2009 – e. félix security dsl toward model-based security engineering: developing a security...
TRANSCRIPT
200 9
– E
. Fél
ix
Security DSL
Toward model-based security engineering: developing a security analysis DSMLVéronique Normand, Edith Félix, Thales Research & Technology
2
200 9
- E
.Fé l
ix
Security DSL
Agenda
Security DSML overview
Introduction
Context and rationale
The prototype security DMSL
Status and perspective
3
200 9
- E
.Fé l
ix
Security DSL
Security DMSL Overview
Context Critical Information System engineering in an industrial environment
New method to support the security risk analysis
Based upon Model-based engineering techniques Security Domain Specific Modelling Language (DMSL)
Security DMSL supports Analysis and assessment of security risks for a system Specification of security requirements
Technology Readiness Level prototype
4
200 9
- E
.Fé l
ix
Security DSL
Introduction
Critical system engineering Involves multiple teams
capture, articulation, trade-off and reconciliation between multiple viewpoints over a system architectural design
System security engineering as a viewpoint
Enhancement of traditional security risk analysis methodologies based on modelling techniques that will allow leveraging detailed knowledge of the targeted system
in close integration with the mainstream system engineering process,
and developing fine grain analyses of the actual risks at stake.
5
200 9
- E
.Fé l
ix
Security DSL
Context and rationale
Stake of risk mitigation Find the right trade-off between risk coverage and costs
State of the art Traditional security risk analysis
EBIOS, Mehari, Octave, etc. based on tables, ie loosing the fine-grained view of the architecture
Critical systems security engineering methodology
Within the scope of current Security DSL Out of the scope of current Security DSL
6
200 9
- E
.Fé l
ix
Enhancing system security methods
System design models
Securityanalysismodel
Real world
System definition Security & Risks analysis
(several system definition viewpoints)
ADVANTAGES• Toward a close
integration of security analysis
and system model• Provides a
management view• Manages finer grain
analyses
Governance
7
200 9
- E
.Fé l
ix
Security DSL
Objectives of the enhancementObjective1: To optimize the qualification
of the risks
and the specification of security requirements
and related security costs,
Objective 2: To optimize the quality and the productivity of security engineering
by capitalizing on data from one study to the next,
by proceeding to automatic calculation and consistency checking.
Objective 3: To optimize the quality and the productivity of security engineering
by sharing common models of the system between system design and security analysis
and thus by working on synchronized and consistent models of the system throughout the design process.
8
200 9
- E
.Fé l
ix
Overall process and actors of secure system engineering
System engineering
process
Security analysis process
System security design
process
System architect
Security architect
Security analyst
Strategic & business analysis process
End user, Customer, Executive
Risk analysis
Security requirements
Business needs
Securitydesign
Systemarchitecture
Referencesecurity
typologies
System models
Before models
9
200 9
- E
.Fé l
ix
System engineering
process
Security analysis process
System security design
process
System architect
Security architect
Security analyst
Reference securitylibrairies
Strategic & business analysis process
End user, Customer, Executive
System architecture model
Risk analysis and security requirements
model
Businessneed model
Target
Overall process and actors of secure system engineering
10
200 9
- E
.Fé l
ix
Model-driven architecting environment
Technical space
System space
Business space
SoS architectural analysis and design
Business processanalysis & design
SoS architecturaltechnical design
Strategic space
Time performance engineering
Management engineering
Securityengineering
Computation independent modelsof the business operational need
Technology independent models of the overall solution architecture
Technology-specific models of the IT integration solution
Business motivation models, capability plan & drivers
Domain Specific Language = a typically small language, designed for a particular domain
higher degree of closeness to specific domain concepts
abstract away from technology / implementation details
complexity encapsulation
domain experts able to understand, validate, develop DSL programs to model their specific domain problems
increase productivity of domain engineers
11
200 9
- E
.Fé l
ix
Security DSL task: interactions & workflow
12
200 9
- E
.Fé l
ix
Security DSL: problematic
GOAL: Rapidly prototype a DSL allowing the support of finer grain, more formal security analyses that exploit formalized system architecture descriptions.
13
200 9
- E
.Fé l
ix
Security DSL
The risk-related meta-model
14
200 9
- E
.Fé l
ix
Security DSL
Linking architecture to risk analysis meta-model
15
200 9
- E
.Fé l
ix
Resulting Security DSL Tool
16
200 9
- E
.Fé l
ix
Security DSL
Comparison to existing work
Focus of the research community on Attack scenarios, vulnerability cause graphs, use and misuse cases, attack
trees Complementary to our work
CORAS supporting brainstorm sessions between security analysis stakeholders does not investigate the integration of the security risk analysis process
with the system engineering process
17
200 9
- E
.Fé l
ix
Security DSL
CURRENT STATUS
a first iteration of work, in the context of a longer-term research work that aims at developing an enhanced model-based method for the security engineering of critical information systems
Proof-of-concept prototype focus on scoping and capturing a relevant meta-model rather than on developing high-quality diagrammatic notations and tooling -
> ergonomics and usability to be enhanced
18
200 9
- E
.Fé l
ix
Security DSL
PERSPECTIVES Enhancing the security analysis DSML in several areas
refinement of the stakes / needs / damages model for a more precise computation of risk severity
Including automated computation formula and consistency checking rules
Integration of the DSML with our system modelling framework support to multi-disciplinary engineering heterogeneous modelling viewpoint integration
Complementing our risk analysis DSML with modelling and tools for supporting security solutions design and verification, thus extending our scope to fully
address our model-based security engineering target