SlideShare a Scribd company logo

20120709 cyber patterns2012

Download as PPTX, PDF
Aniketos EU FP7 Project
Aniketos EU FP7 Project
Technology
1 of 29
Extending AOP Principles for the Description of Network Security Patterns David Llewellyn-Jones, Qi Shi, Madjid Merabti Cyberpatterns 2012, Abingdon, Oxfordshire, UK, 10th July 2012 PROTECT Research Centre for Critical Infrastructure Computer Technology and Protection School of Computing and Mathematical Sciences Liverpool John Moores University, Byrom Street, Liverpool L3 3AF, UK Email: D.Llewellyn-Jones@ljmu.ac.uk Web: http://www.ljmu.ac.uk/cmp/
Overview • Aspect Oriented Programming • Security concerns • Specifying network security point-cuts – Requirements – Examples – Language • Application Example • Conclusion
• Ensuring Trustworthiness and Security in Service Composition • http://www.aniketos.eu/ • The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant no 257930 (Aniketos)
• Monitoring; trust and security analysis; recomposition and adaptation
Aspect Oriented Programming • Programming or development paradigm • Object Oriented Programming – Encapsulates related data and functionality all in one place – Hierarchical classes • Inheritance • Generalisation • Class attribute – Hard to capture cross-cutting concerns
Cross-Cutting Concerns
Aspect Oriented Programming • Orthogonal to Object Oriented Programming • Cross-Cutting Concerns – Similar functionality – Multiple places throughout • Example – Data logging
Security Concerns • Security – Classic cross-cutting concern – Apply in many places throughout code – Requires consistent approach • Examples – Authorisation – Access control – Data tagging
AOP Glossary • Aspect – The feature to be added • Join-Point – Potential • Point-Cut – Actual • Advice – Code to be injected • Aspect weaving – The process of adding advice to code
Join-Points • Join-points – Method calls – Initialisation – Get/set • Application – Before – After – Around • Dictates power of AOP technique
Join-Point Example <pointcut_definition id="c1"> <time>after</time> <joinpoint_type> <constructorcall> <constructor_signature> <qualified_class_name> <namespace><type_name>*</type_name></namespace> <class><identifier_name>FormCipher</identifier_name></class> </qualified_class_name> </constructor_signature> </constructorcall> </joinpoint_type> </pointcut_definition> <advice_definition idAdvice="DandelionAspectAddClient" idTypeOfInjection="StaticInjection"> <assembly>Gryffindor.Aspect.Dandelion.dll</assembly> <type>Gryffindor.Aspect.Dandelion.DandelionAspect</type> <behaviour>AddEncrypter</behaviour> <priority>1</priority> <pointcut_definitionRef idRef="c1"/> </advice_definition>
Reflection • Aspects can be inserted at compile time – Static aspect weaving • Introspection – Allow analysis of code at runtime • Intercession – Allow code to be altered at runtime – Insert new code, redefine language • Allows aspects inserted at runtime – Dynamic aspect weaving
Network Security • Ideal, in theory – Apply aspects to services at runtime – Improve security based on dynamic composition and policy • Problematic, in practice – Point-cuts apply to single codebase – Applied universally – Distributed systems need different but related techniques in different places
Encryption Aspects Communication Encrypt Decrypt Communication • Often need to apply to multiple systems – Different related aspects – Not naturally covered by existing join-point definition languages • Need language to define this
Join-Point Language Requirements 1. Capture sequences of more than two systems 2. Match multiple sets of networked systems 3. Be determinate 4. Based on code and relationship between systems 5. Aspect code related to join-point and existing code
Secure Data Forwarding H H L L H L H
End-to-End Security A B B B B A A B B B B A
Separation of Duty B A B B A B
Patterns • We aim to define a language for defining patterns • Combine with existing in-code join-point definitions • Allow complex relationships between networked systems to be defined • Both global and distributed application
Multiple Join-Point Definition • Notation
Patterns • Single template • Pattern of templates
Secure Data Forwarding H L H
End-to-End Security A B B B B A
Separation of Duty B A B
AOP Applied to Security • Client-Server chat application – Cleartext communication • Encryption/Decryption service • Aspects re-route data flow Communication – Different aspects for client and server Miguel García, David Llewellyn-Jones, Francisco Ortin, Madjid Merabti, "Applying dynamic separation of aspects to distributed systems security: a case study", IET Software, Volume 6, Issue 3, pp. 165-282, June 2012.
AOP Applied to Security Communication Communication Communication
Discussion • Why choose this method? – Flexibility – Aim for all computable sets of networks – Distributed or centralised • Practical application – Definition and aspects still to be combined • Challenges – Difficult to define – Aspects are specialised, not generalised
Future Work • Practical – Restatement in XML format – Integrate with join-point definition language – Reason and apply to real code • Theoretical – Measure expressivity of the language – Formalise currently unspecified aspects – Define security patterns
Conclusion • Security is a cross-cutting concern • Existing AOP point-cuts are not designed for networked systems • A way of relating aspects to distributed systems is needed for security • Propose initial method for defining point-cut patterns

