Secure software design with uml
This presentation is the property of its rightful owner.
Sponsored Links
1 / 37

Secure Software Design with UML PowerPoint PPT Presentation


  • 107 Views
  • Uploaded on
  • Presentation posted in: General

Secure Software Design with UML. Secure UML: Requirements System Architecture/Design Test. Acknowledgments. References are provided per page. Most diagrams are original, but ideas are adapted from references. Author: Susan J Lincke, PhD Univ. of Wisconsin-Parkside

Download Presentation

Secure Software Design with UML

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Secure software design with uml

Secure SoftwareDesign with UML

Secure UML:

Requirements

System Architecture/Design

Test


Acknowledgments

Acknowledgments

References are provided per page. Most diagrams are original, but ideas are adapted from references.

Author: Susan J Lincke, PhD

Univ. of Wisconsin-Parkside

Contributors/Reviewers:

Tim Knautz, Janine Spears PhD, David Green PhD, Megan Reid

Funded by National Science Foundation (NSF) Course, Curriculum and Laboratory Improvement (CCLI) grant 0837574: Information Security: Audit, Case Study, and Service Learning.

Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and/or source(s) and do not necessarily reflect the views of the National Science Foundation.


Objectives

Objectives

The student shall be able to:

Define the 5 OCTAVE security requirements process

Draw a misuse case diagram with and without security use cases.


Security assures cia

Security Assures … CIA

Confidentiality: Limits access of authorized users and prevents access to unauthorized users

Integrity: The reliability of information resources and data have not been changed inappropriately

Availability: When something needs to be accessed by the user, it is available


Security vocabulary

Security Vocabulary

Asset: Diamonds

Threat: Theft

Vulnerability: Open door or windows

Threat agent: Burglar

Owner: Those accountable or who value the asset

Risk: Danger to assets


Registration system use case

Registration System Use Case

Register: Clients register to obtain documentation by providing name, email, job function

Provider: Send periodic updates to Clients to indicate changes in materials


Octave security requirements process

OCTAVE Security Requirements Process

Risk: Threat and vulnerability(s) -> negative impact

Identify critical assets

Define security goals

Identify threats

Analyze risks

Define security requirements


Step 1 identify critical assets via business process diagram

Step 1. Identify Critical Assetsvia Business Process Diagram

  • Contact Info: Name, email, job function

  • Materials: Course materials

  • Comments: Feedback, saved & sent as email


Step 2 define security goals

Step 2. Define Security Goals

Impact Rating:

* Low Priority

** Medium Priority

*** High Priority


Step 3 identify threats

Step 3: Identify Threats

What it isSoftware TechniquesAdvanced Security

STRIDE

General

Threats


Step 3 identify threats via misuse case diagram

Step 3. Identify Threatsvia Misuse Case Diagram

Which misuse cases relate to:

Confidentiality?

Integrity?

Availability?

Definitions:

DOS = Denial of Service

misuser

Misuse case


Step 3 cont d expand dos misuse case

Step 3 (cont’d):Expand DOS Misuse Case

Overflow DB: Fill disk with records

Send Continual Requests: (Distributed Denial of Service) No processor remains


Step 3 optional threat tree

Step 3 (optional)Threat Tree


Step 3 cont d lightweight misuse case change valid data

Step 3 cont’d: Lightweight Misuse Case:Change Valid Data


Step 3 cont d mid weight misuse case dos

Step 3 Cont’d: Mid-weight Misuse CaseDOS


Step 3 cont d mid weight misuse case circumvent input

Step 3 Cont’d: Mid-weight Misuse Case:Circumvent Input


Step 4 analyze risks

Step 4: Analyze Risks


Step 5 define security requirements

Step 5: Define Security Requirements

Definitions


Stage 5 define security requirements modify register use case desc

Stage 5: Define Security RequirementsModify Register Use Case Desc.


Stage 5 define security requirements validate registration security use case

Stage 5: Define Security Requirements:Validate Registration Security Use Case


Business process diagram enhancement

Business Process Diagram Enhancement

Loc

Loc

Local

Access

AD

AD

Attack

Detection

Pr

Pr

Privacy


Secure design

Secure UML

Secure Design


Mis sequence diagram

Mis-Sequence Diagram


State diagram

State Diagram

State Diagrams can ensure software:

  • Retains proper order of processing

  • Recognizes out-of-sequence steps

  • Can change behavior based on time or past history


Documenting security packages

Documenting Security Packages

Sanitizer

<<Security Package>> Sanitize Input

<<Risk Factor>> 9

<<Security Descriptor>> Injection Attack Defense

Registration

<<protects>>

CAPTCHA

<<Security Package>>

<<Risk Factor>> 9

<<Security Descriptor>> DOS Defense

<<Security Descriptor>> 3rd Party S/W


Security diagrams security patterns

Security Diagrams:Security Patterns

Authenticator Pattern

Authorization Pattern


Secure test

Secure UML

Secure Test


Testing

Testing

Software Testing = Software works as it should

Penetration Testing = Probes security risks addressing threats to policy


Vulnerability testing

Vulnerability Testing

Buffer Overflow: Can long input affect service?

Script Injection: Can input with scripts execute?

Numeric Overflow: Can a large number become a negative or small number?

Race Condition: Can multiple threads cause errors?

Configuration Issues: Can software be installed improperly, causing abuse?

Programmer Backdoors: Have programmers left hooks providing entry or information?


Vulnerability inspection diagram vid

Vulnerability Inspection Diagram (VID)

  • Activity Diagram used for testing

  • Models procedural instructions

  • Automated testing from Activity Diagram possible


Health first case study

Security Requirements

Jamie Ramon MD

Doctor

Chris Ramon RD

Dietician

Terry

Medical Admin

Pat

Software Consultant

Health First Case Study


Step 1 identify critical assets

Step 1: Identify Critical Assets

All of this information is protected by HIPAA

HIPAA=Health Insurance Portability and Accountability Act

HIPAA protects:

Confidentiality: In transmission, on disk, or any other form.

Integrity: All transactions are logged as to who did them and why. Hashing (sophisticated checksums) are also required.


Step 2 define security goals1

Step 2: Define security goals

Impact Rating:

* Low Priority

** Medium Priority

*** High Priority


Step 2 define security goals2

Step 2: Define security goals

Impact Rating:

* Low Priority

** Medium Priority

*** High Priority


Step 3 identify threats1

Step 3: Identify Threats

Use Case Diagram

Use Cases: Ovals representing the functions that users will need to perform

Medical Admin use cases include:

  • Make appointment

  • Create Patient Record (To make an appointment, a minimal patient record must exist – or be created)

  • Update Patient (for subsequent visits)

  • Determine Health Plan Eligibility: Ask HMO/PPO what the patient is eligible for in coverage – and conditions


Step 3 identify threats2

Step 3: Identify Threats

What it isSoftware TechniquesAdvanced Security

STRIDE

General

Threats


Security requirements process

Security Requirements Process

OCTAVE Security Requirements Process

  • Identify critical assets

  • Define security goals

  • Identify threats

    • Draw Misuse Diagram from Use Case Diagram

  • Analyze risks:

    • Priority = Impact * Likelihood

  • Define security requirements

    • Draw Misuse Diagram with Security Use Cases

    • Define one Misuse Description (Lightweight or Midweight)


  • Login