analyzing security architectures
play

Analyzing Security Architectures Marwan Abi-Antoun Jeffrey M. - PowerPoint PPT Presentation

Sep 28, 2022 •47 likes •467 views

Analyzing Security Architectures Marwan Abi-Antoun Jeffrey M. Barnes Dept. of Computer Science Inst. for Software Research Wayne State University Carnegie Mellon University mabiantoun@wayne.edu jmbarnes@cs.cmu.edu Acknowledgements: David

  1. Analyzing Security Architectures Marwan Abi-Antoun Jeffrey M. Barnes Dept. of Computer Science Inst. for Software Research Wayne State University Carnegie Mellon University mabiantoun@wayne.edu jmbarnes@cs.cmu.edu Acknowledgements: David Garlan, Kirti Garg and Bradley Schmerl at Carnegie Mellon University. Raed Almomani at Wayne State University. 1

  2. Problem background • Engineers use tools like data flow diagrams (DFDs) to analyze security properties of software systems • Often these are constructed from developers’ recollection of how a system works, with little automated support • This architectural representation may fail to capture all communication present in the system ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 2

  3. Architecture conformance • In essence, this is a problem of architecture conformance • Want to reason at an architectural level but relate it to code at the same time Consumer Provider Engine Constraint: Untrusted components Architecture cannot access protected data Constraint: Untrusted components Code cannot access protected data class Consumer { class Provider { class Engine { ... ... ... } } } ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 3

  4. Security architectures as runtime architectures • A security architecture is an example of a runtime architecture • Shows runtime components such as objects and data stores • Shows runtime connectors such as communication links and points-to relations • May have many instances of a single component type • Contrast with static code views such as class diagrams ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 4

  5. The challenge of analyzing security architectures • Tools for analyzing conformance of runtime architectures are immature compared to those for code architectures • A security analysis must consider the worst case , not the typical case, of possible component communication • Demands static analysis • Dynamic analysis can tell us about only a limited number of runs ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 5

  6. Our contribution • An architecture-centric approach, S ECORIA , that enables reasoning at the level of a security runtime architecture , and relating it to code at the same time • Can enforce both code-level and global architectural constraints ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 6

  7. Evaluation • Validated S ECORIA on CryptoDB , a secure database system designed by a security expert • Database architecture that provides cryptographic protections against unauthorized access • Includes 3,000-line sample implementation in Java ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 7

  8. Approach ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 8

  9. Overview of S ECORIA • Specialization of S CHOLIA [Abi-Antoun & Aldrich, OOPSLA’09] , which analyzes conformance between object-oriented code and a hierarchical, target runtime architecture • S ECORIA is an iterative process with two main stages: conformance and enforcement ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 9

  10. Overview of S ECORIA Compare Built Conformance Designed Enriched Enrich Architecture View Architecture Architecture with types, ? properties, & Abstract constraints Object Graph Trace Violations Trace Discrepancies Conformance stage Enforcement stage Extract Ownership Annotations @Domains({"OWNED", … }) class LocalKeyStore { … } Code-Level Annotate Constraints expressed with Code domain links class LocalKeyStore { … } Annotate ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 10

  11. Conformance stage: annotate; extract object graph Compare Built Conformance Designed Enriched Enrich Architecture View Architecture Architecture with types, ? properties, & Abstract constraints Object Graph Trace Violations Trace Discrepancies Extract Ownership Annotations @Domains({"OWNED", … }) class LocalKeyStore { … } Code-Level Annotate Constraints expressed with Code domain links class LocalKeyStore { … } Annotate ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 11

  12. At runtime, an object-oriented system appears as a Runtime Object Graph (ROG) Object relation Object • A node represents a runtime object • An edge represents a points-to relation ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 12

  13. Abstract objects into “components” Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 13

  14. Abstract relations between components Connector Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 14

  15. Organize components into groups/tiers Connector Component Group/Tier Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 15

