security patterns and secure systems design using uml · methodology • apply security principles...
TRANSCRIPT
![Page 1: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/1.jpg)
1
Security patterns and secure systems design using UML
Eduardo B. FernandezDept. of Computer Science and Eng.
Florida Atlantic Universitywww.cse.fau.edu/~ed
![Page 2: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/2.jpg)
2
• Professor of Computer Science at Florida Atlantic University, Boca Raton, FL., USA
• Worked at IBM for 8 years (L.A. Scientific Center).
• Wrote the first book on database security (Addison-Wesley, 1981).
• Author of many research papers• Consultant to IBM, Siemens, Lucent,…
![Page 3: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/3.jpg)
3
• Its objective is to provide an approach for designing secure systems using patterns
• Emphasis on important new developments: web services, standards, patterns, UML
• An engineering, not theoretical, approach.
![Page 4: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/4.jpg)
4
• To apply a systematic approach to secure systems development
• To get a panorama of security patterns and how to use them
• To be able to evaluate the security of a system (in a qualitative way)
• To get ideas for research
![Page 5: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/5.jpg)
5
• Security concepts and definitions• The Internet• Attacks• The design of secure systems• Security models• Firewalls• Operating systems
![Page 6: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/6.jpg)
6
• Web services• Application security• Distributed and web systems• Security patterns• Applying the patterns • Conclusions
![Page 7: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/7.jpg)
7
• Objectives• Countermeasures• Security architecture• An example
![Page 8: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/8.jpg)
8
Value of information
• We rely on information for our credit, health, professional work, business, education
• Illegal access (reading or modification) to information can produce serious problems
![Page 9: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/9.jpg)
9
Security objectives
• Confidentiality--no leakage of sensitive or private information
• Integrity-- no unauthorized modification or destruction of information
• Availability (No denial of service) --annoying , costly
• Lack of accountability (Non-repudiation)--legally significant
![Page 10: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/10.jpg)
10
The meaning of security
• Security implies providing these objectives in the presence of attacks
• Security requires technical, managerial, and physical countermeasures (defenses)
• We only consider technical aspects here • A related aspect is privacy, a legal and
ethics concern
![Page 11: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/11.jpg)
11
Countermeasures
• Identification and Authentication– first step • Access control/ authorization --provide
confidentiality and integrity• Auditing-- basis for prosecution or
improvements to the system• Cryptography-- a mechanism to hide
information and prove identity and rights• Intrusion detection
![Page 12: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/12.jpg)
12
Security architecture
• Authorization rules define what is allowed or not allowed (who can see what and how)
• The lower levels must enforce these rules• Assurance is a measure of how well the
lower levels enforce the rules
![Page 13: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/13.jpg)
13
• Basic architecture• Documents• New architectures
![Page 14: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/14.jpg)
14
Architectures
• The architecture of a system defines the system in terms of components (units) and of interactions between these units. Architecture includes: system topology and organization, decomposition into components, assignment of functionality to components, component interactions, system properties (nonfunctional requirements, e.g. performance, security), correspondence between requirements and units.
![Page 15: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/15.jpg)
15
Basic Architectural components
• Web browsers -- can request HTML documents, provide URL caching , support directories
• Web servers -- receive user requests , find and return documents
• Files or DBMS store documents• Documents -- pages or sets of pages
![Page 16: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/16.jpg)
16
Basic Internet architecture
Webbrowser’sHTML
Webservers
HTTP
Data
users
![Page 17: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/17.jpg)
17
Web documents
• Hypertext /multimedia • Passive or active (contain links to
programs)• Fixed or dynamic (assembled on request)• Potentially all institution data can be
considered documents
![Page 18: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/18.jpg)
18
Example of a web page
text
text
General CompanyInformation
Corporate DBM S
Clipboard files
Productinformation
![Page 19: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/19.jpg)
19
XML
• XML is a metalanguage to define the meaning and structure of documents. A subset of SGML (Standard Generalized Markup Language). Basic ideas: use tags in data items to define their meaning, relate data items through nesting and references.
![Page 20: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/20.jpg)
20
Enterprise architectures
Webbrowsers Web
servers
Internal UsersWeb
ApplicationServer
Web browsers...External
UsersInternet
Intranet
Engineering
Customers
Production
![Page 21: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/21.jpg)
21
Web Services
• A Web Service is a type of component that is available on the web and can be incorporated in applications or used as a standalone service
• Require a standard supporting framework• The web is becoming a marketplace of web
services
![Page 22: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/22.jpg)
22
Web Services Repository
Publicize
Use
Discover12
3
Web Services Provider
Web Services Client
![Page 23: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/23.jpg)
23
Web services architectures
• Web services (eServices) are a part of the application layer
• Web services are built out of XML, a lower-level data layer
• A SOAP layer is used for XML message transmission
• Internet layers and web server layers provide support for these layers
![Page 24: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/24.jpg)
24
WS1 WS2 Regis try
PAYLOADHEADER
. . .
. . .TransportsHTTP
Web Services
BusinessWorkflow
Catalog andDescription
Communications
DBMS
SSLOS
TCP/IP file systemmemoryprocesses
Web services layers
Supporting structures
DocumentStorage
. . .
