presence of evolution
play

Presence of Evolution: Models vs. Code Jan Jrjens TU Dortmund - PowerPoint PPT Presentation

May 29, 2023 •390 likes •683 views

Security Certification in the Presence of Evolution: Models vs. Code Jan Jrjens TU Dortmund & Fraunhofer ISST http://jan.jurjens.de What is Software Evolution ? Software today often long-living (cf. Year-2000-Bug). Continual change

  1. Security Certification in the Presence of Evolution: Models vs. Code Jan Jürjens TU Dortmund & Fraunhofer ISST http://jan.jurjens.de

  2. What is Software Evolution ? Software today often long-living (cf. Year-2000-Bug). Continual change during lifetime. • Changing requirements , changing environment • Bug fixing  Software evolution ! Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 2/29

  3. What is the Challenge about Software Evolution ? After each change: redo software tests ( regression test ). High costs: • E.g. Y2k-problem : Ca. 600 Bill. US$ world-wide.  Often insufficient regression tests : • Explosion of Ariane 5 (1996): Software from Ariane 4 reused in Ariane 5 without sufficient regression tests.  370 Mio US$ damage. Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 3/29

  4. How to solve this Problem? Goal : Integrate quality assurance with evolution : • Reuse QA results as far as possible to reduce costs.  Under which conditions requirements preserved ? • Only re-verify when conditions not fulfilled. • And only systems parts where necessary . • Check at model level before evolution carried out . Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 4/29

  5. Secure Software Evolution • Challenge and Scientific Basis • Secure Software Evolution • General Approach • Preservation Results • Validation Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 5/29

  6. Model-based Security Assurance Security Requirements Evolution Anno- Analyse tate Configuration Data Generate UML Model Static Test Configure Analysis generat. Runtime System Code Execute [Jürjens: Secure systems development with UML. Springer 2005. Chines. Übers. 2009] Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 6/29

  7. Design Techniques / Architecture Principles for Management of Evolution Refinement of specifications Abstract Spec.  Evolution between different refinements. Refinement Applying refactorings … Version 1 Version 2  Carry out evolution in controllable way. Applying design patterns  Reduce complexity of evolution. Architectural principle modularization  Limit impact of change to system parts. Question : when do these preserve security properties ? [Taubenberger, Jürjens, Yu, Nuseibeh. Resolving Vulnerability Identification Errors using Security Requirements on Business Process Models. Journal on Information Management and Computer Security, 2013.] Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 7/29

  8. Evolution vs. Design / Architecture When Properties Preserved ? Refinement: Developed refinement which preserves security. Conditions for preservation of security through … … Refactoring: using Eclipse refactoring scripts … Applying design patterns : „Gang of Four “ patterns … Modularization : Layering of architectural levels • • Component -oriented architectures • Service -oriented architectures Aspect -oriented development • [Felderer, Katt, Kalb, Jürjens et al.: Evolution of Security Engineering Experiments : Relevant in 57% of code base. Artifacts. Int. Journal of Secure Software Engin. (IJSSE), 2014 Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 8/29

  9. Evolution-based Verification • • Initial verification: Register which system parts relevant. Initial verification • Store partial results in model („ proof-carrying models “). • Compute difference: old vs. new model (e.g. with SiDiff [Kelter]). • Compute difference • Only re-verify system parts that • Only re-verify system parts that: 1) relevant in initial verification, 2) changed, such that 3) conditions on preservation of security not fulfilled . Significant speed-up vs. complete re-verification. [Wenzel, Warzecha, Jürjens, Ochoa. Specifying Model Changes with UMLchange to Support Security Verification of Potential Evolution. Journal of Computer Standards & Interfaces, 2014] Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 9/29

  10. Model-Code Traceability at Evolution Goal: Preserve model-code traceability of security properties during evolution . Idea : Reduce evolution to: • Adding / deleting system elements. • Supporting refactoring operations.  Approach for automated model-code traceability based on refactoring scripts in Eclipse. Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 10/29

