Hironori Washizaki, “Security Patterns: Research Direction, Metamodel, Application and Verification”, Keynote, The 2017 International Workshop on Big Data & Information Security (IWBIS), Jakarta, Indonesia , Sep 23-24, 2017.

1. Security Patterns: Research Direction,
Metamodel, Application and Verification
Hironori Washizaki
Waseda University / National Institute of Informatics /
SYSTEM INFORMATION CO., LTD.
Keynote at IWBIS 2017, Jakarta, Sep 24, 2017
In collaboration with many students, researchers and practitioners including
Atsuto Kubo, Yuki Shiroma, Takanori Kobashi, Yurina Ito, Sota Fukumoto,
Misato Yamamoto, Masatoshi Yoshizawa, Tian Xia, Yoshiaki Fukazawa,
Nobukazu Yoshioka, Eduardo B. Fernandez, Haruhiko Kaiya, Takao Okubo,
Atsuo Hazeyama, Takehisa Kato, Shinpei Ogata, Hideyuki Kanuka, Yuki
Kondo, Masayuki Yoshino and Dan Yamamoto

2. • Prof., Director, Global Software
Engineering Laboratory, Waseda University
• Visiting Prof., National Institute of
Informatics
• Director, SYSTEM INFORMATION CO., LTD.
• Vice-Chair, IEEE CS Japan Chapter
• Chair, SEMAT Japan Chapter
• Convenor, ISO/IEC/JTC1/SC7/WG20
• Director, IPSJ SamurAI Coding: AI
Programing Contest
• PC Chair, IEEE ICST’17 Toyo
• PC Chair, IEEE CSEE&T’17 Georgia
• PC Chair, APSEC’18 Nara
• Local Chair, IEEE COMPSAC’18 Tokyo
• Editor-in-Chief, I. J. Agile and Extreme Dev. 2
Hironori Washizaki

3. Agenda
• Security Patterns and Research Directions
• Model-Driven Application
• Model-Driven Verification
• Metamodel for Secure Cloud Development
• Conclusion and Future Perspective
3

4. Security concerns must be addressed at any phase
4
Requirement Design Implementation Test
Security concerns
SecurityTesting
Security Requirement
Patterns
Security Design
Patterns
Security patterns
• Patterns are recurrent problems and solutions under
specific contexts from requirements to maintenance
Maintenance

5. • Name: Role-based access control (RBAC)
• Problem: How do we assign rights to people based on
their functions or tasks?
• Solution: Assign users to roles and give rights to these
roles so they can perform their tasks.
• Related patterns: Authorization, ...
Example of security pattern
application

6. Survey on
security pattern
researches
[PLoP’15]
6
[PLoP’15] Systematic Mapping of Security Patterns Research, Conf. Pattern Languages of Programs Conference
Application
46%
Case
studies
13%Modeling
7%
Detection
7%
Validation
7%
Selection
7%
Others
13%

7. Agenda
• Security Patterns and Research Directions
• Model-Driven Application
• Model-Driven Verification
• Metamodel for Secure Cloud Development
• Conclusion and Future Perspective
7

8. Appropriate
design
Inappropriate
design
What’s the problem?
8
Role-based access control (RBAC) pattern

9. ①Selecting a pattern
9
②Setting parameters
Input model
Helper def : SubjectName :
String = ’hoge’
: :
< ‥ >
< ‥>
</ ‥>
・・・
< ‥ >
< ‥>
</ ‥>
< ‥>
</ ‥>
・・・
UML models
: :
:
Transformation
rules
③Transformation
by ATL
rule SubjectClass {
from s : UML!Class(s.isSbj())
to t : UML!Class(
namespace <- s.namespace,
isAbstract <- false,
...
Parameter
Model-driven security pattern application
[PLoP’10]
[PLoP’10] Model-Driven Security Patterns Application and Validation,” 17th Conference on Pattern Languages of Programs

10. 10
<<AuthenticatorSubject>>
Employee
id
name
Patient
id
name
Right
accessType
checkRight()
Subject
id
name
ProtectionObject
id
name
<<Authenticator.Subject>>
Employee
id
name
Patient
id
name
Authenticator
Proof_of_Identify
Authentication
Information
<<Creates>>
Authenticator
Proof_of_Identify
<<Creates>>
Authorization
Right
accessType
checkRight()
Helper def : ProtObName :
String = ’Patient’
Parameter
Example: application of “Authorization”
<<Authenticator.Subject>>
<<Authorization.Subject>>
Employee
id
name
Authentication
Information
<<ProtOb>>
Patient
id
name
Subject
id
name
ProtectionObject
id
name

11. Agenda
• Security Patterns and Research Directions
• Model-Driven Application
• Model-Driven Verification
• Metamodel for Secure Cloud Development
• Conclusion and Future Perspective
11