Recommended

CV_Virendra
CV_VirendraCV_Virendra
CV_Virendratiet
 
Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012Aniketos EU FP7 Project
 
Aniketos effects plus_6sep_2012-v04
Aniketos effects plus_6sep_2012-v04Aniketos effects plus_6sep_2012-v04
Aniketos effects plus_6sep_2012-v04Aniketos EU FP7 Project
 
Dynamic monitoring of composed services
Dynamic monitoring of composed servicesDynamic monitoring of composed services
Dynamic monitoring of composed servicesAniketos EU FP7 Project
 
Animation
AnimationAnimation
AnimationZana Joli Jr
 
Profile binh nguyen (fil eminimizer)
Profile binh nguyen (fil eminimizer)Profile binh nguyen (fil eminimizer)
Profile binh nguyen (fil eminimizer)Lê Thanh Tân
 
What Open Innovation means for the Pharmaceutical industry
What Open Innovation means for the Pharmaceutical industryWhat Open Innovation means for the Pharmaceutical industry
What Open Innovation means for the Pharmaceutical industryblackhaj
 
Aniketos summary
Aniketos summaryAniketos summary
Aniketos summaryAniketos EU FP7 Project
 

Recommended

CV_Virendra
CV_VirendraCV_Virendra
CV_Virendratiet
 
Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012Aniketos trust bus_sept_2012
Aniketos trust bus_sept_2012Aniketos EU FP7 Project
 
Aniketos effects plus_6sep_2012-v04
Aniketos effects plus_6sep_2012-v04Aniketos effects plus_6sep_2012-v04
Aniketos effects plus_6sep_2012-v04Aniketos EU FP7 Project
 
Dynamic monitoring of composed services
Dynamic monitoring of composed servicesDynamic monitoring of composed services
Dynamic monitoring of composed servicesAniketos EU FP7 Project
 
Animation
AnimationAnimation
AnimationZana Joli Jr
 
Profile binh nguyen (fil eminimizer)
Profile binh nguyen (fil eminimizer)Profile binh nguyen (fil eminimizer)
Profile binh nguyen (fil eminimizer)Lê Thanh Tân
 
What Open Innovation means for the Pharmaceutical industry
What Open Innovation means for the Pharmaceutical industryWhat Open Innovation means for the Pharmaceutical industry
What Open Innovation means for the Pharmaceutical industryblackhaj
 
Aniketos summary
Aniketos summaryAniketos summary
Aniketos summaryAniketos EU FP7 Project
 
Christmas In July
Christmas In JulyChristmas In July
Christmas In Julyreesmorgan
 
Soc july-2012-dmitri-botvich
Soc july-2012-dmitri-botvichSoc july-2012-dmitri-botvich
Soc july-2012-dmitri-botvichAniketos EU FP7 Project
 
Demo summer soc-28062012
Demo summer soc-28062012Demo summer soc-28062012
Demo summer soc-28062012Aniketos EU FP7 Project
 
Manual on pavement_design_atj_j_5-85
Manual on pavement_design_atj_j_5-85Manual on pavement_design_atj_j_5-85
Manual on pavement_design_atj_j_5-85Sopha Mustafa
 
Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012reesmorgan
 
A heuristic approach for secure service composition adaptation final
A heuristic approach for secure service composition adaptation finalA heuristic approach for secure service composition adaptation final
A heuristic approach for secure service composition adaptation finalAniketos EU FP7 Project
 
Privacy identity and trust challenges for the future internet citizen fabio...
Privacy identity and trust challenges for the future internet citizen fabio...Privacy identity and trust challenges for the future internet citizen fabio...
Privacy identity and trust challenges for the future internet citizen fabio...Aniketos EU FP7 Project
 
