Hironori Washizaki, “Security Patterns: Research Direction, Metamodel, Application and Verification”, Keynote, The 2017 International Workshop on Big Data & Information Security (IWBIS), Jakarta, Indonesia , Sep 23-24, 2017.
Security Patterns: Research Direction, Metamodel, Application and Verification
1. Security Patterns: Research Direction,
Metamodel, Application and Verification
Hironori Washizaki
Waseda University / National Institute of Informatics /
SYSTEM INFORMATION CO., LTD.
Keynote at IWBIS 2017, Jakarta, Sep 24, 2017
In collaboration with many students, researchers and practitioners including
Atsuto Kubo, Yuki Shiroma, Takanori Kobashi, Yurina Ito, Sota Fukumoto,
Misato Yamamoto, Masatoshi Yoshizawa, Tian Xia, Yoshiaki Fukazawa,
Nobukazu Yoshioka, Eduardo B. Fernandez, Haruhiko Kaiya, Takao Okubo,
Atsuo Hazeyama, Takehisa Kato, Shinpei Ogata, Hideyuki Kanuka, Yuki
Kondo, Masayuki Yoshino and Dan Yamamoto
2. • Prof., Director, Global Software
Engineering Laboratory, Waseda University
• Visiting Prof., National Institute of
Informatics
• Director, SYSTEM INFORMATION CO., LTD.
• Vice-Chair, IEEE CS Japan Chapter
• Chair, SEMAT Japan Chapter
• Convenor, ISO/IEC/JTC1/SC7/WG20
• Director, IPSJ SamurAI Coding: AI
Programing Contest
• PC Chair, IEEE ICST’17 Toyo
• PC Chair, IEEE CSEE&T’17 Georgia
• PC Chair, APSEC’18 Nara
• Local Chair, IEEE COMPSAC’18 Tokyo
• Editor-in-Chief, I. J. Agile and Extreme Dev. 2
Hironori Washizaki
3. Agenda
• Security Patterns and Research Directions
• Model-Driven Application
• Model-Driven Verification
• Metamodel for Secure Cloud Development
• Conclusion and Future Perspective
3
4. Security concerns must be addressed at any phase
4
Requirement Design Implementation Test
Security concerns
SecurityTesting
Security Requirement
Patterns
Security Design
Patterns
Security patterns
• Patterns are recurrent problems and solutions under
specific contexts from requirements to maintenance
Maintenance
5. • Name: Role-based access control (RBAC)
• Problem: How do we assign rights to people based on
their functions or tasks?
• Solution: Assign users to roles and give rights to these
roles so they can perform their tasks.
• Related patterns: Authorization, ...
Example of security pattern
application
6. Survey on
security pattern
researches
[PLoP’15]
6
[PLoP’15] Systematic Mapping of Security Patterns Research, Conf. Pattern Languages of Programs Conference
Application
46%
Case
studies
13%Modeling
7%
Detection
7%
Validation
7%
Selection
7%
Others
13%
7. Agenda
• Security Patterns and Research Directions
• Model-Driven Application
• Model-Driven Verification
• Metamodel for Secure Cloud Development
• Conclusion and Future Perspective
7
11. Agenda
• Security Patterns and Research Directions
• Model-Driven Application
• Model-Driven Verification
• Metamodel for Secure Cloud Development
• Conclusion and Future Perspective
11
12. TESEM: Test Driven Secure Modeling Tool
[ARES’13][ARES’13][IJSSE’14][ICST’15][Information’16]
12
Security
Design
Pattern
Problem
Solution
Context
Test design as
requirement
! create Actor
! create UI :
! create Subject..
Test Script Test case
testing
[ARES’13] Validating Security Design Pattern Applications Using Model Testing, Int’l Conf. Availability, Reliability and Security
[ARES’14] Verification of Implementing Security Design Patterns Using a Test Template, Conf. Availability, Reliability and Security
[IJSSE’14] Validating Security Design Pattern Applications by Testing Design Models, Int’l J. Secure Software Engineering 5(4)
[ICST’15] TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing, IEEE ICST’15 Tools Track
[Information’16] Implementation Support of Security Design Patterns Using Test Templates, Information 7(2)
testing
13. • Security Properties are in testcases
Add test cases
Confirm tests fail
Fix model
Confirm
tests pass
Test-driven secure design
13
Find
vulnerability
Find
vulnerability
Eval. of
mitigation
Eval. of
mitigation
14. Verify whether model with RBAC satisfies security design requirements
Add test cases
Verify whether
model satisfies
security design
requirement
14
15. Model does not satisfy security design requirements.
TESEM detected incorrect applications of design patterns
Confirm tests fail
15
16. Fix model and confirm tests pass
16
Fix design model until the tests successfully pass.
