presence of evolution
play

Presence of Evolution: Models vs. Code Jan Jrjens TU Dortmund - PowerPoint PPT Presentation

May 29, 2023 •390 likes •683 views

Security Certification in the Presence of Evolution: Models vs. Code Jan Jrjens TU Dortmund & Fraunhofer ISST http://jan.jurjens.de What is Software Evolution ? Software today often long-living (cf. Year-2000-Bug). Continual change

  1. Security Certification in the Presence of Evolution: Models vs. Code Jan Jürjens TU Dortmund & Fraunhofer ISST http://jan.jurjens.de

  2. What is Software Evolution ? Software today often long-living (cf. Year-2000-Bug). Continual change during lifetime. • Changing requirements , changing environment • Bug fixing  Software evolution ! Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 2/29

  3. What is the Challenge about Software Evolution ? After each change: redo software tests ( regression test ). High costs: • E.g. Y2k-problem : Ca. 600 Bill. US$ world-wide.  Often insufficient regression tests : • Explosion of Ariane 5 (1996): Software from Ariane 4 reused in Ariane 5 without sufficient regression tests.  370 Mio US$ damage. Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 3/29

  4. How to solve this Problem? Goal : Integrate quality assurance with evolution : • Reuse QA results as far as possible to reduce costs.  Under which conditions requirements preserved ? • Only re-verify when conditions not fulfilled. • And only systems parts where necessary . • Check at model level before evolution carried out . Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 4/29

  5. Secure Software Evolution • Challenge and Scientific Basis • Secure Software Evolution • General Approach • Preservation Results • Validation Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 5/29

  6. Model-based Security Assurance Security Requirements Evolution Anno- Analyse tate Configuration Data Generate UML Model Static Test Configure Analysis generat. Runtime System Code Execute [Jürjens: Secure systems development with UML. Springer 2005. Chines. Übers. 2009] Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 6/29

  7. Design Techniques / Architecture Principles for Management of Evolution Refinement of specifications Abstract Spec.  Evolution between different refinements. Refinement Applying refactorings … Version 1 Version 2  Carry out evolution in controllable way. Applying design patterns  Reduce complexity of evolution. Architectural principle modularization  Limit impact of change to system parts. Question : when do these preserve security properties ? [Taubenberger, Jürjens, Yu, Nuseibeh. Resolving Vulnerability Identification Errors using Security Requirements on Business Process Models. Journal on Information Management and Computer Security, 2013.] Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 7/29

  8. Evolution vs. Design / Architecture When Properties Preserved ? Refinement: Developed refinement which preserves security. Conditions for preservation of security through … … Refactoring: using Eclipse refactoring scripts … Applying design patterns : „Gang of Four “ patterns … Modularization : Layering of architectural levels • • Component -oriented architectures • Service -oriented architectures Aspect -oriented development • [Felderer, Katt, Kalb, Jürjens et al.: Evolution of Security Engineering Experiments : Relevant in 57% of code base. Artifacts. Int. Journal of Secure Software Engin. (IJSSE), 2014 Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 8/29

  9. Evolution-based Verification • • Initial verification: Register which system parts relevant. Initial verification • Store partial results in model („ proof-carrying models “). • Compute difference: old vs. new model (e.g. with SiDiff [Kelter]). • Compute difference • Only re-verify system parts that • Only re-verify system parts that: 1) relevant in initial verification, 2) changed, such that 3) conditions on preservation of security not fulfilled . Significant speed-up vs. complete re-verification. [Wenzel, Warzecha, Jürjens, Ochoa. Specifying Model Changes with UMLchange to Support Security Verification of Potential Evolution. Journal of Computer Standards & Interfaces, 2014] Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 9/29

  10. Model-Code Traceability at Evolution Goal: Preserve model-code traceability of security properties during evolution . Idea : Reduce evolution to: • Adding / deleting system elements. • Supporting refactoring operations.  Approach for automated model-code traceability based on refactoring scripts in Eclipse. Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 10/29

  11. Security Analysis at Implementation Level Vulnerability in OpenSSL: (CVE-2008-5077, 7.1.2009, http://www.openssl.org/news/vulnerabilities.html ) “Several functions inside OpenSSL incorrectly checked the result after calling the EVP_VerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as an error.” Feb/Mar 2014 : “ goto fail ” -vulnerabilities in SSL @ iPhone, GnuTLS. Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 11/29 11

  12. Security Analysis by Symbolic Execution Compile protocol implementation to symbolic model for security analysis. Example message: C code : Model from symbolic execution : Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 12/29 12