![Page 25: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/25.jpg)
25
• Methods• Types
![Page 26: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/26.jpg)
26
Attack methods
• Preparation—Information gathering, scanning, planting malicious code, masquerading (spoofing)
• Activation—perpetrator-controlled, timed, victim activated
• Mission—active (affects integrity and availability), and passive misuse (eavesdropping, inference), denial of service
![Page 27: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/27.jpg)
27
<<actor>>:Attacker
target1: :Data target2:
activate Attack
prepare Attack
read
modify/destroy
propagate
![Page 28: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/28.jpg)
28
Malicious code
• Trojan Horses—A Trojan Horse is an apparently useful program that has harmful hidden functions
• Viruses – A virus is a program that attaches itself to another program, propagates, and usually causes some data destruction.
• Worms—A worm is a program that propagates itself without infecting the host.
![Page 29: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/29.jpg)
29
More varieties
• Spyware—collect passwords, credit card numbers, or general info. (adware)
• Spam—wholesale sending of messages, can be used to propagate viruses
• Phishing messages—enticing users to disclose information
![Page 30: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/30.jpg)
30
Current situation
• The Internet is an insecure place and attacks keep occuring
• One of the main reasons is the poor quality of the software used in operating systems and applications
• We need a systematic way to build secure software
![Page 31: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/31.jpg)
31
• Security is a nonfunctional aspect that must be satisfied in addition to functional aspects
• We cannot show absence of security flaws• We must use good development methods
and hope for the best• Add-on security is not the way
![Page 32: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/32.jpg)
32
Principles of design for security
• Economy of mechanism• Fail-safe defaults• Complete mediation• Open design• Separation of privilege• Least privilege• Least common mechanism
![Page 33: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/33.jpg)
33
Attempted approach
• Define a security kernel: includes all security-related functions
• Verify kernel: possible only for relatively simple systems
• Requires special languages and special operating systems
• Not practical for general systems
![Page 34: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/34.jpg)
34
Use of kernelsDBMS
OS
DBMS Kernel
Sec. Kernel
Kernel
![Page 35: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/35.jpg)
35
Applying the principles
• Security should be applied where the application semantics is understood
• Security is an all-levels problem • We should start from high-level policies
and map them to the lower levels • We need precise models to guide system
development
![Page 36: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/36.jpg)
36
A
a. m1 b. m2 c. m3
classes Metalayer
objectsApplication
layer
executing
processes
System layer
(OS/DBMS)
nodes
Node1 Node2
processors
network
CPU1 CPU2 CPU3
Protocol
Distribution
layer
Hardware
Configuration
a:A
B
C
b:B
c:C
![Page 37: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/37.jpg)
37
A B
a:A b:B
Metalayer
Application Layer
DBMS Layer
OS Layer
Hardware
inference wrong models
wrong operations malformed parameters language attacks unauthorized data access viruses, worms
malformed parameters unauthorized access
directory attacks process interference root attacks address space violation unauthorized file access
lack of protection
![Page 38: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/38.jpg)
38
Secure systems development methodology
• Apply security principles throughout the whole software lifecycle
• Use of object-oriented design • Use cases define rights for roles• Patterns build a secure conceptual model• Multilayer architecture extends the model to
the lower architectural levels
![Page 39: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/39.jpg)
39
Software lifecycle
Security verification and testing
Requirements Analysis Design Implementation
Secure UCs Authorization rules in conceptual model
Rule enforcement through architecture
Language enforcement
Security test cases
![Page 40: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/40.jpg)
40
Use of object-oriented modeling
• Strong conceptual modeling capability , applicable to hardware, software, applications, authorization rules
• Abstraction from irrelevant details • Intuitive , graphic, semiformal approach• Can be enhanced with formal specifications
![Page 41: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/41.jpg)
41
OO and UML
• UML is an object-oriented language for specifying, constructing, visualizing, and documenting a software design.
• Basically a notation and its corresponding meaning , not a process.
• Combines OMT, Booch, and other ideas.• OMG standard (www.omg.org)
![Page 42: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/42.jpg)
42
Use of patterns
• A pattern is a recurring combination of meaningful units that occurs in some context
• Patterns embody experience and good design practices
• Prevent errors, save time• A good catalog of patterns is needed
![Page 43: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/43.jpg)
43
Security patterns
• Analysis and design patterns are well established• There are many principles of good design that
have been developed to build secure systems• We have combined these two ideas showing that it
is possible to develop a collection of patterns that can be used to build secure systems
• Now building a catalog of security patterns• Security patterns page: www.securitypatterns.org
![Page 44: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/44.jpg)
44
Use patterns at all levels
• Patterns for models define the highest level• At each lower level we refine the model
patterns to consider the specific aspects of each level
• Patterns for file systems, web documents, cryptography, distributed objects, J2EE components
![Page 45: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/45.jpg)
45
Start from requirements
• Use cases define interactions with the system (Use case diagram)
• Use cases include several actions• We look at the possible attacks to each
action• We can define needed rights for actors to
perform the use cases
![Page 46: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/46.jpg)
46
A financial institution
Open Account
Close Account
Customer
Perform trade
ReceiveTrade Order
Manager
Check Trade Info
Auditor
Broker
UC1
UC2
UC3
UC4
UC5
![Page 47: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/47.jpg)
47
Attacks are related to use cases• Use Cases 1 and 2: Customer is an impostor. Possible
confidentiality and integrity violations.Manager impersonation. Can capture customer information. Confidentiality attack.