Correct designIncorrect design
Refactoring
17. Agenda
• Security Patterns and Research Directions
• Model-Driven Application
• Model-Driven Verification
• Metamodel for Secure Cloud Development
• Conclusion and Future Perspective
17
18. Challenges in cloud security and privacy (S&P)
18
Software
Application
Platform
Infrastructure
User Authorization
Secure Config.
OS Hardening
Electronic Access
Control system
Cloud
services
Ex.) User
Authentication
Patterns Guidelines
Practices
•How to consistently utilize
diverse S&P knowledge?
Metamodel
•How to consider S&P
over different layers?
Layered metamodel
19. Cloud Security and Privacy Metamodel (CSPM)
[Future Internet’16][SERVICES’16]
19
Problem Bridge Solution
SaaS (Application) PaaS (Platform) IaaS (Infrastructure)
Target
[Future Internet’16] Modeling and Security in Cloud Ecosystems, Future Internet, 8(13)
[SERVICES’16] Metamodel for Security and Privacy Knowledge in Cloud Services, 12th IEEE World Congress on Services
20. Modeling vulnerability and security pattern
Validator for data-
injection vulnerability
such as XSS
Common Vulnerabilities and Exposures: CVE-2012-4394 Cross-site
scripting (XSS) vulnerability in apps/files/js/filelist.js in own Cloud
before 4.0.5 allows remote attackers to inject arbitrary web script or
HTML via the file parameter.
22. Security requirements analysis
• Threats and vulnerability analysis based
on STRIDE
• Consider corresponding security patterns
(e.g., Authentication and Authorization)
Elevation of privilege
Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Problem Pattern SolutionExampleGoal Anti-goal
24. Agenda
• Security Patterns and Research Directions
• Model-Driven Application
• Model-Driven Verification
• Metamodel for Secure Cloud Development
• Conclusion and Future Perspective
24
25. Conclusion and future prospects
• Targeting authentication
and authorization
• Many researches using
UML, but independent
• Often simple case
studies
• Targeting existing
patterns only
• Limited education for
secure development
methods in IoT era 25
• Address various security
patterns
• Integration based on
common metamodel
• Complex case studies
with measurements
• New vulnerabilities and
patterns
• IoT and security
education program
Current Future
26. Vulnerability/count
ermeasure DB
Metamodel
Knowledge base
(2) Decomposition,
organization
クラウドクラウド
DistributionDistribution
CloudCloud
Software system
development
(3) Integrated application
and verification(1) Publishing
E.g., CVE
New attack
Security and privacy ecosystem for Cloud/IoT
PI: Prof. Hironori Washizaki (‘15-’18)
27. Japanese MEXT Professional Education
Program enPiT-Pro: Smart SE (‘17-’22)
• PI: Prof. Hironori Washizaki
• 14+ universities incl. Osaka U. and Kyushu U.
• 16+ collaborators
27
Cloud
Sensors, IoT
Artificial
Intelligence
BigData
generation
knowledge
extraction
evolution
Network
Cyber physical systemsInfo. processing
Application
Busines
value
creation
Security &
privacy
28. SamurAI Coding
IPSJ 6th International AI
Programing Contest
World Final
March 14 2018 Tokyo
http://samuraicoding.info
APSEC 2018
25th Asia-Pacific Software
Engineering Conference
Nara
Dec 4-7 (due: June)
PC Chair: H. Washizaki
Int. Journal of Agile and
Extreme Software
Development
(IJAESD)
Editor-in-Chief: H. Washizaki
COMPSAC 2018
42nd IEEE Computer Society Int’l Conf.
Computers, Software & Applications
Tokyo
July 23-27 (due: Jan 15)