12. TESEM: Test Driven Secure Modeling Tool
[ARES’13][ARES’13][IJSSE’14][ICST’15][Information’16]
12
Security
Design
Pattern
Problem
Solution
Context
Test design as
requirement
! create Actor
! create UI :
! create Subject..
Test Script Test case
testing
[ARES’13] Validating Security Design Pattern Applications Using Model Testing, Int’l Conf. Availability, Reliability and Security
[ARES’14] Verification of Implementing Security Design Patterns Using a Test Template, Conf. Availability, Reliability and Security
[IJSSE’14] Validating Security Design Pattern Applications by Testing Design Models, Int’l J. Secure Software Engineering 5(4)
[ICST’15] TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing, IEEE ICST’15 Tools Track
[Information’16] Implementation Support of Security Design Patterns Using Test Templates, Information 7(2)
testing

13. • Security Properties are in testcases
Add test cases
Confirm tests fail
Fix model
Confirm
tests pass
Test-driven secure design
13
Find
vulnerability
Find
vulnerability
Eval. of
mitigation
Eval. of
mitigation

14. Verify whether model with RBAC satisfies security design requirements
Add test cases
Verify whether
model satisfies
security design
requirement
14

15. Model does not satisfy security design requirements.
TESEM detected incorrect applications of design patterns
Confirm tests fail
15

16. Fix model and confirm tests pass
16
Fix design model until the tests successfully pass.
Correct designIncorrect design
Refactoring

17. Agenda
• Security Patterns and Research Directions
• Model-Driven Application
• Model-Driven Verification
• Metamodel for Secure Cloud Development
• Conclusion and Future Perspective
17

18. Challenges in cloud security and privacy (S&P)
18
Software
Application
Platform
Infrastructure
User Authorization
Secure Config.
OS Hardening
Electronic Access
Control system
Cloud
services
Ex.) User
Authentication
Patterns Guidelines
Practices
•How to consistently utilize
diverse S&P knowledge?
 Metamodel
•How to consider S&P
over different layers?
 Layered metamodel

19. Cloud Security and Privacy Metamodel (CSPM)
[Future Internet’16][SERVICES’16]
19
Problem Bridge Solution
SaaS (Application) PaaS (Platform) IaaS (Infrastructure)
Target
[Future Internet’16] Modeling and Security in Cloud Ecosystems, Future Internet, 8(13)
[SERVICES’16] Metamodel for Security and Privacy Knowledge in Cloud Services, 12th IEEE World Congress on Services

20. Modeling vulnerability and security pattern
Validator for data-
injection vulnerability
such as XSS
Common Vulnerabilities and Exposures: CVE-2012-4394 Cross-site
scripting (XSS) vulnerability in apps/files/js/filelist.js in own Cloud
before 4.0.5 allows remote attackers to inject arbitrary web script or
HTML via the file parameter.

21. Security and privacy development process
21

22. Security requirements analysis
• Threats and vulnerability analysis based
on STRIDE
• Consider corresponding security patterns
(e.g., Authentication and Authorization)
Elevation of privilege
Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Problem Pattern SolutionExampleGoal Anti-goal

23. 23
Check other player dataAuthentication
Authorization

24. Agenda
• Security Patterns and Research Directions
• Model-Driven Application
• Model-Driven Verification
• Metamodel for Secure Cloud Development
• Conclusion and Future Perspective
24

25. Conclusion and future prospects
• Targeting authentication
and authorization
• Many researches using
UML, but independent
• Often simple case
studies
• Targeting existing
patterns only
• Limited education for
secure development
methods in IoT era 25
• Address various security
patterns
• Integration based on
common metamodel
• Complex case studies
with measurements
• New vulnerabilities and
patterns
• IoT and security
education program
Current Future

26. Vulnerability/count
ermeasure DB
Metamodel
Knowledge base
(2) Decomposition,
organization
クラウドクラウド
DistributionDistribution
CloudCloud
Software system
development
(3) Integrated application
and verification(1) Publishing
E.g., CVE
New attack
Security and privacy ecosystem for Cloud/IoT
PI: Prof. Hironori Washizaki (‘15-’18)

27. Japanese MEXT Professional Education
Program enPiT-Pro: Smart SE (‘17-’22)
• PI: Prof. Hironori Washizaki
• 14+ universities incl. Osaka U. and Kyushu U.
• 16+ collaborators
27
Cloud
Sensors, IoT
Artificial
Intelligence
BigData
generation
knowledge
extraction
evolution
Network
Cyber physical systemsInfo. processing
Application
Busines
value
creation
Security &
privacy

28. SamurAI Coding
IPSJ 6th International AI
Programing Contest
World Final
March 14 2018 Tokyo
http://samuraicoding.info
APSEC 2018
25th Asia-Pacific Software
Engineering Conference
Nara
Dec 4-7 (due: June)
PC Chair: H. Washizaki
Int. Journal of Agile and
Extreme Software
Development
(IJAESD)
Editor-in-Chief: H. Washizaki
COMPSAC 2018
42nd IEEE Computer Society Int’l Conf.
Computers, Software & Applications
Tokyo
July 23-27 (due: Jan 15)

29. 29
Terima kasih 감사 합니다 धन्यवाद 有難う Thank you!