1 / 18

Agenda

Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research & Technology. Agenda. Security DSML overview Introduction Context and rationale The prototype security DMSL Status and perspective. Security DMSL Overview. Context

myra
Download Presentation

Agenda

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Toward model-based security engineering: developing a security analysis DSMLVéronique Normand, Edith Félix, Thales Research & Technology Security DSL

  2. Agenda • Security DSML overview • Introduction • Context and rationale • The prototype security DMSL • Status and perspective Security DSL

  3. Security DMSL Overview • Context • Critical Information System engineering in an industrial environment • New method to support the security risk analysis • Based upon Model-based engineering techniques •  Security Domain Specific Modelling Language (DMSL) • Security DMSL supports • Analysis and assessment of security risks for a system • Specification of security requirements • Technology Readiness Level • prototype Security DSL

  4. Introduction • Critical system engineering • Involves multiple teams  capture, articulation, trade-off and reconciliation between multiple viewpoints over a system architectural design System security engineering as a viewpoint • Enhancement of traditional security risk analysis • methodologies based on modelling techniques • that will allow leveraging detailed knowledge of the targeted system • in close integration with the mainstream system engineering process, • and developing fine grain analyses of the actual risks at stake. Security DSL

  5. Context and rationale • Criticalsystemssecurity engineering methodology • Stake of risk mitigation • Find the right trade-off between risk coverage and costs • State of the art • Traditional security risk analysis • EBIOS, Mehari, Octave, etc. • based on tables, ie loosing the fine-grained view of the architecture Out of the scope of current Security DSL Within the scope of current Security DSL Security DSL

  6. ADVANTAGES • Toward a close integration of security analysis and system model • Provides a management view • Manages finer grain analyses Enhancing system security methods Governance System definition Security & Risks analysis Securityanalysismodel System design models (several system definition viewpoints) Real world

  7. Objectives of the enhancement • Objective1:To optimize the qualification • of the risks • and the specification of security requirements • and related security costs, • Objective 2: To optimize the quality and the productivity of security engineering • by capitalizing on data from one study to the next, • by proceeding to automatic calculation and consistency checking. • Objective 3:To optimize the quality and the productivity of security engineering • by sharing common models of the system between system design and security analysis • and thus by working on synchronized and consistent models of the system throughout the design process. Security DSL

  8. Overall process and actors of secure system engineering • Beforemodels Security analysis process System engineering process Security analyst System architect Risk analysis Security requirements Systemarchitecture Securitydesign System models Business needs Referencesecuritytypologies System security design process Strategic & business analysis process End user, Customer, Executive Security architect

  9. Overall process and actors of secure system engineering • Target Reference security librairies System engineering process Security analysis process Security analyst System architect Risk analysis and security requirements model System architecture model System security design process Businessneed model Strategic & business analysis process End user, Customer, Executive Security architect

  10. Model-driven architecting environment Business processanalysis & design SoS architectural analysis and design Time performance engineering SoS architecturaltechnical design Management engineering Securityengineering Business motivation models, capability plan & drivers Strategic space Computation independent modelsof the business operational need Business space Technology independent models of the overall solution architecture System space Technology-specific models of the IT integration solution Technical space • Domain Specific Language = a typically small language, designed for a particular domain • higher degree of closeness to specific domain concepts • abstract away from technology / implementation details • complexity encapsulation • domain experts able to understand, validate, develop DSL programs to model their specific domain problems • increase productivity of domain engineers

  11. Security DSL task: interactions & workflow

  12. Security DSL: problematic • GOAL:Rapidly prototype a DSL allowing thesupport offiner grain, moreformal security analysesthat exploitformalized system architecture descriptions.

  13. The risk-related meta-model Security DSL

  14. Linking architecture to risk analysis meta-model Security DSL

  15. Resulting Security DSL Tool

  16. Comparison to existing work • Focus of the research community on • Attack scenarios, vulnerability cause graphs, use and misuse cases, attack trees • Complementary to our work • CORAS • supporting brainstorm sessions between security analysis stakeholders • does not investigate the integration of the security risk analysis process with the system engineering process Security DSL

  17. CURRENT STATUS • a first iteration of work, in the context of a longer-term research work that aims at developing an enhanced model-based method for the security engineering of critical information systems • Proof-of-concept prototype • focus on scoping and capturing a relevant meta-model • rather than on developing high-quality diagrammatic notations and tooling -> ergonomics and usability to be enhanced Security DSL

  18. PERSPECTIVES • Enhancing the security analysis DSML in several areas • refinement of the stakes / needs / damages model for a more precise computation of risk severity • Including automated computation formula and consistency checking rules • Integration of the DSML with our system modelling framework • support to multi-disciplinary engineering • heterogeneous modelling viewpoint integration • Complementing our risk analysis DSML with modelling and tools • for supporting security solutions design and verification, thus extending our scope to fully address our model-based security engineering target Security DSL

More Related