• Use Cases 3 and 4. Broker impersonation. Possible confidentiality violation.Customer can deny giving a trade order. Repudiation. Customer impersonation. Confidentiality or integrity attacks.Stockbroker embezzling customer’s money.
• Use Case 5. Impersonation of auditor. Confidentiality violation.
![Page 48: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/48.jpg)
48
V oterregistration
V oting
Keep voterslist
Countyvoting
Local voting Remotevoting
Tally result
V oter
Precinct officer
![Page 49: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/49.jpg)
49
(3) Security model:Access matrix (mandatory)→RBAC
UC:
Check record use
Auditor
Patient
Insurance clerk
Inspect a record
{Their own}
{Their own customer}
Doctor
{Their own patients}
Modify a record
{Their own patients}
Nurse
{Their own patients, only some fields}
{Their own patients,only some fields}
Create a record
Create patient history
Hospital clerk
![Page 50: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/50.jpg)
50
Use cases to find role rights
• Application of Role-Based Access Control• Use cases describe all possible uses of the
system• All use cases define all possible and legal
accesses • Each actor role can be given its needed
rights
![Page 51: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/51.jpg)
51
Scenarios to determine rights
method j
method j+1
method j+m
Authorized actions for actor_i in UseCase_q
actor_i object_k object_k + 1
.
.
.
![Page 52: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/52.jpg)
52
Use cases as starting point
• Attacker is not interested in changing a few bits or destroying a message
• Attacker wants to accomplish some objective, e.g., steal money, steal identity
• This is applying the principle of defining security at the semantic levels
• We also need to comply with standards
![Page 53: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/53.jpg)
53
Standards
• Orange Book • Common Criteria (NIST)• IEEE• IETF (Internet Engineering Task Force)• OASIS (Open Applications…)• W3C• Industry ad hoc groups: IBM, Microsoft,…
![Page 54: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/54.jpg)
54
Standards for web services
• A variety of standards to cover all levels• May overlap or be in conflict• XACML, WS-Security, SAML, SOAP
security, privacy standards• Confusing for vendors and users
![Page 55: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/55.jpg)
55
WS1 WS2Registry
P AY LOADH EA DE R
. . .
. . .T ransportsH TT P
D ocu men tStorage
We b Services
BusinessWorkf low
C atalog andDe sc rip tion
C omm unicatio ns
D BM S
SS LO S
T CP/IP fi le sys temmemoryp rocesses
BP EL4WS
WSCI
U DDI
ebXML
WSDL
SOA P
XML
X ML
Standar ds
Sec urity S tandards/ Specificat io ns
ebXML sec
WSPL
WS-Security
-XML Encryption
XML Signature
XKMS
Encr yption
SAM L
X ACML
WS-P olicy
WS-Authorization
UD DI security
WS-Trust
WS-Federation
WS-SecureC onversa tion
S OAP
XML
Web services lay ers
Support ing structure s
SAML
WS-Privacy
![Page 56: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/56.jpg)
56
• Classification• Access matrix • Role-Based Access Control• Multilevel security
![Page 57: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/57.jpg)
57
Classification of security models
• Multilevel --users and data are assigned security levels
• Access matrix -- subject has specific type of access to data objects
• Mandatory --access rules defined only by administrators
• Discretionary -- users own data and can grant access to other users
![Page 58: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/58.jpg)
58
Security models
Multilevel Mandatory
Access Matrix Discretionary
Model Model
Model Model
Authorization Models Administration Models
![Page 59: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/59.jpg)
59
Access matrix authorization rules
• Basic rule ( s, o, t ) , where s is a subject (active entity), t is an access type, and o is an object
• Extended rule ( s, o , t , p, f) , where p is a predicate (access condition or guard) and f is a copy flag
• This, and the other models, can be described by OO patterns
![Page 60: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/60.jpg)
60
Authorization pattern
Subject
id
ProtectionObject
id
* *Authorization_rule
Right
access_type
predicate
copy_flag
checkRights
![Page 61: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/61.jpg)
61
Authorization mapping
r / wf = T
rf = F
r / w f = T
subjectsprotectionobjects
U1 F1
Ui Fi. .miUj
![Page 62: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/62.jpg)
62
Reference Monitor
• Each request for resources must be intercepted and evaluated for authorized access
• Abstract concept, implemented as memory access manager, file permission checks, CORBA adapters, etc.
