Analyzing security architectures

We present a semi-automated approach, SECORIA, for analyzing a security runtime architecture for security and for conformance to an object-oriented implementation. Type-checkable annotations describe architectural intent within the code, enabling a static analysis to extract a hierarchical object graph that soundly reflects all runtime objects and runtime relations between them. In addition, the annotations can describe modular, code-level policies. A separate analysis establishes traceability between the extracted object graph and a target architecture documented in an architecture description language. Finally, architectural types, properties, and logic predicates describe global constraints on the target architecture, which will also hold in the implementation. We validate the SECORIA approach by analyzing a 3,000-line pedagogical Java implementation and a runtime architecture designed by a security expert.

[1]  Jens Knodel,et al.  A Comparison of Static Architecture Compliance Checking Approaches , 2007, 2007 Working IEEE/IFIP Conference on Software Architecture (WICSA'07).

[2]  Peter Torr,et al.  Demystifying the threat modeling process , 2005, IEEE Security & Privacy Magazine.

[3]  Eddie Kohler,et al.  Information flow control for standard OS abstractions , 2007, SOSP.

[4]  Yi Deng,et al.  An Approach for Modeling and Analysis of Security System Architectures , 2003, IEEE Trans. Knowl. Data Eng..

[5]  Douglas Samuel Kirk,et al.  Identifying and addressing problems in object-oriented framework reuse , 2007, Empirical Software Engineering.

[6]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[7]  Zhe Yang,et al.  Modular checking for buffer overflows in the large , 2006, ICSE.

[8]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[9]  P. Tonella Reverse engineering of object oriented code , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[10]  David C. Luckham,et al.  An Event-Based Architecture Definition Language , 1995, IEEE Trans. Software Eng..

[11]  Paolo Tonella,et al.  Reverse Engineering of Object Oriented Code (Monographs in Computer Science) , 2004 .

[12]  Roy H. Campbell,et al.  Monitoring compliance of a software system with its high-level design models , 1996, Proceedings of IEEE 18th International Conference on Software Engineering.

[13]  Kevin Kenan Cryptography in the Database: The Last Line of Defense , 2005 .

[14]  Robert T. Monroe Capturing Software Architecture Design Expertise with Armani , 2000 .

[15]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[16]  Hong Yan,et al.  Discovering Architectures from Running Systems , 2006, IEEE Transactions on Software Engineering.

[17]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[18]  David Garlan,et al.  Acme: architectural description of component-based systems , 2000 .

[19]  Silas Boyd-Wickizer,et al.  Securing Distributed Systems with Information Flow Control , 2008, NSDI.

[20]  H. James Hoover,et al.  Using SCL to specify and check design intent in source code , 2006, IEEE Transactions on Software Engineering.

[21]  Barbara G. Ryder,et al.  Parameterized object sensitivity for points-to analysis for Java , 2005, TSEM.

[22]  David Notkin,et al.  Software Reflexion Models: Bridging the Gap between Design and Implementation , 2001, IEEE Trans. Software Eng..

[23]  Alexander S. Yeh,et al.  Reverse Engineering to the Architectural Level , 1995, 1995 17th International Conference on Software Engineering.

[24]  Li Gong,et al.  Secure software architectures , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[25]  Daniel Jackson,et al.  Lightweight extraction of object models from bytecode , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[26]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[27]  Stéphane Ducasse,et al.  Software Architecture Reconstruction: A Process-Oriented Taxonomy , 2009, IEEE Transactions on Software Engineering.

[28]  Marwan Abi-Antoun,et al.  Enforcing Conformance between Security Architecture and Implementation , 2009 .

[29]  Marwan Abi-Antoun,et al.  Static extraction and conformance analysis of hierarchical runtime architectural structure using annotations , 2009, OOPSLA '09.

[30]  Edith Schonberg,et al.  Making Sense of Large Heaps , 2009, ECOOP.

[31]  Marwan Abi-Antoun,et al.  Checking threat modeling data flow diagrams for implementation conformance and security , 2007, ASE.

[32]  Craig Chambers,et al.  Ownership Domains: Separating Aliasing Policy from Mechanism , 2004, ECOOP.

[33]  David Garlan,et al.  Documenting software architectures: views and beyond , 2002, 25th International Conference on Software Engineering, 2003. Proceedings..

[34]  Steve Lipner,et al.  Security development lifecycle , 2010, Datenschutz und Datensicherheit - DuD.

[35]  Mark Handley,et al.  Wedge: Splitting Applications into Reduced-Privilege Compartments , 2008, NSDI.