  13. Code-level Security Verification Subject to Evolution Project Csec (with Microsoft Research Cambridge): p Static code analysis against security properties. g Evolution-based model analysis + model-code traceability  evolution-sensitive static code All paths from p security analysis . to q check g. q p [Dupressoir, Gordon, Jürjens, Naumann: Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols. Journal of Computer Security 2014] q g Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 13/29 13

  14. Run-time Verification subject to Evolution Source code not available  run-time monitoring. Relevant approach: Security Automata [F.B. Schneider 2000]. Problem: no evolution , only „ safety “ -properties . 1 Havelund,  New approach, based on runtime verification 1 : Grosu 2002 • Security property in LTL. Runtime verification in a nutshell Property automatic Generate monitors with • generation of evolution-based traceability . System Monitor Property Now also non-safety-properties fulfilled? (using 3-valued LTL-semantics). Actions t Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 14/29

  15. For Monitoring: 3-valued LTL-Semantics [Bauer, Jürjens, Yu: Runtime Security Traceability Goal for monitoring: for Evolving Systems. Computer Journal, 2011] Detect as early as possible that property will be violated. Use 3-valued semantics for this.  Finite automata for minimal prefix of violating state. Also non-safety- 1 0 inconclusive true properties : ... l Boolean combinations true of safety and i j k co-safety false inconclusive Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 15/29

  16. Example Property: Server Finished Server sends message Finished (event “ finished ”) only after Server sends message Finished (event “ finished ”) only after message Finished received from Client and MD5-hash equals message Finished received from Client and MD5-hash equals MD5 at Server side (event “ equal ”). MD5 at Server side (event “ equal ”). Then sends it out. Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 16/29

  17. Application: Java Secure Sockets Extension Several versions of Java security library “Java Secure Sockets Extension (JSSE)” and open -source re-implementation (Jessie). Found several weaknesses (similar “ goto fail” in SSL@iPhone). Works also for large evolutions (re-implementation). Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 17/29

  18. Secure Software Evolution • Challenge and Scientific Basis • Secure Software Evolution • General Approach • Preservation Results • Validation Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 18/29

  19. Security Analysis: Formalization of Model Formalize model execution. For transition t=(source,msg,cond[msg],action[msg],target) and message m , execution formalized as: Exec(t,m) = [ state current =source m=msg cond[m]=true action[m] state current.t(m) =target ]. (where state current current state; state current.t(m) state after executing t on message m ). Example: Transition t 0 : t 0 Exec(t 0 ,m)= [ state current =NoExtraService [money+x>=1000] m=wm(x) money current +x>=1000 money current.t0(m) =money current +x state current.t0(m) =ExtraService ]. [money+x<1000] Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 19/29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

THE EVOLUTION OF A HUB AND SPOKE TELEMEDICINE PROGRAM INTO A REMOTE PRESENCE HEALTH SYSTEM

THE EVOLUTION OF A HUB AND SPOKE TELEMEDICINE PROGRAM INTO A REMOTE PRESENCE HEALTH SYSTEM

THE EVOLUTION OF A HUB AND SPOKE TELEMEDICINE PROGRAM INTO A REMOTE PRESENCE HEALTH SYSTEM Douglas Romer, RN Executive Director, Patient Care Services Grande Ronde Hospital www.grh.org DISCLOSURES No financial relationship exists with any of

518 views • 28 slides
Legislative Office Building December 12, 2001 Database status &amp; evolution to web presence

Legislative Office Building December 12, 2001 Database status &amp; evolution to web presence

Legislative Office Building December 12, 2001 Database status &amp; evolution to web presence Final reports to districts K12 Preliminary Findings Physical Infrastructure Networking Equipment &amp; Wiring Connections

289 views • 17 slides
On Biased Reservoir Sampling in the Presence of Stream Evolution VLDB Conference, Seoul, South

On Biased Reservoir Sampling in the Presence of Stream Evolution VLDB Conference, Seoul, South

Charu C. Aggarwal T J Watson Research Center IBM Corporation Hawthorne, NY USA On Biased Reservoir Sampling in the Presence of Stream Evolution VLDB Conference, Seoul, South Korea, 2006 Synopsis Construction in Data Streams Synopsis

505 views • 39 slides
NMO in presence of NSI N. R. Khan Chowdhury 1 5th Nov 2019 | N. R. Khan Chowdhury | Group

NMO in presence of NSI N. R. Khan Chowdhury 1 5th Nov 2019 | N. R. Khan Chowdhury | Group