Wewst11 trustworthiness monitoring of dynamic service compositions v2
Wewst11 trustworthiness monitoring of dynamic service compositions v2Wewst11 trustworthiness monitoring of dynamic service compositions v2
Wewst11 trustworthiness monitoring of dynamic service compositions v2Aniketos EU FP7 Project
 
Panduan penyediaan rp
Panduan penyediaan rpPanduan penyediaan rp
Panduan penyediaan rpSopha Mustafa
 
TSSG paper for International Symposium on Integrated Network Management (IM)
TSSG paper for International Symposium on Integrated Network Management (IM) TSSG paper for International Symposium on Integrated Network Management (IM)
TSSG paper for International Symposium on Integrated Network Management (IM) Aniketos EU FP7 Project
 
Smm 2015 exercise 2
Smm 2015 exercise 2Smm 2015 exercise 2
Smm 2015 exercise 2Lester Lasrado
 
globalisasi
globalisasiglobalisasi
globalisasiSopha Mustafa
 
Addressing Cloud Security with OPA
Addressing Cloud Security with OPAAddressing Cloud Security with OPA
Addressing Cloud Security with OPADiemShin
 
SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)Odinot Stanislas
 
Cryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsCryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsSashank Dara
 
Design patterns
Design patternsDesign patterns
Design patternsACCESS Health Digital
 
CJUS 703Biblical Worldview of Corrections Assignment Instruction
CJUS 703Biblical Worldview of Corrections Assignment InstructionCJUS 703Biblical Worldview of Corrections Assignment Instruction
CJUS 703Biblical Worldview of Corrections Assignment InstructionVinaOconner450
 
Safe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereSafe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereAdaCore
 
Grid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and PotentialGrid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and PotentialPaul Brebner
 
chaitraresume
chaitraresumechaitraresume
chaitraresumeChaitra Shankar
 
RTI/Cisco response to the Software Defined Networks (SDN) OMG RFI
RTI/Cisco response to the Software Defined Networks (SDN) OMG RFIRTI/Cisco response to the Software Defined Networks (SDN) OMG RFI
RTI/Cisco response to the Software Defined Networks (SDN) OMG RFIGerardo Pardo-Castellote
 
Smart Contracts That Learn
Smart Contracts That LearnSmart Contracts That Learn
Smart Contracts That LearnMike Slinn
 

More Related Content

Viewers also liked

Christmas In July
Christmas In JulyChristmas In July
Christmas In Julyreesmorgan
 
Manual on pavement_design_atj_j_5-85
Manual on pavement_design_atj_j_5-85Manual on pavement_design_atj_j_5-85
Manual on pavement_design_atj_j_5-85Sopha Mustafa
 
Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012reesmorgan
 
A heuristic approach for secure service composition adaptation final
A heuristic approach for secure service composition adaptation finalA heuristic approach for secure service composition adaptation final
A heuristic approach for secure service composition adaptation finalAniketos EU FP7 Project
 
Privacy identity and trust challenges for the future internet citizen fabio...
Privacy identity and trust challenges for the future internet citizen fabio...Privacy identity and trust challenges for the future internet citizen fabio...
Privacy identity and trust challenges for the future internet citizen fabio...Aniketos EU FP7 Project
 
Wewst11 trustworthiness monitoring of dynamic service compositions v2
Wewst11 trustworthiness monitoring of dynamic service compositions v2Wewst11 trustworthiness monitoring of dynamic service compositions v2
Wewst11 trustworthiness monitoring of dynamic service compositions v2Aniketos EU FP7 Project
 
Panduan penyediaan rp
Panduan penyediaan rpPanduan penyediaan rp
Panduan penyediaan rpSopha Mustafa
 
TSSG paper for International Symposium on Integrated Network Management (IM)
TSSG paper for International Symposium on Integrated Network Management (IM) TSSG paper for International Symposium on Integrated Network Management (IM)
TSSG paper for International Symposium on Integrated Network Management (IM) Aniketos EU FP7 Project
 

Viewers also liked (12)

Christmas In July
Christmas In JulyChristmas In July
Christmas In July
 
Soc july-2012-dmitri-botvich
Soc july-2012-dmitri-botvichSoc july-2012-dmitri-botvich
Soc july-2012-dmitri-botvich
 
