analyzing security architectures
play

Analyzing Security Architectures Marwan Abi-Antoun Jeffrey M. - PowerPoint PPT Presentation

Sep 28, 2022 •47 likes •467 views

Analyzing Security Architectures Marwan Abi-Antoun Jeffrey M. Barnes Dept. of Computer Science Inst. for Software Research Wayne State University Carnegie Mellon University mabiantoun@wayne.edu jmbarnes@cs.cmu.edu Acknowledgements: David

  1. Analyzing Security Architectures Marwan Abi-Antoun Jeffrey M. Barnes Dept. of Computer Science Inst. for Software Research Wayne State University Carnegie Mellon University mabiantoun@wayne.edu jmbarnes@cs.cmu.edu Acknowledgements: David Garlan, Kirti Garg and Bradley Schmerl at Carnegie Mellon University. Raed Almomani at Wayne State University. 1

  2. Problem background • Engineers use tools like data flow diagrams (DFDs) to analyze security properties of software systems • Often these are constructed from developers’ recollection of how a system works, with little automated support • This architectural representation may fail to capture all communication present in the system ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 2

  3. Architecture conformance • In essence, this is a problem of architecture conformance • Want to reason at an architectural level but relate it to code at the same time Consumer Provider Engine Constraint: Untrusted components Architecture cannot access protected data Constraint: Untrusted components Code cannot access protected data class Consumer { class Provider { class Engine { ... ... ... } } } ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 3

  4. Security architectures as runtime architectures • A security architecture is an example of a runtime architecture • Shows runtime components such as objects and data stores • Shows runtime connectors such as communication links and points-to relations • May have many instances of a single component type • Contrast with static code views such as class diagrams ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 4

  5. The challenge of analyzing security architectures • Tools for analyzing conformance of runtime architectures are immature compared to those for code architectures • A security analysis must consider the worst case , not the typical case, of possible component communication • Demands static analysis • Dynamic analysis can tell us about only a limited number of runs ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 5

  6. Our contribution • An architecture-centric approach, S ECORIA , that enables reasoning at the level of a security runtime architecture , and relating it to code at the same time • Can enforce both code-level and global architectural constraints ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 6

  7. Evaluation • Validated S ECORIA on CryptoDB , a secure database system designed by a security expert • Database architecture that provides cryptographic protections against unauthorized access • Includes 3,000-line sample implementation in Java ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 7

  8. Approach ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 8

  9. Overview of S ECORIA • Specialization of S CHOLIA [Abi-Antoun & Aldrich, OOPSLA’09] , which analyzes conformance between object-oriented code and a hierarchical, target runtime architecture • S ECORIA is an iterative process with two main stages: conformance and enforcement ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 9

  10. Overview of S ECORIA Compare Built Conformance Designed Enriched Enrich Architecture View Architecture Architecture with types, ? properties, & Abstract constraints Object Graph Trace Violations Trace Discrepancies Conformance stage Enforcement stage Extract Ownership Annotations @Domains({"OWNED", … }) class LocalKeyStore { … } Code-Level Annotate Constraints expressed with Code domain links class LocalKeyStore { … } Annotate ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 10

  11. Conformance stage: annotate; extract object graph Compare Built Conformance Designed Enriched Enrich Architecture View Architecture Architecture with types, ? properties, & Abstract constraints Object Graph Trace Violations Trace Discrepancies Extract Ownership Annotations @Domains({"OWNED", … }) class LocalKeyStore { … } Code-Level Annotate Constraints expressed with Code domain links class LocalKeyStore { … } Annotate ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 11

  12. At runtime, an object-oriented system appears as a Runtime Object Graph (ROG) Object relation Object • A node represents a runtime object • An edge represents a points-to relation ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 12

  13. Abstract objects into “components” Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 13

  14. Abstract relations between components Connector Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 14

  15. Organize components into groups/tiers Connector Component Group/Tier Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 15

  16. Make some components part of others Connector Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 16

  17. Make some components part of others Connector Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 17

  18. Make some components part of others Connector Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 18

  19. Make some components part of others Connector Hierarchy Component Object relation Object ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 19