![Page 63: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/63.jpg)
63
Reference monitor pattern
Subject ReferenceMonitor
Set_of_Authorization_
Rules
prot_Objectaccess_type
Request
ConcreteReferenceMonitor
Authorization
** * *
*
makesRequestTo exists
![Page 64: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/64.jpg)
64
Enforcing access control
:CurrentProcess<<actor>> :RefMonitor :Set_of_AuthorizationRules :Authorization :Prot_Object
request(acc_type
prot_object) exists?(rule)
existsexists
request
![Page 65: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/65.jpg)
65
Role-Based Access Control
• Users are assigned roles according to their functions and given the needed rights (access types for specific objects)
• When users are assigned by administrators, this is a mandatory model
• Can implement least privilege and separation of duty policies
![Page 66: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/66.jpg)
66
Basic RBAC pattern
User
id
name
ProtectionObject
id
name
* *Authorization_rule
Right
access_type
predicate
copy_flag
checkRights
Role
id
name
** MemberOf
![Page 67: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/67.jpg)
67
Extended RBAC
• Concept of session • Separation of administrative roles• Composite roles• Groups of users
![Page 68: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/68.jpg)
68
Extended RBAC pattern
User ProtectionObject* *AuthorizationRule
Right
Role **
Session
AdminRole AdminRight
MemberOf
Group
*
*
*
1
*
*
*
Composite
Role
Simple
Role
Subset
WorksOn
Activated
From
MemberOf
*
![Page 69: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/69.jpg)
69
Attribute-Based Access Control
• In the Internet we need to deal with non-registered users
• Determine effective subjects and objects based on attribute values
![Page 70: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/70.jpg)
70
Metadata-based access control
SubjectDescriptor
ObjectDescriptorAttribute Property
AttributeQualifieroperator
value
PropertyQualifieroperator
value
ObjectSubject
*
1
1
*
* *
RightaccessType
isAuthorizedFor
AttributeValuevalue
*
* *
*
1
PropertyValuevalue
*
*
1
![Page 71: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/71.jpg)
71
Multilevel model
• In this model users and data are assigned classifications or clearances
• Classifications include levels (top secret, secret,…), and compartments (engDept, marketingDept,…)
• For confidentiality, access of users to data is based on rules defined by the Bell-LaPadula model, while for integrity, the rules are defined by Biba’smodel
![Page 72: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/72.jpg)
72
Multilevel security model
Subject Data
Category ClearanceLevel Category Classification
Level
TrustedProcess
*
*
*
*
1
CanAccessSS_property*_property
AssignLevelAssignLevel
*
* *
*
1
![Page 73: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/73.jpg)
73
Layered architecture
• The lower layers implement concrete versions of these models and enforce them
• We will look at several of these layers• First example is from the Boundary
between the network layer and the Op. system
![Page 74: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/74.jpg)
74
• Attacks• Types of firewalls• Network layer firewall• Application layer firewall• Stateful inspection firewall
![Page 75: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/75.jpg)
75
Firewall attacks
• Address spoofing• Malformed packets• Smuggling of attack code in packet body• Distributed denial of service
![Page 76: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/76.jpg)
76
Firewalls
• Firewalls control access from networks to internal systems
• Network layer firewall --analyzes packets• Application layer firewall -- uses
application proxies ,supports authorization,may keep state
• Stateful inspection keeps the state of connections
![Page 77: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/77.jpg)
77
Proxy-Based Firewall
Packet Filter Firewall Stateful FirewallAddress Filtering
Address Filtering Keep State
Keep State
Proxy Filtering
Firewall patterns
![Page 78: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/78.jpg)
78
Network layer firewall
InternalServer
ExternalClient
OKRequest RequestP
port
Firewall
PacketFilter
PrivateNetwork
Internet
![Page 79: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/79.jpg)
79
address addressFirewall
RuleBase
ExplicitRule DefaultRule
ExternalHost LocalHost
Rule
in/out
{ordered}*
1
1 1**requestService requestService
![Page 80: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/80.jpg)
80
«actor»:Network :Firewall :RuleBase :Rule :Service
requestService( )
requestService( )
acceptaccept
checkRule
requestService( )
Filtering a request
![Page 81: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/81.jpg)
81
Application layer firewall
• Uses security proxies to represent services• A variety of the Proxy pattern [GOF]• Prevents direct access• Analyzes application commands• Keeps logs for later auditing• Can keep state• Poor scalability
![Page 82: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/82.jpg)
82
Application layer firewall
InternalServer
ExternalServerP P2 P1
Request Request
Firewall
InternetPrivateNetwork
![Page 83: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/83.jpg)
83
Proxy-based firewall
ExternalHost
addressProxy-Based
FirewallLocalHost
address
Proxy
RuleBase
nameport
Service
*requestService
represents
*
*
*
*
1
1 1
filters
![Page 84: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/84.jpg)
84
Stateful inspection firewall
• Based on inspection of packets• Keeps dynamic state tables• Can use information from the seven
network layers• Scalable• Similar limitations about message and
document contents
![Page 85: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/85.jpg)
85
ExternalHost
addressStatefulFirewall
LocalHost
address
StateTable1
1*requestService requestService
*1
![Page 86: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/86.jpg)
86
• Controls system resources• In direct contact with hardware• Process and processor management• Memory management --executing programs• Data management: persistent data• I/O devices -- disks, communications ,…• Controls login
![Page 87: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/87.jpg)
87
OS attacks
• Remote login weaknesses• Password guessing• Bypass file permissions• Scavenge memory• Buffer overflow attacks• Denial of service attacks (resource hogging)• Privileged CGI scripts (in HTTP server OS)
![Page 88: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/88.jpg)
88
OS defenses
• Memory protection (supported by hardware)• File protection • Access control for I/O devices• Requires good processor support for low overhead and to
avoid bypassing of high-level mechanisms • Capabilities and descriptors are effective mechanisms• Firewalls to protect access to the system• Authentication (part of login)
• A well-structured architecture
![Page 89: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/89.jpg)
89
Patterns for secure architectures
• Layered OS• Microkernel• Virtual machine OS
![Page 90: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/90.jpg)
90
Layered OS
LayerN-1
Layer2
Layer1
LayerN
.