Demo summer soc-28062012
Demo summer soc-28062012Demo summer soc-28062012
Demo summer soc-28062012
 
Manual on pavement_design_atj_j_5-85
Manual on pavement_design_atj_j_5-85Manual on pavement_design_atj_j_5-85
Manual on pavement_design_atj_j_5-85
 
Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012Disaster Recovery Status Report 22 Feb2012
Disaster Recovery Status Report 22 Feb2012
 
A heuristic approach for secure service composition adaptation final
A heuristic approach for secure service composition adaptation finalA heuristic approach for secure service composition adaptation final
A heuristic approach for secure service composition adaptation final
 
Privacy identity and trust challenges for the future internet citizen fabio...
Privacy identity and trust challenges for the future internet citizen fabio...Privacy identity and trust challenges for the future internet citizen fabio...
Privacy identity and trust challenges for the future internet citizen fabio...
 
Wewst11 trustworthiness monitoring of dynamic service compositions v2
Wewst11 trustworthiness monitoring of dynamic service compositions v2Wewst11 trustworthiness monitoring of dynamic service compositions v2
Wewst11 trustworthiness monitoring of dynamic service compositions v2
 
Panduan penyediaan rp
Panduan penyediaan rpPanduan penyediaan rp
Panduan penyediaan rp
 
TSSG paper for International Symposium on Integrated Network Management (IM)
TSSG paper for International Symposium on Integrated Network Management (IM) TSSG paper for International Symposium on Integrated Network Management (IM)
TSSG paper for International Symposium on Integrated Network Management (IM)
 
Smm 2015 exercise 2
Smm 2015 exercise 2Smm 2015 exercise 2
Smm 2015 exercise 2
 
globalisasi
globalisasiglobalisasi
globalisasi
 

Similar to 20120709 cyber patterns2012

Addressing Cloud Security with OPA
Addressing Cloud Security with OPAAddressing Cloud Security with OPA
Addressing Cloud Security with OPADiemShin
 
SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)Odinot Stanislas
 
Cryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsCryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsSashank Dara
 
CJUS 703Biblical Worldview of Corrections Assignment Instruction
CJUS 703Biblical Worldview of Corrections Assignment InstructionCJUS 703Biblical Worldview of Corrections Assignment Instruction
CJUS 703Biblical Worldview of Corrections Assignment InstructionVinaOconner450
 
Safe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereSafe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereAdaCore
 
Grid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and PotentialGrid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and PotentialPaul Brebner
 
RTI/Cisco response to the Software Defined Networks (SDN) OMG RFI
RTI/Cisco response to the Software Defined Networks (SDN) OMG RFIRTI/Cisco response to the Software Defined Networks (SDN) OMG RFI
RTI/Cisco response to the Software Defined Networks (SDN) OMG RFIGerardo Pardo-Castellote
 
Smart Contracts That Learn
Smart Contracts That LearnSmart Contracts That Learn
Smart Contracts That LearnMike Slinn
 
Declarative Programming and a form of SDN
Declarative Programming and a form of SDN Declarative Programming and a form of SDN
Declarative Programming and a form of SDN Miya Kohno
 
Mk network programmability-03_en
Mk network programmability-03_enMk network programmability-03_en
Mk network programmability-03_enMiya Kohno
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantageMoshe Ferber
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...John M. Willis
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCJohn M. Willis
 
David Hedley's Tuesday Tech Talk OSI Model
David Hedley's Tuesday Tech Talk OSI ModelDavid Hedley's Tuesday Tech Talk OSI Model
David Hedley's Tuesday Tech Talk OSI ModelDavid Hedley
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentAlgoSec
 
Strayer cis-534-week-4-assignment-1-defense-in-depth-new
Strayer cis-534-week-4-assignment-1-defense-in-depth-newStrayer cis-534-week-4-assignment-1-defense-in-depth-new
Strayer cis-534-week-4-assignment-1-defense-in-depth-newshyaminfo18
 
Started In Security Now I'm Here
Started In Security Now I'm HereStarted In Security Now I'm Here
Started In Security Now I'm HereChristopher Grayson
 

Similar to 20120709 cyber patterns2012 (20)

Addressing Cloud Security with OPA
Addressing Cloud Security with OPAAddressing Cloud Security with OPA
Addressing Cloud Security with OPA
 
SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)SNIA : Swift Object Storage adding EC (Erasure Code)
SNIA : Swift Object Storage adding EC (Erasure Code)
 
Cryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsCryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public Clouds
 
Design patterns
Design patternsDesign patterns
Design patterns
 
CJUS 703Biblical Worldview of Corrections Assignment Instruction
CJUS 703Biblical Worldview of Corrections Assignment InstructionCJUS 703Biblical Worldview of Corrections Assignment Instruction
CJUS 703Biblical Worldview of Corrections Assignment Instruction
 
Safe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get ThereSafe and Reliable Embedded Linux Programming: How to Get There
Safe and Reliable Embedded Linux Programming: How to Get There
 
Grid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and PotentialGrid Middleware – Principles, Practice and Potential
Grid Middleware – Principles, Practice and Potential
 
chaitraresume
chaitraresumechaitraresume
chaitraresume
 
RTI/Cisco response to the Software Defined Networks (SDN) OMG RFI
RTI/Cisco response to the Software Defined Networks (SDN) OMG RFIRTI/Cisco response to the Software Defined Networks (SDN) OMG RFI
RTI/Cisco response to the Software Defined Networks (SDN) OMG RFI
 
Smart Contracts That Learn
Smart Contracts That LearnSmart Contracts That Learn
Smart Contracts That Learn
 
Declarative Programming and a form of SDN
Declarative Programming and a form of SDN Declarative Programming and a form of SDN
Declarative Programming and a form of SDN
 
Mk network programmability-03_en
Mk network programmability-03_enMk network programmability-03_en
Mk network programmability-03_en
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
 
David Hedley's Tuesday Tech Talk OSI Model
David Hedley's Tuesday Tech Talk OSI ModelDavid Hedley's Tuesday Tech Talk OSI Model
David Hedley's Tuesday Tech Talk OSI Model
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud EnvironmentA Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
 
Strayer cis-534-week-4-assignment-1-defense-in-depth-new
Strayer cis-534-week-4-assignment-1-defense-in-depth-newStrayer cis-534-week-4-assignment-1-defense-in-depth-new
Strayer cis-534-week-4-assignment-1-defense-in-depth-new
 
Started In Security Now I'm Here
Started In Security Now I'm HereStarted In Security Now I'm Here
Started In Security Now I'm Here
 

Recently uploaded

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxjbellis
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024Lorenzo Miniero
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe中 央社
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMKumar Satyam
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!Memoori
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfalexjohnson7307
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Paige Cruz
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch TuesdayIvanti
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...ScyllaDB
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...ScyllaDB
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 

Recently uploaded (20)

Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Vector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptxVector Search @ sw2con for slideshare.pptx
Vector Search @ sw2con for slideshare.pptx
 
WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024WebRTC and SIP not just audio and video @ OpenSIPS 2024
WebRTC and SIP not just audio and video @ OpenSIPS 2024
 
Portal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russePortal Kombat : extension du réseau de propagande russe
Portal Kombat : extension du réseau de propagande russe
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!State of the Smart Building Startup Landscape 2024!
State of the Smart Building Startup Landscape 2024!
 
Generative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdfGenerative AI Use Cases and Applications.pdf
Generative AI Use Cases and Applications.pdf
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
Observability Concepts EVERY Developer Should Know (DevOpsDays Seattle)
 
2024 May Patch Tuesday
2024 May Patch Tuesday2024 May Patch Tuesday
2024 May Patch Tuesday
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
Event-Driven Architecture Masterclass: Engineering a Robust, High-performance...
 
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
Event-Driven Architecture Masterclass: Integrating Distributed Data Stores Ac...
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 