NMO in presence of NSI N. R. Khan Chowdhury 1 5th Nov 2019 | N. R. Khan Chowdhury | Group Meeting | IFIC, Valencia | Non-Standard Interactions (NSI) The Hamiltonian for time evolution of neutrino propagation in presence Non-Standard

489 views • 15 slides
EVOLUTION X3 - 1 - Evolution X3 Marketing Dpt. November 2006 - 2 - EVOLUTION X3 Evolution X3

EVOLUTION X3 - 1 - Evolution X3 Marketing Dpt. November 2006 - 2 - EVOLUTION X3 Evolution X3

Marketing Dpt. November 2006 EVOLUTION X3 - 1 - Evolution X3 Marketing Dpt. November 2006 - 2 - EVOLUTION X3 Evolution X3 Evolution X3 Technical Features: HP Pum p Highly reliable plunger pump with brass head and 3 ceramic pistons for

405 views • 13 slides
Presence What is it? In certain teachings, such as Buddhism, the practice of mindful presence

Presence What is it? In certain teachings, such as Buddhism, the practice of mindful presence

Presence What is it? In certain teachings, such as Buddhism, the practice of mindful presence is the central fact. In Islam remembrance is the qualifier of all activity. In Christianity we must look to the experience of its great mystics

340 views • 5 slides
1 MICROEVOLUTION: change in the properties of populations of organisms over the course of

1 MICROEVOLUTION: change in the properties of populations of organisms over the course of

Introduction to Molecular Evolution (BIOL 3046) Course website: www.biol3046.info What is evolution? Evolution: from Latin evolvere , to unfold broad sense, to change e.g., stellar evolution, cultural evolution,

518 views • 6 slides
soul Possibly non-existent constructs. See also: presence, identity, trust. dragons of eden

soul Possibly non-existent constructs. See also: presence, identity, trust. dragons of eden

soul Possibly non-existent constructs. See also: presence, identity, trust. dragons of eden Carl Sagan and Anne Druyan. Speculations on the Evolution of Human Intelligence. 5:30pm, April 10th, 1901: Duncan Macdougall. .75 ounces: 21 grams

676 views • 30 slides
INDUSTRY GLOBAL COMPANY WESCO MANUFACTURER &amp; VETERANS WITH LOCAL PRESENCE BROADCAST &amp;

INDUSTRY GLOBAL COMPANY WESCO MANUFACTURER &amp; VETERANS WITH LOCAL PRESENCE BROADCAST &amp;

INDUSTRY GLOBAL COMPANY WESCO MANUFACTURER &amp; VETERANS WITH LOCAL PRESENCE BROADCAST &amp; AV LOGISTICS PARTNER INNOVATIVE &amp; SUSTAINABLE BUSINESS SOLUTIONS Evolution of Liberty AV Solutions Liberty has evolved into a full-service

241 views • 12 slides
Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution

Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution

Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution Exoskeleton Endoskeleton Soft and squishy! Lascaux Consequences Pedestrian RTCs Brain Spinal cord injury Common Clinical Patterns Upper Limbs

706 views • 54 slides
Presence Presence Presence When we wake up in the morning we may automatically leave our

Presence Presence Presence When we wake up in the morning we may automatically leave our

The body in question: presence, paradox and the practice of nursing Jan Draper The body in question: presence , paradox and the practice of nursing Jan Draper The body in question: presence, paradox and the practice of

600 views • 19 slides
EVOLUTION Paper 2: 66 marks THEORIES OF EVOLUTION EVOLUTION : Change over Time Compiled by

EVOLUTION Paper 2: 66 marks THEORIES OF EVOLUTION EVOLUTION : Change over Time Compiled by

EVOLUTION Paper 2: 66 marks THEORIES OF EVOLUTION EVOLUTION : Change over Time Compiled by Mr G. D. MABOTE C.O.P. Member in the NORTHERN CAPE PROVINCE A former Lecturer at THE NATIONAL INSTITUTE FOR HIGHER EDUCATION DEFINE EACH OF THESE

467 views • 29 slides
Prestige and Presence since 1905 Prestige and Presence ESCURA is a firm composed by lawyers,

Prestige and Presence since 1905 Prestige and Presence ESCURA is a firm composed by lawyers,

Prestige and Presence since 1905 Prestige and Presence ESCURA is a firm composed by lawyers, economists and social graduates founded in 1905. A service focused on our client's satisfaction, together with high quality ethical standards and

461 views • 15 slides
The Evolution of Subsidies Disciplines in The Evolution of Subsidies Disciplines in GATT and the