  20. Annotate code and extract object graph • Problem: Architectural hierarchy not readily observable in arbitrary code • To solve this, we use annotations to capture architectural intent • Developer picks top-level entry point • Use annotations to impose an ownership hierarchy on objects • Annotations are minimally invasive, modular, and statically typecheckable ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 20

  21. Ownership domains are groups of objects [Aldrich and Chambers, ECOOP’04] [Krishnaswami and Aldrich, PLDI’05] LocalKey OWNED KEYS keys: key: List<LocalKey> LocalKey object: @Domains({“ OWNED ”, “ KEYS ”}) Object Type class LocalKeyStore { Type Type @Domain(“ OWNED ”) List<LocalKey> keys; @Domain(“ KEYS ”) LocalKey key; Declarations ... are simplified } • Ownership domain = conceptual group of objects • Each object in exactly one domain ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 21

  22. Annotations define two kinds of object hierarchy • A public domain provides logical containment : an object is conceptually “part of” another • Having access to an object also gives access to objects inside its public domains • A private domain provides strict encapsulation • E.g., a public method cannot return an alias to an object in a private domain, even though Java allows returning an alias to a private field ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 22

  23. Examples of object hierarchy keys(+): ArrayList<LocalKey> localKey: kekSpec(+): OWNED LocalKey SecretKeySpec keyStore: LocalKeyStore KEYS • LocalKeyStore has a public domain to hold LocalKey objects • LocalKeyStore stores the ArrayList of LocalKey objects in a private domain ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 23

  24. Conformance stage: Abstract object graph Compare Built Conformance Designed Enriched Enrich Architecture View Architecture Architecture with types, ? properties, & Abstract constraints Object Graph Trace Violations Trace Discrepancies Extract Ownership Annotations @Domains({"OWNED", … }) class LocalKeyStore { … } Code-Level Annotate Constraints expressed with Code domain links class LocalKeyStore { … } Annotate ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 24

  25. Object graph vs. target architecture • Often, object graph not isomorphic to architect’s intended architecture • So abstract and represent in component-and-connector view CryptoDB object graph CryptoDB target architecture keys(+): ArrayList<LocalKey> localKey: kekSpec(+): OWNED LocalKey SecretKeySpec keyStore: LocalKeyStore KEYS ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 25

  26. Represent abstracted object graph as component-and-connector (C&C) view object graph ↔ C&C view CryptoDB top-level object ↔ system KEYMANAGEMENT ↔ component object keyTool ↔ group domain ↔ provide port interface field reference ↔ use port KEYSTORAGE ↔ connector keyStore object relation ↔ representation substructure keyAlias ● Problem ● Approach ● Extract ● Abstract ● Analyze ● Enforce ● Conclusion 26

Recommend

Analyzing Architectures Introduction to Software Architecture Jay Urbain, PhD Credits: Software

Analyzing Architectures Introduction to Software Architecture Jay Urbain, PhD Credits: Software

Analyzing Architectures Introduction to Software Architecture Jay Urbain, PhD Credits: Software Architecture in Practice, 2 nd . Ed., Len Bass, Paul Clements, Rick Kazman 1 ATAM Architecture Tradeoff Analysis Method A thorough and

512 views • 32 slides
Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing the security of network protocols We will now focus on web applications and their vulnerabilities (and attacks) SQL injection Eike Ritter

815 views • 25 slides
Analyzing Resiliency of Smart Grid Communication Architectures under Cyber Attacks Anas Al

Analyzing Resiliency of Smart Grid Communication Architectures under Cyber Attacks Anas Al

Analyzing Resiliency of Smart Grid Communication Architectures under Cyber Attacks Anas Al Majali, Arun Viswanathan and Clifford Neuman USC/Information Sciences Institute 1 Information Sciences Institute Part I Quick Overview 2

761 views • 42 slides
This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert,

This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert,

This PIN Can Be Easily Guessed Analyzing the Security of Smartphone Unlock PINs Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Drmuth, and Adam J. Aviv May 18, 2020 | 41st IEEE Symposium on Security and Privacy Overview ?!