  16. Make some components part of others Connector Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 16

  17. Make some components part of others Connector Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 17

  18. Make some components part of others Connector Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 18

  19. Make some components part of others Connector Hierarchy Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 19

  20. Annotate code and extract object graph • Problem: Architectural hierarchy not readily observable in arbitrary code • To solve this, we use annotations to capture architectural intent • Developer picks top-level entry point • Use annotations to impose an ownership hierarchy on objects • Annotations are minimally invasive, modular, and statically typecheckable ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 20

  21. Ownership domains are groups of objects [Aldrich and Chambers, ECOOP’04] [Krishnaswami and Aldrich, PLDI’05] LocalKey OWNED KEYS keys: key: List<LocalKey> LocalKey object: @Domains({“ OWNED ”, “ KEYS ”}) Object Type class LocalKeyStore { Type Type @Domain(“ OWNED ”) List<LocalKey> keys; @Domain(“ KEYS ”) LocalKey key; Declarations ... are simplified } • Ownership domain = conceptual group of objects • Each object in exactly one domain ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 21

  22. Annotations define two kinds of object hierarchy • A public domain provides logical containment : an object is conceptually “part of” another • Having access to an object also gives access to objects inside its public domains • A private domain provides strict encapsulation • E.g., a public method cannot return an alias to an object in a private domain, even though Java allows returning an alias to a private field ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 22

  23. Examples of object hierarchy keys(+): ArrayList<LocalKey> localKey: kekSpec(+): OWNED LocalKey SecretKeySpec keyStore: LocalKeyStore KEYS • LocalKeyStore has a public domain to hold LocalKey objects • LocalKeyStore stores the ArrayList of LocalKey objects in a private domain ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 23

  24. Conformance stage: Abstract object graph Compare Built Conformance Designed Enriched Enrich Architecture View Architecture Architecture with types, ? properties, & Abstract constraints Object Graph Trace Violations Trace Discrepancies Extract Ownership Annotations @Domains({"OWNED", … }) class LocalKeyStore { … } Code-Level Annotate Constraints expressed with Code domain links class LocalKeyStore { … } Annotate ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 24

  25. Object graph vs. target architecture • Often, object graph not isomorphic to architect’s intended architecture • So abstract and represent in component-and-connector view CryptoDB object graph CryptoDB target architecture keys(+): ArrayList<LocalKey> localKey: kekSpec(+): OWNED LocalKey SecretKeySpec keyStore: LocalKeyStore KEYS ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 25

  26. Represent abstracted object graph as component-and-connector (C&C) view object graph ↔ C&C view CryptoDB top-level object ↔ system KEYMANAGEMENT ↔ component object keyTool ↔ group domain ↔ provide port interface field reference ↔ use port KEYSTORAGE ↔ connector keyStore object relation ↔ representation substructure keyAlias ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Analyzing Architectures Introduction to Software Architecture Jay Urbain, PhD Credits: Software

Analyzing Architectures Introduction to Software Architecture Jay Urbain, PhD Credits: Software

Analyzing Architectures Introduction to Software Architecture Jay Urbain, PhD Credits: Software Architecture in Practice, 2 nd . Ed., Len Bass, Paul Clements, Rick Kazman 1 ATAM Architecture Tradeoff Analysis Method A thorough and

512 views • 32 slides
Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing the security of network protocols We will now focus on web applications and their vulnerabilities (and attacks) SQL injection Eike Ritter

815 views • 25 slides
Analyzing Resiliency of Smart Grid Communication Architectures under Cyber Attacks Anas Al

Analyzing Resiliency of Smart Grid Communication Architectures under Cyber Attacks Anas Al

Analyzing Resiliency of Smart Grid Communication Architectures under Cyber Attacks Anas Al Majali, Arun Viswanathan and Clifford Neuman USC/Information Sciences Institute 1 Information Sciences Institute Part I Quick Overview 2

761 views • 42 slides
This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert,

This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert,

This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Drmuth, and Adam J. Aviv May 18, 2020 | 41st IEEE Symposium on Security and Privacy Overview ?!