20120709 cyber patterns2012

  • 1. Extending AOP Principles for the Description of Network Security Patterns David Llewellyn-Jones, Qi Shi, Madjid Merabti Cyberpatterns 2012, Abingdon, Oxfordshire, UK, 10th July 2012 PROTECT Research Centre for Critical Infrastructure Computer Technology and Protection School of Computing and Mathematical Sciences Liverpool John Moores University, Byrom Street, Liverpool L3 3AF, UK Email: D.Llewellyn-Jones@ljmu.ac.uk Web: http://www.ljmu.ac.uk/cmp/
  • 2. Overview • Aspect Oriented Programming • Security concerns • Specifying network security point-cuts – Requirements – Examples – Language • Application Example • Conclusion
  • 3. • Ensuring Trustworthiness and Security in Service Composition • http://www.aniketos.eu/ • The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant no 257930 (Aniketos)
  • 4. Monitoring; trust and security analysis; recomposition and adaptation
  • 5. Aspect Oriented Programming • Programming or development paradigm • Object Oriented Programming – Encapsulates related data and functionality all in one place – Hierarchical classes • Inheritance • Generalisation • Class attribute – Hard to capture cross-cutting concerns
  • 7. Aspect Oriented Programming • Orthogonal to Object Oriented Programming • Cross-Cutting Concerns – Similar functionality – Multiple places throughout • Example – Data logging
  • 8. Security Concerns • Security – Classic cross-cutting concern – Apply in many places throughout code – Requires consistent approach • Examples – Authorisation – Access control – Data tagging
  • 9. AOP Glossary • Aspect – The feature to be added • Join-Point – Potential • Point-Cut – Actual • Advice – Code to be injected • Aspect weaving – The process of adding advice to code
  • 10. Join-Points • Join-points – Method calls – Initialisation – Get/set • Application – Before – After – Around • Dictates power of AOP technique
  • 11. Join-Point Example <pointcut_definition id="c1"> <time>after</time> <joinpoint_type> <constructorcall> <constructor_signature> <qualified_class_name> <namespace><type_name>*</type_name></namespace> <class><identifier_name>FormCipher</identifier_name></class> </qualified_class_name> </constructor_signature> </constructorcall> </joinpoint_type> </pointcut_definition> <advice_definition idAdvice="DandelionAspectAddClient" idTypeOfInjection="StaticInjection"> <assembly>Gryffindor.Aspect.Dandelion.dll</assembly> <type>Gryffindor.Aspect.Dandelion.DandelionAspect</type> <behaviour>AddEncrypter</behaviour> <priority>1</priority> <pointcut_definitionRef idRef="c1"/> </advice_definition>
  • 12. Reflection • Aspects can be inserted at compile time – Static aspect weaving • Introspection – Allow analysis of code at runtime • Intercession – Allow code to be altered at runtime – Insert new code, redefine language • Allows aspects inserted at runtime – Dynamic aspect weaving
  • 13. Network Security • Ideal, in theory – Apply aspects to services at runtime – Improve security based on dynamic composition and policy • Problematic, in practice – Point-cuts apply to single codebase – Applied universally – Distributed systems need different but related techniques in different places
  • 14. Encryption Aspects Communication Encrypt Decrypt Communication • Often need to apply to multiple systems – Different related aspects – Not naturally covered by existing join-point definition languages • Need language to define this
  • 15. Join-Point Language Requirements 1. Capture sequences of more than two systems 2. Match multiple sets of networked systems 3. Be determinate 4. Based on code and relationship between systems 5. Aspect code related to join-point and existing code
  • 17. End-to-End Security A B B B B A A B B B B A
  • 18. Separation of Duty B A B B A B
  • 19. Patterns • We aim to define a language for defining patterns • Combine with existing in-code join-point definitions • Allow complex relationships between networked systems to be defined • Both global and distributed application
  • 21. Patterns • Single template • Pattern of templates
  • 25. AOP Applied to Security • Client-Server chat application – Cleartext communication • Encryption/Decryption service • Aspects re-route data flow Communication – Different aspects for client and server Miguel García, David Llewellyn-Jones, Francisco Ortin, Madjid Merabti, "Applying dynamic separation of aspects to distributed systems security: a case study", IET Software, Volume 6, Issue 3, pp. 165-282, June 2012.
  • 26. AOP Applied to Security Communication Communication Communication
  • 27. Discussion • Why choose this method? – Flexibility – Aim for all computable sets of networks – Distributed or centralised • Practical application – Definition and aspects still to be combined • Challenges – Difficult to define – Aspects are specialised, not generalised
  • 28. Future Work • Practical – Restatement in XML format – Integrate with join-point definition language – Reason and apply to real code • Theoretical – Measure expressivity of the language – Formalise currently unspecified aspects – Define security patterns
  • 29. Conclusion • Security is a cross-cutting concern • Existing AOP point-cuts are not designed for networked systems • A way of relating aspects to distributed systems is needed for security • Propose initial method for defining point-cut patterns