.
.
Client
1
1
1
<<uses>>
![Page 91: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/91.jpg)
91
Requesting a service
<<actor>>aUser:
openFile(…)
:OSInterface :FileManager :DiskDriver
openFile(…)readDisk(…)
![Page 92: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/92.jpg)
92
MicrokernelM icrokernel
executeM echanisminitCom m unicationfindR eceivercreateH andlesendM essagecallInternal Server
Internal Server
executeServicereceiveRequest
Internal Server
executeServicereceiveRequest
External Server
receiveRequestdispatchRequestexecuteService
External Server
receiveRequestdispatchRequestexecuteService
A dapter
callServicecreateRequest
A dapter
callServicecreateRequest
C lient
doTask
C lient
doTask
activates1*
initializecom m unication
1
calls service
1 1
sends request
1
calls1 *
*
1
![Page 93: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/93.jpg)
93
Requesting a service
:C lie n t
c a ll s e rv ic e
:A d a p te r :M ic ro ke rn e l :E x te rn a lS e rv e r
c re a te re q u e s t
f in d re c e iv e r
re c e iv e re q u e s t
in it c o m m u n ic a tio n
d is p a tc h re q u e s t
e x e c u te s e rv ic e
![Page 94: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/94.jpg)
94
Virtual Machine OS
V M O S
Hypervisor V M
LocalO SSupports *
*
1 *
*
*
C an run
<<contro ls>>
Hardware1
LocalP rocess*
![Page 95: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/95.jpg)
95
Patterns for operating systems security
• Controlled process creation• Controlled object creation• Authentication• Controlled object access (reference
monitor)• File access control• Controlled execution environment
![Page 96: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/96.jpg)
96
Controlled-Process Creator
Process
Creation_Request
Controlled_Process_Creator
createProcessid
createdeleterun_as_parent
AccessRight
accessTypeobject
*
*
*
*
*
1
1
createRights
«creates»
parent
child
![Page 97: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/97.jpg)
97
Process creation dynamics:Process_A
:Controlled_Process_Creator
:Process_B
:Access_Right
create
createcreateProcess
rights
Access_Right
![Page 98: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/98.jpg)
98
Process/domain rights *
*
*
*
*
*1
Resource {A}name address amount
Domain ID create( ) close( ) delete( )
ProtectionObject ID create ( ) close( ) delete( )
Executes In
ConcreteResource
Authorizationright
*
Activates
1
Subject
ID
Process
ID
CompositeDomain
Simple Domain
![Page 99: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/99.jpg)
99
Entering a domain
:Subject :Process :Domain :RefMonitor :Authorization x:
activateenter
write(x)
exists(x)
exists(write)
write(x)
![Page 100: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/100.jpg)
100
Forces of file pattern • There may be different categories of subjects, e.g., users, roles,
and groups• Subjects may be authorized to access files, directories, and
workstations• A subject has a home directory for each authorized
workstation, but the same home directory can be shared among several workstation or among several subjects
• Users may be grouped for access• Some systems may use roles instead or in addition to users as
subjects• There are many different implementations
![Page 101: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/101.jpg)
101
A file authorization pattern
1
*
*
Has_home_directory
Include
AuthorizedFor
*
*
AuthorizedOn* *Subject
id
Workstation
id
Access permission
accessmode
Authorization
priority
privileges
start session
File Component
Directory
name
File
name
size
createfile()
save()
![Page 102: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/102.jpg)
102
Use of subpatterns
• This pattern uses two instances of the Authorization Rule pattern
• Also uses the Composite pattern (GOF) • A higher-level authorization rule that uses
objects included in specific files can be mapped to this level for enforcement
![Page 103: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/103.jpg)
103
• SAML• XACML• XML Firewall
Patterns can be used to compare or understand standards
![Page 104: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/104.jpg)
104
WS1 WS2Registry
P AY LOADH EA DE R
. . .