355 views • 18 slides
Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes Dimitrios-Georgios Akestoridis,

Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes Dimitrios-Georgios Akestoridis,

Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes Dimitrios-Georgios Akestoridis, Madhumitha Harishankar, Michael Weber, and Patrick Tague Carnegie Mellon University ACM WiSec 2020 Motivation Smart home network security affects

866 views • 64 slides
Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May

Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May

Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May 21st 2015 Lydia Kraus*, Tobias Fiebig*, Viktor Miruchna*, Sebastian Mller*, Asaf Shabtai+ * Technische Universitt Berlin + Ben-Gurion University

397 views • 18 slides
Analyzing Wireless Security in Columbia, Missouri Matthew Chittum Clayton Harper John Mixon

Analyzing Wireless Security in Columbia, Missouri Matthew Chittum Clayton Harper John Mixon

Analyzing Wireless Security in Columbia, Missouri Matthew Chittum Clayton Harper John Mixon Johnathan Walton Abstract The current state of wireless security in most areas can be estimated based on trends and collected data, but the complete

665 views • 17 slides
CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang xwy@cs.duke.edu Overview Why studying network security? The topic itself is worth another class Basic cryptography building blocks

768 views • 49 slides
Security Architectures of Mobile Systems Valtteri Niemi University of Helsinki AMICT2015

Security Architectures of Mobile Systems Valtteri Niemi University of Helsinki AMICT2015

Security Architectures of Mobile Systems Valtteri Niemi University of Helsinki AMICT2015 Petrozavodsk, 13 May 1 Contents Background and scope GSM design decisions a priori and a posteriori decisions security mechanisms

1.23k views • 99 slides
Analyzing embedded software technologies on RISC-V64 using Ghidra driving your security forward

Analyzing embedded software technologies on RISC-V64 using Ghidra driving your security forward

Presented by: Joris Jonkers Both &amp; Patrick Spaans Supervisor: Alexandru Geana Analyzing embedded software technologies on RISC-V64 using Ghidra driving your security forward 1 Introduction RISC-V64 - Like ARM but open source - One

524 views • 37 slides
Security Considerations for Microservice Architectures Daniel Richter, Tim Neumann, and Andreas

Security Considerations for Microservice Architectures Daniel Richter, Tim Neumann, and Andreas

Security Considerations for Microservice Architectures Daniel Richter, Tim Neumann, and Andreas Polze Operating Systems &amp; Middleware Group Hasso Plattner Institute at University of Potsdam, Germany Motivation EPA the legacy system

1.28k views • 30 slides
Security and OWASP Top 10 with Service Oriented Architectures Adnan Masood Sr. System Architect

Security and OWASP Top 10 with Service Oriented Architectures Adnan Masood Sr. System Architect

Practical Web Application Security and OWASP Top 10 with Service Oriented Architectures Adnan Masood Sr. System Architect Green Dot Corporation What this talk is about? 2 This session is an introduction to web application security

839 views • 60 slides
4. Web Security - Measuring and Analyzing Search Engine Poisoning of Linguistic Collisions,

4. Web Security - Measuring and Analyzing Search Engine Poisoning of Linguistic Collisions,

All papers can be found by Google Scholar. For those papers accepted by S&amp;P 2019, you can download them from this website: https://www.ieee- security.org/TC/SP2019/program-papers.html The below papers are published in the top security

290 views • 5 slides
Dissecting QNX Analyzing &amp; Breaking Exploit Mitigations and PRNGs on QNX 6 and 7 Jos Wetzels,

Dissecting QNX Analyzing &amp; Breaking Exploit Mitigations and PRNGs on QNX 6 and 7 Jos Wetzels,

Dissecting QNX Analyzing &amp; Breaking Exploit Mitigations and PRNGs on QNX 6 and 7 Jos Wetzels, Ali Abbasi Who are we? Jos Wetzels Ali Abbasi Independent Security Researcher @ Midnight Blue Ph.D. Candidate @ TU/e (Previously) Security

714 views • 69 slides
A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of

A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of

1 A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of Engineering: Computer Science Promotor: Prof. Frank Piessens Advisors: Jan Tobias Mhlberg Jo Van Bulck 2 Introduction Growing trend towards

513 views • 27 slides
Challenges of Security Risks in Service-Oriented Architectures Youakim Badr 1 , Frederique

