A Model for Provably Secure Software Design

Both academia and industry advocate the security by design principle to stress the importance of dealing with security from the earliest stages in software development. Nevertheless, designers often have to resort to their own knowledge and experience to pro-actively identify and mitigate potential security problems. Moreover, research shows that correctly applying security solutions is a much more significant challenge for designers, rather than finding an adequate solution. Therefore, there is a need for techniques that ensure a correct application of a security design solution. The contribution of this paper is a model in which the security-relevant aspects of a design can be precisely expressed in an integrated manner, enabling thorough reasoningabout these aspects. We illustrate this model with a sizeable model of a banking system and show how the precise semantics of this model enables the tool-supported construction of proofs about the correctness of the applied design solutions. Our proposal thus enables designers to obtain stronger guarantees, ensuring the correctness of their solutions. The presented model can serve as the foundation for security by design, in time enabling automated security verification throughout the software development cycle.

[1]  Wouter Joosen,et al.  Do Security Patterns Really Help Designers? , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[2]  Kuldeep Kumar,et al.  Informal and Formal Requirements Specification Languages: Bridging the Gap , 1991, IEEE Trans. Software Eng..

[3]  Jacques Klein,et al.  A Systematic Review of Model-Driven Security , 2013, 2013 20th Asia-Pacific Software Engineering Conference (APSEC).

[4]  Dianxiang Xu,et al.  Threat-driven modeling and verification of secure software using aspect-oriented Petri nets , 2006, IEEE Transactions on Software Engineering.

[5]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[6]  Wouter Joosen,et al.  Design notations for secure software: a systematic literature review , 2017, Software & Systems Modeling.

[7]  Valentin Goranko,et al.  Logic in Computer Science: Modelling and Reasoning About Systems , 2007, J. Log. Lang. Inf..

[8]  Peter Gorm Larsen,et al.  A Formal Semantics of Data Flow Diagrams , 1994, Formal Aspects of Computing.

[9]  Wouter Joosen,et al.  Reusable Formal Models for Secure Software Architectures , 2012, 2012 Joint Working IEEE/IFIP Conference on Software Architecture and European Conference on Software Architecture.

[10]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[11]  David A. Basin,et al.  Automated analysis of security-design models , 2009, Inf. Softw. Technol..

[12]  Carsten Rudolph,et al.  On a formal framework for security properties , 2005, Comput. Stand. Interfaces.

[13]  Albert L. Baker,et al.  Formal semantics for SA style data flow diagram specification languages , 1999, SAC '99.

[14]  Bruno Blanchet,et al.  Security Protocol Verification: Symbolic and Computational Models , 2012, POST.

[15]  Tom DeMarco,et al.  Structured Analysis and System Specification , 1978 .

[16]  A. W. Roscoe Understanding Concurrent Systems , 2010, Texts in Computer Science.

[17]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[18]  Manachai Toahchoodee,et al.  An aspect-oriented methodology for designing secure applications , 2009, Inf. Softw. Technol..

[19]  Adam Shostack,et al.  Threat Modeling: Designing for Security , 2014 .

[20]  Eduardo B. Fernández,et al.  Engineering Security into Distributed Systems: A Survey of Methodologies , 2012, J. Univers. Comput. Sci..

[21]  D.,et al.  The Semantics of Data Flow DiagramsP , 1993 .

[22]  Gail-Joon Ahn,et al.  Constructing Authorization Systems Using Assurance Management Framework , 2010, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[23]  Robert B. France,et al.  Semantically Extended Data Flow Diagrams: A Formal Specification Tool , 1992, IEEE Trans. Software Eng..

[24]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[25]  Eduardo B. Fernandez,et al.  Security patterns in practice : designing secure architectures using software patterns , 2013 .