355 views • 18 slides
Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes Dimitrios-Georgios Akestoridis,

Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes Dimitrios-Georgios Akestoridis,

Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes Dimitrios-Georgios Akestoridis, Madhumitha Harishankar, Michael Weber, and Patrick Tague Carnegie Mellon University ACM WiSec 2020 Motivation Smart home network security affects

867 views • 64 slides
Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May

Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May

Analyzing End-Users Knowledge and Feelings Surrounding Smartphone Security and Privacy May 21st 2015 Lydia Kraus*, Tobias Fiebig*, Viktor Miruchna*, Sebastian Mller*, Asaf Shabtai+ * Technische Universitt Berlin + Ben-Gurion University

397 views • 18 slides
Analyzing Wireless Security in Columbia, Missouri Matthew Chittum Clayton Harper John Mixon

Analyzing Wireless Security in Columbia, Missouri Matthew Chittum Clayton Harper John Mixon

Analyzing Wireless Security in Columbia, Missouri Matthew Chittum Clayton Harper John Mixon Johnathan Walton Abstract The current state of wireless security in most areas can be estimated based on trends and collected data, but the complete

665 views • 17 slides
CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang

CompSci 356: Computer Network Architectures Lecture 24: Network Security Xiaowei Yang xwy@cs.duke.edu Overview Why studying network security? The topic itself is worth another class Basic cryptography building blocks

768 views • 49 slides
Security Architectures of Mobile Systems Valtteri Niemi University of Helsinki AMICT2015

Security Architectures of Mobile Systems Valtteri Niemi University of Helsinki AMICT2015

Security Architectures of Mobile Systems Valtteri Niemi University of Helsinki AMICT2015 Petrozavodsk, 13 May 1 Contents Background and scope GSM design decisions a priori and a posteriori decisions security mechanisms

1.23k views • 99 slides
Analyzing embedded software technologies on RISC-V64 using Ghidra driving your security forward

Analyzing embedded software technologies on RISC-V64 using Ghidra driving your security forward

Presented by: Joris Jonkers Both &amp; Patrick Spaans Supervisor: Alexandru Geana Analyzing embedded software technologies on RISC-V64 using Ghidra driving your security forward 1 Introduction RISC-V64 - Like ARM but open source - One

524 views • 37 slides
Security Considerations for Microservice Architectures Daniel Richter, Tim Neumann, and Andreas

Security Considerations for Microservice Architectures Daniel Richter, Tim Neumann, and Andreas

Security Considerations for Microservice Architectures Daniel Richter, Tim Neumann, and Andreas Polze Operating Systems &amp; Middleware Group Hasso Plattner Institute at University of Potsdam, Germany Motivation EPA the legacy system

1.28k views • 30 slides
Security and OWASP Top 10 with Service Oriented Architectures Adnan Masood Sr. System Architect

Security and OWASP Top 10 with Service Oriented Architectures Adnan Masood Sr. System Architect

Practical Web Application Security and OWASP Top 10 with Service Oriented Architectures Adnan Masood Sr. System Architect Green Dot Corporation What this talk is about? 2 This session is an introduction to web application security

839 views • 60 slides
4. Web Security - Measuring and Analyzing Search Engine Poisoning of Linguistic Collisions,

4. Web Security - Measuring and Analyzing Search Engine Poisoning of Linguistic Collisions,

All papers can be found by Google Scholar. For those papers accepted by S&amp;P 2019, you can download them from this website: https://www.ieee- security.org/TC/SP2019/program-papers.html The below papers are published in the top security

290 views • 5 slides
Dissecting QNX Analyzing &amp; Breaking Exploit Mitigations and PRNGs on QNX 6 and 7 Jos Wetzels,

Dissecting QNX Analyzing &amp; Breaking Exploit Mitigations and PRNGs on QNX 6 and 7 Jos Wetzels,