. . .T ransportsH TT P
D ocu men tStorage
We b Services
BusinessWorkf low
C atalog andDe sc rip tion
C omm unicatio ns
D BM S
SS LO S
T CP/IP fi le sys temmemoryp rocesses
BP EL4WS
WSCI
U DDI
ebXML
WSDL
SOA P
XML
X ML
Standar ds
Sec urity S tandards/ Specificat io ns
ebXML sec
WSPL
WS-Security
-XML Encryption
XML Signature
XKMS
Encr yption
SAM L
X ACML
WS-P olicy
WS-Authorization
UD DI security
WS-Trust
WS-Federation
WS-SecureC onversa tion
S OAP
XML
Web services lay ers
Support ing structure s
SAML
WS-Privacy
![Page 105: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/105.jpg)
105
Security Assertion Markup Language (SAML)
• Part of XML-based Security Services• XML framework for exchanging
authentication and authorization information
• SAML information can be added to XML messages
![Page 106: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/106.jpg)
106
Three types of assertions
• Authentication• Authorization• Attributes (groups, roles,…)
![Page 107: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/107.jpg)
107
Assertion Coordinator pattern
• How to apply assertions across the Internet• Most important use is Single Sign On (SSO)• We find classes using CRC (Class-
Responsibility-Collaboration) cards
![Page 108: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/108.jpg)
108
ClassAssertionCoordinator
Responsibility•Authenticate users•Initiate session•Invoke creation of artifact and assertion for current user
Collaborator•Assertion•Client•Principal•UserAccount•PolicyDecisionEnforcer
ClassUserAccount
Responsibility•Keep user securityInformation
Collaborator•AssertionCoorcinator
Responsibility•Provide content to authenticated users with the appropriateAttributes
Collaborator•AssertionCoordinator•Assertion•AttributeAssertion
ClassAssertionResponsibility•Represents user security data in XML form•Categorizes data in the form of authentication or attribute assertions
Collaborator•AttributeAssertion•AssertionCoordinator
ClassPrincipalResponsibility•Identify clients authenticated by the AssertionCoordinator•Request protectedresources•Fill order requests
Collaborator•AssertionCoordinator•PolicyDecisionEnforcer•ProtectedResource
ClassPolicyDecisionEnforcer
![Page 109: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/109.jpg)
109
AssertionCoordinator
+initSession()+authenticate()
AssertionCoordinator
+initSession()+authenticate()
PolicyDecisionEnforcer
+validateAssertion()+verifyUserRole()+handleRequest()+processRequest()
Client-userid
-password-role
UserAccount
Principal
ProtectedResource
Content provider
Assertion
+getAuthenAssert()+getAttribAssert()+createAssertion()
-issuerID-issueInstant-assertionID-expiration
AttributeAssertion-role
+getRole()1
1
1
1
1
1…*use
retrieveUser Info
1
1
1
1
1
1
1
1
1 1
1…*
sendAssertion
create
submitRequest
login
extractRole
grantAccess
![Page 110: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/110.jpg)
110
:Client :Principal :AssertionCoordinator :UserAccount :PolicyDecisionEnforcer :Protected Resource
sessionID sessionID UserAttributes
:Assertion
Access decision
authenticate(user)
requestResource(request)
retrieve user info
<<create>>
authenticate
validateAssertion(AssertionList)
Access decision
AssertionList
generateAttribAssert(user,resource)
handleRequest(assertionList,Request)
use service
destroy
verifyUserRole(userAttribs)
processRequest()
generateAuthenAssert(user,resource)
![Page 111: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/111.jpg)
111
XACML
• Special technical committee of OASIS• Specification of policies for information
access over the Internet and their enforcement
• Combines work of IBM Tokyo and University of Milano, Italy.
• Implemented by Sun in early 2003
![Page 112: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/112.jpg)
112
+PolicyCombiningAlgorithm()
PolicySet
+RuleCombiningAlgorithm()
Policy
-effect={Permit,Deny}-condition
Rule
*
Target
-attributesTargetResource
-attributesTargetSubject
Action
-attributesTargetEnvironment
*
*
*
*
+addRule()+deleteRule()+updateRule()+createPolicy()+deletePolicy()+createPolicySet()+deletePolicySet()
PolicyAdministrationPoint
1
*
-obligationPolicyComponent
1..* *
![Page 113: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/113.jpg)
113
PolicyAdministrationPoint
PolicyDecisionPoint
PolicyEnforcementPoint
renders
PolicySet
ApplicablePolicySet
locates
1 1..*
enforces
-subjectAttributes-resourceAttributes-action-environmentAttributes
XACMLAccessRequest
*
*producesappliesTo
1*evaluates ContextHandler
1
*
accesses
+getAttributeValue()
PolicyInformationPoint
SubjectDescriptor-attributesResourceDescriptor
-attributesEnvironmentDescriptor
-decision={Perm it,Deny,Indeterminate,NotApplicable}-obligations
XACMLAccessResponse
accesses
in
controlsAccessTo1..*
*
*
1
1
accesses
-operator-value
SubjectAttributeQualifier
-operator-value
EnvironmentAttributeQualifier
-operator-value
ResourceAttributeQualifier1
1
1
Subject
SubjectAttributeValue1
SubjectAttributeType
*1hasType
*1correspondsTo
Resource
ResourceAttributeValue1
ResourceAttributeType
*
1hasType
*1correspondsTo
Environment
EnvironmentAttributeValue1
EnvironmentAttributeType
*1
hasType
*1correspondsTo
![Page 114: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/114.jpg)
114
Application firewall
