, Annie Chateau,

A CSP Approach for Meta Model Instantiation Adel Ferdjoukh , Anne-Elisabeth Baert, Annie Chateau, R emi Coletta and Cl ementine Nebut Montpellier, France null A CSP Approach for Meta Model Instantiation Summary 1 Model Driven Engineering

1.18k views • 73 slides
Application of a Bayesian Approach for Analysing Disease Mapping Data: Modelling Spatially

Application of a Bayesian Approach for Analysing Disease Mapping Data: Modelling Spatially

Application of a Bayesian Approach for Analysing Disease Mapping Data: Modelling Spatially Correlated Small Area Counts Mohammadreza Mohebbi Rory Wolfe Department of Epidemiology and Preventive Medicine, Faculty of Medicine, Nursing and

361 views • 23 slides
An Extended Random-effects Approach to Analysing Repeated, Overdispersed Count Data Clarice G.

An Extended Random-effects Approach to Analysing Repeated, Overdispersed Count Data Clarice G.

An Extended Random-effects Approach to Analysing Repeated, Overdispersed Count Data Clarice G. B. Dem etrio ESALQ/USP, Piracicaba, SP, Brasil Clarice.demetrio@usp.br joint work with Geert Molenberghs, Hasselt University, Belgium

560 views • 31 slides
Diplomata Belgica Analysing medieval charter texts ( dictamen ) through a quantitative approach

Diplomata Belgica Analysing medieval charter texts ( dictamen ) through a quantitative approach

Diplomata Belgica Analysing medieval charter texts ( dictamen ) through a quantitative approach The case of Flanders and Hainaut (1191-1244)

331 views • 31 slides
National Weather Service (NWS) and the NOAA-Education Collaborative Science Center (CSC) Project:

National Weather Service (NWS) and the NOAA-Education Collaborative Science Center (CSC) Project:

National Weather Service (NWS) and the NOAA-Education Collaborative Science Center (CSC) Project: Shaping a Diverse and Scientifically Capable Workforce Through Collaborative Research Daniel Melndez 1 and NWS-CSC Action Plan Team 1 National

419 views • 16 slides
in Business Associate Agreements Allocating and Transferring Risk in Healthcare Contracting

in Business Associate Agreements Allocating and Transferring Risk in Healthcare Contracting

Presenting a 90-Minute Encore Presentation of the Webinar with Live, Interactive Q&A Structuring Indemnification Provisions in Business Associate Agreements Allocating and Transferring Risk in Healthcare Contracting TUESDAY, MAY 19, 2015

829 views • 67 slides
Department of Business and Finance Budget Development Principles We exhibited a Success Mentality

Department of Business and Finance Budget Development Principles We exhibited a Success Mentality

Loudoun County Public Schools FY16 Superintendents Proposed Operating Budget Department of Business and Finance Budget Development Principles We exhibited a Success Mentality The FY16 Proposed Business and Finance Budget sustains and

498 views • 22 slides
EVALUATION OF THE PRACTICE TEACHING EXPERIENCE In compliance with Standard 2: Clinical Experiences

EVALUATION OF THE PRACTICE TEACHING EXPERIENCE In compliance with Standard 2: Clinical Experiences

Pilot Instrument University of Puerto Rico Rio Piedras Campus College of Education Practice Teaching Office Addendum Report Evidence 2.3 The instrument and presentation of data of the administration of the pilot EVALUATION OF THE PRACTICE

295 views • 5 slides
Upper Merion Area School District And the Whole Child Curriculum and Instruction/Student

Upper Merion Area School District And the Whole Child Curriculum and Instruction/Student

Upper Merion Area School District And the Whole Child Curriculum and Instruction/Student Services/Technology Committee Meeting November 13, 2017 Agenda 1. Congratulations to Letters-to-Go! 2. HS Updates: AP Psychology, Dual Enrollment 3. The

334 views • 16 slides
Online. Responsive. Normed. Your Cloud-Based ELL Assessment and Program Planning Solution How it

Online. Responsive. Normed. Your Cloud-Based ELL Assessment and Program Planning Solution How it

Online. Responsive. Normed. Your Cloud-Based ELL Assessment and Program Planning Solution How it Works There are four easily accessible, student friendly English components Why Test for ELL To screen student candidates for your program

703 views • 26 slides
Early Learning Network Year 1 Results: Preschool Educational Practices and Child Outcomes The

Early Learning Network Year 1 Results: Preschool Educational Practices and Child Outcomes The

Early Learning Network Year 1 Results: Preschool Educational Practices and Child Outcomes The Early Learning Network is funded by the Institute of Education Sciences. Society for Research on Educational Effectiveness February 28, 2018

1.17k views • 90 slides
Abstract #368532 Frances Garca 2 Authors MPH Biostatistics MPH Epidemiology Jorge

Abstract #368532 Frances Garca 2 Authors MPH Biostatistics MPH Epidemiology Jorge

Prevalence of respiratory, dermatologic and reproductive conditions in a community exposed to coal ash and other industrial contaminants in Guayama, and a reference community in Fajardo: A cross-sectional study in Puerto Rico Presented by:

588 views • 36 slides

More recommend