20120709 cyber patterns2012
TRANSCRIPT
![Page 1: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/1.jpg)
Extending AOP Principles for the Description of Network Security Patterns
David Llewellyn-Jones, Qi Shi, Madjid MerabtiCyberpatterns 2012, Abingdon, Oxfordshire, UK, 10th July 2012
PROTECTResearch Centre for Critical Infrastructure Computer Technology and ProtectionSchool of Computing and Mathematical SciencesLiverpool John Moores University, Byrom Street, Liverpool L3 3AF, UKEmail: [email protected]: http://www.ljmu.ac.uk/cmp/
![Page 2: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/2.jpg)
Overview
• Aspect Oriented Programming• Security concerns• Specifying network security point-cuts
– Requirements– Examples– Language
• Application Example• Conclusion
![Page 3: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/3.jpg)
• Ensuring Trustworthiness and Security in Service Composition
• http://www.aniketos.eu/
• The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant no 257930 (Aniketos)
![Page 4: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/4.jpg)
• Monitoring; trust and security analysis; recomposition and adaptation
![Page 5: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/5.jpg)
Aspect Oriented Programming
• Programming or development paradigm• Object Oriented Programming
– Encapsulates related data and functionality all in one place
– Hierarchical classes• Inheritance• Generalisation• Class attribute
– Hard to capture cross-cutting concerns
![Page 6: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/6.jpg)
Cross-Cutting Concerns
![Page 7: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/7.jpg)
Aspect Oriented Programming
• Orthogonal to Object Oriented Programming
• Cross-Cutting Concerns– Similar functionality– Multiple places throughout
• Example– Data logging
![Page 8: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/8.jpg)
Security Concerns
• Security– Classic cross-cutting concern– Apply in many places throughout code– Requires consistent approach
• Examples– Authorisation– Access control– Data tagging
![Page 9: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/9.jpg)
AOP Glossary
• Aspect– The feature to be added
• Join-Point– Potential
• Point-Cut– Actual
• Advice– Code to be injected
• Aspect weaving– The process of adding advice to code
![Page 10: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/10.jpg)
Join-Points
• Join-points– Method calls– Initialisation– Get/set
• Application– Before– After– Around
• Dictates power of AOP technique
![Page 11: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/11.jpg)
Join-Point Example
<pointcut_definition id="c1"><time>after</time><joinpoint_type>
<constructorcall><constructor_signature>
<qualified_class_name><namespace><type_name>*</type_name></namespace><class><identifier_name>FormCipher</identifier_name></class>
</qualified_class_name></constructor_signature>
</constructorcall></joinpoint_type>
</pointcut_definition>
<advice_definition idAdvice="DandelionAspectAddClient" idTypeOfInjection="StaticInjection">
<assembly>Gryffindor.Aspect.Dandelion.dll</assembly><type>Gryffindor.Aspect.Dandelion.DandelionAspect</type><behaviour>AddEncrypter</behaviour><priority>1</priority><pointcut_definitionRef idRef="c1"/>
</advice_definition>
![Page 12: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/12.jpg)
Reflection
• Aspects can be inserted at compile time– Static aspect weaving
• Introspection– Allow analysis of code at runtime
• Intercession– Allow code to be altered at runtime– Insert new code, redefine language
• Allows aspects inserted at runtime– Dynamic aspect weaving
![Page 13: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/13.jpg)
Network Security
• Ideal, in theory– Apply aspects to services at runtime– Improve security based on dynamic
composition and policy• Problematic, in practice
– Point-cuts apply to single codebase– Applied universally– Distributed systems need different but
related techniques in different places
![Page 14: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/14.jpg)
Encryption Aspects
• Often need to apply to multiple systems– Different related aspects– Not naturally covered by existing join-point
definition languages• Need language to define this
Encrypt Decrypt
Communication
Communication
![Page 15: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/15.jpg)
Join-Point Language Requirements
1. Capture sequences of more than two systems
2. Match multiple sets of networked systems
3. Be determinate
4. Based on code and relationship between systems
5. Aspect code related to join-point and existing code
![Page 16: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/16.jpg)
Secure Data Forwarding
H H
L L
H HL
![Page 17: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/17.jpg)
End-to-End Security
A AB BB B
A AB BB B
![Page 18: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/18.jpg)
Separation of Duty
A
B
B
A
B
B
![Page 19: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/19.jpg)
Patterns
• We aim to define a language for defining patterns
• Combine with existing in-code join-point definitions
• Allow complex relationships between networked systems to be defined
• Both global and distributed application
![Page 20: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/20.jpg)
Multiple Join-Point Definition
• Notation
services
property descriptions
aspects
states
sets of properties
sets of property, action pairs
![Page 21: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/21.jpg)
Patterns
• Single template
• Pattern of templates
(𝑎 , 𝑥𝐼 , 𝑥𝑂 , 𝑥𝐼 , 𝑥𝑂 )∈𝐴×2𝑃×𝐴×2𝑃× 𝐴×2𝑃×2𝑃=𝑇
𝑓 :𝑃×𝑆⟶2𝑇 ×𝑆
![Page 22: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/22.jpg)
Secure Data Forwarding
H HL
![Page 23: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/23.jpg)
End-to-End Security
A AB BB B
where and
![Page 24: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/24.jpg)
Separation of Duty
A
B
B
where
![Page 25: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/25.jpg)
• Client-Server chat application– Cleartext communication
• Encryption/Decryption service• Aspects re-route data flow
– Different aspects for client and server
Miguel García, David Llewellyn-Jones, Francisco Ortin, Madjid Merabti, "Applying dynamic separation of aspects to distributed systems security: a case study", IET Software, Volume 6, Issue 3, pp. 165-282, June 2012.
AOP Applied to Security
Com
mun
icat
ion
![Page 26: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/26.jpg)
AOP Applied to Security
Com
mun
icat
ion
Communication
Communication
![Page 27: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/27.jpg)
Discussion
• Why choose this method?– Flexibility– Aim for all computable sets of networks– Distributed or centralised
• Practical application– Definition and aspects still to be combined
• Challenges– Difficult to define– Aspects are specialised, not generalised
![Page 28: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/28.jpg)
Future Work
• Practical– Restatement in XML format– Integrate with join-point definition language– Reason and apply to real code
• Theoretical– Measure expressivity of the language– Formalise currently unspecified aspects– Define security patterns
![Page 29: 20120709 cyber patterns2012](https://reader038.vdocument.in/reader038/viewer/2022110308/55836cc9d8b42a360c8b5125/html5/thumbnails/29.jpg)
Conclusion
• Security is a cross-cutting concern• Existing AOP point-cuts are not designed for
networked systems• A way of relating aspects to distributed
systems is needed for security• Propose initial method for defining point-cut
patterns