Dissecting QNX Analyzing &amp; Breaking Exploit Mitigations and PRNGs on QNX 6 and 7 Jos Wetzels, Ali Abbasi Who are we? Jos Wetzels Ali Abbasi Independent Security Researcher @ Midnight Blue Ph.D. Candidate @ TU/e (Previously) Security

714 views • 69 slides
A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of

A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of

1 A Security Kernel for Protected Module Architectures Alexandru Madalin Ghenea Master of Engineering: Computer Science Promotor: Prof. Frank Piessens Advisors: Jan Tobias Mhlberg Jo Van Bulck 2 Introduction Growing trend towards

513 views • 27 slides
Challenges of Security Risks in Service-Oriented Architectures Youakim Badr 1 , Frederique

Challenges of Security Risks in Service-Oriented Architectures Youakim Badr 1 , Frederique

UMR 5205 Challenges of Security Risks in Service-Oriented Architectures Youakim Badr 1 , Frederique Biennier 1 , Pascal Bou Nassar 3 , Soumya Banerjee 2 1 LIRIS Lab, INSA-Lyon, France 2 Agence Universitaire de la Francophonie (AUF)

433 views • 21 slides
A visual analytic approach for analyzing SSH honeypots Jop van der Lelie Rory Breuk National

A visual analytic approach for analyzing SSH honeypots Jop van der Lelie Rory Breuk National

A visual analytic approach for analyzing SSH honeypots Jop van der Lelie Rory Breuk National Cyber Security Centre (NCSC-NL) Center for expertise on cyber security and incident response of the Dutch government Preventing ICT and

946 views • 37 slides
Architectures Architectural styles Software architectures Architectures versus middleware

Architectures Architectural styles Software architectures Architectures versus middleware

Architectures Architectures Architectural styles Software architectures Architectures versus middleware Self-management in distributed systems 1 / 26 Architectures Architectural styles Architectural styles Basic idea Organize into

571 views • 33 slides
INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is

INTRODUCTION COMPUTER &amp; NETWORK SECURITY CMSC 414 JAN 25 2018 TODAY What is security? Why is it so hard to achieve? Administrative The security mindset Analyzing a systems security 1. Summarize the system 2.

801 views • 43 slides
Web Authentication: A User-Centered Security R emy Degenne Chair for Network Architectures

Web Authentication: A User-Centered Security R emy Degenne Chair for Network Architectures

Web Authentication: A User-Centered Security R emy Degenne Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen October 10, 2013 R emy Degenne: Web Authentication: A

1.03k views • 15 slides
A Framework for Managing and Analyzing Changes of Security Policies Achim D. Brucker Helmut

A Framework for Managing and Analyzing Changes of Security Policies Achim D. Brucker Helmut

A Framework for Managing and Analyzing Changes of Security Policies Achim D. Brucker Helmut Petritsch { achim.brucker, helmut.petritsch } @sap.com SAP Research Karlsruhe Germany IEEE International Symposium on Policies for Distributed Systems

662 views • 17 slides
Security and Privacy in the Smart Energy Grid Martin Erich Jobst Chair for Network Architectures

Security and Privacy in the Smart Energy Grid Martin Erich Jobst Chair for Network Architectures

Security and Privacy in the Smart Energy Grid Martin Erich Jobst Chair for Network Architectures and Services Department for Computer Science Technische Universit at M unchen July 01, 2013 Martin Erich Jobst: Security and Privacy in the

774 views • 53 slides
Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin

Part I Security Challenges in Automotive Hardware/Software Architecture Design Martin Lukasiewycz TUM CREATE Singapore Outline Motivation (current E/E architectures) Trends (Integrated Architectures / Connected Car) Challenges Overview

496 views • 23 slides
Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures

Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures

Chair for Network Architectures and Services Technische Universit at M unchen Investigating Mobile Messaging Security Elias Hazboun 27/4/2016 Chair for Network Architectures and Services Department of Informatics Technische Universit

519 views • 28 slides

More recommend