Challenges of Security Risks in Service-Oriented Architectures Youakim Badr 1 , Frederique

UMR 5205 Challenges of Security Risks in Service-Oriented Architectures Youakim Badr 1 , Frederique Biennier 1 , Pascal Bou Nassar 3 , Soumya Banerjee 2 1 LIRIS Lab, INSA-Lyon, France 2 Agence Universitaire de la Francophonie (AUF)

433 views • 21 slides
CS 451 Software Engineering Yuanfang Cai Room 104, University Crossings 215.895.0298

CS 451 Software Engineering Yuanfang Cai Room 104, University Crossings 215.895.0298

CS 451 Software Engineering Yuanfang Cai Room 104, University Crossings 215.895.0298 yfcai@cs.drexel.edu 1 Drexel University Elaboration 2 Drexel University Elaboration: Building the Analysis Model An analysis model provides a

472 views • 44 slides
Trend Micro Security Development Lifecycle (ChiChang Kung) 2019-03 Agenda

Trend Micro Security Development Lifecycle (ChiChang Kung) 2019-03 Agenda

Trend Micro Security Development Lifecycle (ChiChang Kung) 2019-03 Agenda Introduction Security Development Lifecycle Threat Modeling and Security Design Static Source Code Analysis Software Build Security 3 rd

615 views • 15 slides
33:010:458 33:010:458 Accounting Information Accounting Information Systems Systems Dr. Peter

33:010:458 33:010:458 Accounting Information Accounting Information Systems Systems Dr. Peter

33:010:458 33:010:458 Accounting Information Accounting Information Systems Systems Dr. Peter R. Gillett Associate Professor Department of Accounting, Business Ethics and Information Systems Rutgers Business SchoolNewark and New

436 views • 43 slides
MTA Beam for ITA J.A. Johnstone ITA Meeting 25 Jan 2018 Overview Extraction from Linac

MTA Beam for ITA J.A. Johnstone ITA Meeting 25 Jan 2018 Overview Extraction from Linac

MTA Beam for ITA J.A. Johnstone ITA Meeting 25 Jan 2018 Overview Extraction from Linac Entire 400-MeV Linac pulse must be cleanly extracted Pulse length/intensity can be controlled with 750-keV Linac chopper from 8 77 sec

476 views • 22 slides
Software Requirements Analysis and Specification Requirements 1 Background Problem of scale

Software Requirements Analysis and Specification Requirements 1 Background Problem of scale

Software Requirements Analysis and Specification Requirements 1 Background Problem of scale is a key issue for SE For small scale, understand and specifying requirements is easy For large problem - very hard; probably the hardest,

1k views • 86 slides
December 2019 PLC: CSSP's Strengthening Families Protective Factors Framework December 11, 2019

December 2019 PLC: CSSP's Strengthening Families Protective Factors Framework December 11, 2019

December 2019 PLC: CSSP's Strengthening Families Protective Factors Framework December 11, 2019 Strengthening Families: Updates and opportunities for CBCAP leads Cailin OConnor, Center for the Study of Social Policy December 11, 2019 What

439 views • 32 slides
Resolution Matters: Issues in Computational Simulation of Detailed Kinetics Gas Phase Combustion

Resolution Matters: Issues in Computational Simulation of Detailed Kinetics Gas Phase Combustion

Resolution Matters: Issues in Computational Simulation of Detailed Kinetics Gas Phase Combustion Joseph M. Powers (powers@nd.edu) Samuel Paolucci (paolucci@nd.edu) University of Notre Dame Notre Dame, Indiana 58 th Annual Meeting of the APS

926 views • 16 slides
Lezione 2 Lezione 2 Software requirements requirements Software 2 2 1 Requirements analysis

Lezione 2 Lezione 2 Software requirements requirements Software 2 2 1 Requirements analysis

Corso di Laurea Magistrale Corso di Laurea Magistrale in in Ingegneria Informatica Ingegneria Informatica per la Gestione d azienda azienda per la Gestione d Gestione della Qualit-II parte Il progetto software: metodologie e

677 views • 33 slides

More recommend