• XML firewall is a special case of it• Controls input/output from distributed
applications• Can filter wrong commands, wrong type or
length parameters, wrong sequences
![Page 115: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/115.jpg)
115
![Page 116: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/116.jpg)
116
![Page 117: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/117.jpg)
117
Adding a new rule
![Page 118: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/118.jpg)
118
XML firewall
• Controls input/output of XML applications• Well-formed documents (schema as
reference)• Harmful data (wrong type or length)• Encryption/decryption• Signed documents
![Page 119: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/119.jpg)
119
![Page 120: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/120.jpg)
120
Security in ebXML
• Proposal for registry security (May 2001)• Requirements for authentication, integrity,
and confidentiality• Each request must be authenticated• Policy: any known entity can publish and
anyone can view• UML model for registry security
![Page 121: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/121.jpg)
121
ebXML Registry Security model
<<Interface>>AccessControlPolicy
Permission
Privilege
<<Interface>>PrivilegeAttribute
<<Interface>>RegistryObject
identity: Identitygroups: collectionroles: collectionsecurityClearances: collection
getGUID() : StringsetGUID(guid : String) : voidgetURL() : URLsetURL(url : URL) : voidgetName() : StringsetName(name : String) : voiddepricate() : voiddelete() : void
<<Interface>>SecurityClearance
<<Interface>>Group
<<Interface>>Role
<<Interface>>Identity
Principal
0.n 1
0..n
1..n
0..n
1..n
1
0..n
0..n 0..n0..n 1
![Page 122: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/122.jpg)
122
• Secure analysis patterns• Stock manager• Patient records• Medical information
![Page 123: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/123.jpg)
123
Secure analysis patterns
• A Semantic Analysis Pattern (SAP) describes a semantic unit
• We can combine a SAP with security patterns to get a secure semantic unit
• Can be used to build secure applications• Example: authorized inventory system
![Page 124: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/124.jpg)
124
StockRoom
add_StockRoom
Inventory
transferStockcheckDiscrepancyadjDiscrepancy
Stock
addItem
Procurement<<role>>
RightaddItem
1
1
StockKeeper<<role>>
1
1
Item
*
*
*
*
Auditor<<role>>
RightcheckDiscrepancy
RightadjDiscrepancy
RightAdd_StockRoom
RighttransferStock
StockManager<<role>>
InventoryManager<<role>>
*
* *
* 1
![Page 125: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/125.jpg)
125
Patient records
1*
**
*
* 1…*
worksAt*
*
*
assignedTo *
*
assignedTo
* 1
assignedTo
assignedTo
consulting
primary Nurse
specialty
*
*
Patient
name address patientNumber
TreatmentInstance
date financialNumbe
MedicalHistory
instance
Outpatient
Employee
name employeeNumber address
Doctor
specialty
Inpatient
Location
number sizeassignedTo
MedicalGroup
name mainLocation
Building
name location
Hospital
name address
*
1
![Page 126: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/126.jpg)
126
1
*
**
*TreatmentInstance
date financialNumber
MedicalHistory
insurance dateRange
open() create ( ) update ( )
Patient
name address patientNumber
create ( ) d ( )
Right
Right
admitPatient assignAssets
Right
treatPatient readTreatmentInstanc
Right
treatPatient readTreatmentInstanc
<<role>>
Doctor
<<role>>
Nurse
<<role>> HospitalAudit
or
<<role>> AdministrativeC
lerk
MedicalGroup
name
Hospital
name address
*
Building
name location
Location
number size
*
Employee
name idNumber address
![Page 127: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/127.jpg)
127
Observ
AdmitPatientController
AdmitPatientView
- newPatient - initialComplaint - patientNumber - patientInformation - chart - medicalHistory - inpatient
Mod
Patient
- name - address - patientNumber
(i f )
Outpatient
MedicalHistory
- insurance - dateRange
+ open() + create() + update()
<<role>> AdministrativeC
lerk
Right
treatPatient readTreatmentInstanc
Inpatient
1
1
TreatmentInstance
- date - financialNumber - initialComplaint
+ create() + update()
*
![Page 128: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/128.jpg)
128
Some policies for medical information
• Patients can see their records, consent to their use, must be informed of their use
• A doctor or other medical employee is responsible for use of record (custodian)
• Records of patients with genetic or infectious diseases must be related
![Page 129: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/129.jpg)
129
<<role>>Doctor
<<role>>Patient
readauthorizeUse
MedicalRecord
readmodify
CustodianInChargeOf
MedicalRelation
informPatient
* **
1..*1
1
Right
for own Record
![Page 130: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/130.jpg)
130
OCL (Object Constraint Language)
• Similar to Z and SQL, 1st order predicate calculus
• Adds precision to UML constraints• Implementation oriented
![Page 131: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/131.jpg)
131
readauthorizeUse
MedicalRecord
readmodify
custodian InChargeOf
MedicalRelationship
forAll(p: PatientID->notify(self.Log.accessor)
* **
1..*
Right
Patient.patientID = MedicalRecord.patientID
patientID: IntegerdateOfBirth: Datename: String address: Stringage: Integersex:{male, female}