The Evolution of Subsidies Disciplines in The Evolution of Subsidies Disciplines in GATT and the

IIBE&amp;L Evolution of Subsidies Disciplines Seminar Washington, DC 15 February 2006 Institute for International Business, Economics &amp; Law The University of Adelaide, Australia The Evolution of Subsidies Disciplines in The Evolution

562 views • 41 slides
Evolution Change over time but what is the process? Evolution: Change through time

Evolution Change over time but what is the process? Evolution: Change through time

Evolution Change over time but what is the process? Evolution: Change through time Unrolling Lamarckian No extinction Evolution by Natural Selection Charles Darwin Alfred Russel Wallace Evolution by Natural

1.11k views • 33 slides
Extinction What is evolution? What is evolution? The change in the genetic makeup of a

Extinction What is evolution? What is evolution? The change in the genetic makeup of a

Origins of Life and Extinction What is evolution? What is evolution? The change in the genetic makeup of a population over time Evolution accounts for the diversity of life on Earth Natural selection is the major driving mechanism

656 views • 37 slides
Modern JavaScript Baumgartner - @ddprrt - Nov 2020 Brendan Eich JS had to look like Java

Modern JavaScript Baumgartner - @ddprrt - Nov 2020 Brendan Eich JS had to look like Java

Modern JavaScript Baumgartner - @ddprrt - Nov 2020 Brendan Eich JS had to look like Java only less so, be Javas dumb kid brother or boy- hostage sidekick. Plus, I had to be done in ten days or something worse than JS would have

1.36k views • 93 slides
Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45

Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45

Basic Concepts of Abstract Interpretation Patrick Cousot cole normale suprieure 45 rue dUlm 75230 Paris cedex 05, France Patrick.Cousot@ens.fr www.di.ens.fr/~cousot IFIP WCC Topical day on Abstract Interpretation P.

1.95k views • 183 slides
Chapter 1: Introduction CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45 Soc Sci 2,

Chapter 1: Introduction CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45 Soc Sci 2,

Chapter 1: Introduction CMPS 105: Systems Programming Prof. Scott Brandt T Th 2-3:45 Soc Sci 2, Rm. 167 Class Outline Chapter 1: Introduction Chapter 2: Unix Standards and Implementations Chapter 3: File I/O Chapter 4: Files and

204 views • 17 slides
Transition mechanisms for unmanaged scope networks Christian Huitema huitema@microsoft.com July

Transition mechanisms for unmanaged scope networks Christian Huitema huitema@microsoft.com July

Transition mechanisms for unmanaged scope networks Christian Huitema huitema@microsoft.com July 17, 2002 How come IPv6 is not there yet? networks networks Applications Need upfront investment, stacks, etc. Similar to Y2K, 32 bit

197 views • 8 slides
Symbol Tables ASU Textbook Chapter 7.6, 6.5 and 6.3 Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Symbol Tables ASU Textbook Chapter 7.6, 6.5 and 6.3 Tsan-sheng Hsu tshsu@iis.sinica.edu.tw

Symbol Tables ASU Textbook Chapter 7.6, 6.5 and 6.3 Tsan-sheng Hsu tshsu@iis.sinica.edu.tw http://www.iis.sinica.edu.tw/~tshsu 1 Definitions Symbol table: A data structure used by a compiler to keep track of semantics of variables. Data

459 views • 26 slides
(3) Properties of Context-Free

(3) Properties of Context-Free

(3) Properties of Context-Free Languages (3) kazim@fouladi.ir

533 views • 26 slides
Declarative Disambiguation of Deep Priority Conflicts Eduardo Souza, Timothee Haudebourg, Michael

Declarative Disambiguation of Deep Priority Conflicts Eduardo Souza, Timothee Haudebourg, Michael

Declarative Disambiguation of Deep Priority Conflicts Eduardo Souza, Timothee Haudebourg, Michael Steindorfer, Eelco Visser WG2.11 Kyoto June 4, 2018 Python Expression Syntax star_expr: '*' expr expr: xor_expr ('|' xor_expr)* xor_expr:

982 views • 42 slides
Compiling Techniques Samson Abramsky samson@dcs 1 2 Why study compilers? Coursework To

Compiling Techniques Samson Abramsky samson@dcs 1 2 Why study compilers? Coursework To

See http://www.cs.princeton.edu/faculty/appel/modern for full details of those terms and Computer Science 3 conditions with respect to limitations on their use and dissemination. Compiling Techniques Samson Abramsky samson@dcs 1 2 Why study

376 views • 21 slides

More recommend