Patient
InpatientOutpatient InpatientOutpatient
TreatmentHistorymedications:Stringprocedures:string
*
1
readmodify
Right
Doctor.LoginrID = MedicalRecord.doctorID
doctorID: IntegerdateOfBirth: Datename: String address: Stringage: Integersex:{male, female}
Doctor
custodian
0..*
1
accessor: Stringperiod: Stringdate: DateaccesType
Log
<<role>>Patient
1
LoginID: Integer
<<role>>Doctor
1
LoginID: Integer
![Page 132: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/132.jpg)
132
• Framework for filtering, access control, establish connection
• Shows combination of distribution and security patterns
![Page 133: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/133.jpg)
133
A secure framework
ConcreteConnection
ConcreteClient
DefaultFilterPolicy
ConcreteAuthenticator
SpecializedBodyguardACL11 11
uses
UserFilterPolicy
PolicySetting
ConcreteObject
1
1
1
1
FilterPolicyFactory* 1* 1
ObjectFactory
PolicyApplicator
1
1
1
1
creates
Filter
Connection
*
*
*
*
sets_Filter_Policy
Authenticator
Bodyguard1* 1*
protect
Client
1
1
1
1
creates Filter Policy
1* 1* connects and sets Coordinator11 11pulls
*
1
*
1*
1
*
1
request_ID10..1 1
request_ID0..1
communicates and sets Filters
Policy
1..*
0..*
1..*
0..*
1
*
1
*
*
1
*
1
registers
![Page 134: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/134.jpg)
134
C o ncreteC lie nt C o nc re te C o nnec t io n C li ent s i de
C o nc reteC o nnec t io n S e rve r s id e
C o ord ina tor
subsc ri b e_ c lie nt()sub sc rib e_ c lie nt()
subsc ri b e_ c lie nt()
c lie nt_ ID ()c lie nt_ ID ( )succe ss ()
a d d_ c lie nt( )
![Page 135: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/135.jpg)
135
Web Documents
Document
HyperlinkContent
URL
Memo Form General
To
anchor* *
![Page 136: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/136.jpg)
136
Example -- Form
Image
colorresolution
captionnum_figures
add_figureadd_color
change_caption
Text
typefont
fontsizenum_linespacing
add_fontdelete_font
Form
namedept
clearsubmit
Button
typename
click
Label-Field
lf-length
change
Text-Field
tf-length
clear
Media
name
adddelete
Hyperlink
type
Voice
volume_rangevoice_type
LF-textB-image
To
TF-text
![Page 137: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/137.jpg)
137
OO models of web documentsSec-Admin Hyperlink
authorize
*
Medianameadddelete
Voice Image Textvolumn_rangevoice_type color
resolutioncaptionnum_figuresadd_figureadd_colorchange_caption
typefontfontsizenum_linespacing
add_fontdelete_font
Formnamedeptclearsubmit
Secretarydept
modifyform.dept = sec.dept
U-President
create
Grad_Student
submittype = ‘asst_app’
*
* *
*
Button Label-Field Text-Fieldtypenameclick
lf-length
change
tf-length
clear
B-Image LF-Text TF-Text***
**
![Page 138: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/138.jpg)
138
• Patterns for RBAC implementation • Cryptographic patterns • Java security patterns • Single Point of Access (Joe Yoder)• M. Schumacher, E.B.Fernandez, D.
Hybertson, F. Buschmann, and P. Sommerlad (Eds.), Security Patterns, Wiley 2005 (to appear).
![Page 139: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/139.jpg)
139
• Apply patterns at each level according to attacks
• Determine appropriate security mechanisms from patterns
![Page 140: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/140.jpg)
140
Mapping of authorization rulesE m ployee
M fg.E m p.
.
.
. .
C ut
righ ts
B O Mapplet
I/O driverF ilerigh ts
O R D E R S file
E ncryp tionO R D E R S
S T O R A G E
A PP L IC A T IO N
O R D E R S
D A T A B A S E
B O MA pplet
R em ote siteA uth ru les
U ser C ases
O P. SY S.E xecutingprogram s
O rder
M fg . E m p.
C om ponent
righ ts
R oles
![Page 141: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/141.jpg)
141
W e b /a p p lic .s e r v e r
B ro w s e r
B ro w s e r
m e s s a g ee n c r y p tio n
In te rn e tc e r t i f ic a te f ir e w a l l
c e r t i f ie d a p p lic /O S /h a rd w a relo g g in g /p a p e r c o p ie s
P re c in c t
lo c a l v o t in g m a c h in e
a u th o r iz e
v o te sd a ta b a s e
V P N
a u th e n t ic a te
V P NV P No r S S L
R e m o te V o t in g M a c h in e
to c e n tr a la u th o r i ty
m s g . p ro te c t io nto o th e rP re c in c ts( L A N )
![Page 142: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/142.jpg)
142
(4) Implementation
Web browser
CORBA
InternetFirewall
CertificatesCGIOS
ApplicationServer
DBMS
Hardened OS -RBAC-Global model(authorization)
Audit trail
Web Server
+ Antivirus+ Replication for DBMS (help for DDoS)
![Page 143: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/143.jpg)
143
• Internet-based systems are very flexible, but also very complex and changing
• Currently security is rather poor• We must design new systems or improve
existing systems in a systematic way• Proposed methodology is a good step to
build secure systems
![Page 144: Security patterns and secure systems design using UML · methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use](https://reader034.vdocument.in/reader034/viewer/2022042214/5eba28d341905f0ee16affc9/html5/thumbnails/144.jpg)
144
Future work
• Patterns for web services standards• Patterns for database systems• Build a systematic catalog of security
patterns• Define precise mappings between levels• Refine the development method:
components, distribution