  11. Security Analysis at Implementation Level Vulnerability in OpenSSL: (CVE-2008-5077, 7.1.2009, http://www.openssl.org/news/vulnerabilities.html ) “Several functions inside OpenSSL incorrectly checked the result after calling the EVP_VerifyFinal function, allowing a malformed signature to be treated as a good signature rather than as an error.” Feb/Mar 2014 : “ goto fail ” -vulnerabilities in SSL @ iPhone, GnuTLS. Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 11/29 11

  12. Security Analysis by Symbolic Execution Compile protocol implementation to symbolic model for security analysis. Example message: C code : Model from symbolic execution : Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 12/29 12

  13. Code-level Security Verification Subject to Evolution Project Csec (with Microsoft Research Cambridge): p Static code analysis against security properties. g Evolution-based model analysis + model-code traceability  evolution-sensitive static code All paths from p security analysis . to q check g. q p [Dupressoir, Gordon, Jürjens, Naumann: Guiding a General-Purpose C Verifier to Prove Cryptographic Protocols. Journal of Computer Security 2014] q g Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 13/29 13

  14. Run-time Verification subject to Evolution Source code not available  run-time monitoring. Relevant approach: Security Automata [F.B. Schneider 2000]. Problem: no evolution , only „ safety “ -properties . 1 Havelund,  New approach, based on runtime verification 1 : Grosu 2002 • Security property in LTL. Runtime verification in a nutshell Property automatic Generate monitors with • generation of evolution-based traceability . System Monitor Property Now also non-safety-properties fulfilled? (using 3-valued LTL-semantics). Actions t Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 14/29

  15. For Monitoring: 3-valued LTL-Semantics [Bauer, Jürjens, Yu: Runtime Security Traceability Goal for monitoring: for Evolving Systems. Computer Journal, 2011] Detect as early as possible that property will be violated. Use 3-valued semantics for this.  Finite automata for minimal prefix of violating state. Also non-safety- 1 0 inconclusive true properties : ... l Boolean combinations true of safety and i j k co-safety false inconclusive Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 15/29

  16. Example Property: Server Finished Server sends message Finished (event “ finished ”) only after Server sends message Finished (event “ finished ”) only after message Finished received from Client and MD5-hash equals message Finished received from Client and MD5-hash equals MD5 at Server side (event “ equal ”). MD5 at Server side (event “ equal ”). Then sends it out. Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 16/29

  17. Application: Java Secure Sockets Extension Several versions of Java security library “Java Secure Sockets Extension (JSSE)” and open -source re-implementation (Jessie). Found several weaknesses (similar “ goto fail” in SSL@iPhone). Works also for large evolutions (re-implementation). Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 17/29

  18. Secure Software Evolution • Challenge and Scientific Basis • Secure Software Evolution • General Approach • Preservation Results • Validation Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 18/29

  19. Security Analysis: Formalization of Model Formalize model execution. For transition t=(source,msg,cond[msg],action[msg],target) and message m , execution formalized as: Exec(t,m) = [ state current =source m=msg cond[m]=true action[m] state current.t(m) =target ]. (where state current current state; state current.t(m) state after executing t on message m ). Example: Transition t 0 : t 0 Exec(t 0 ,m)= [ state current =NoExtraService [money+x>=1000] m=wm(x) money current +x>=1000 money current.t0(m) =money current +x state current.t0(m) =ExtraService ]. [money+x<1000] Jan Jürjens: Secure Evolution: Challenge – Approach – Results – Validation 19/29

Recommend

THE EVOLUTION OF A HUB AND SPOKE TELEMEDICINE PROGRAM INTO A REMOTE PRESENCE HEALTH SYSTEM

THE EVOLUTION OF A HUB AND SPOKE TELEMEDICINE PROGRAM INTO A REMOTE PRESENCE HEALTH SYSTEM

THE EVOLUTION OF A HUB AND SPOKE TELEMEDICINE PROGRAM INTO A REMOTE PRESENCE HEALTH SYSTEM Douglas Romer, RN Executive Director, Patient Care Services Grande Ronde Hospital www.grh.org DISCLOSURES No financial relationship exists with any of

518 views • 28 slides
Legislative Office Building December 12, 2001 Database status &amp; evolution to web presence

Legislative Office Building December 12, 2001 Database status &amp; evolution to web presence

Legislative Office Building December 12, 2001 Database status &amp; evolution to web presence Final reports to districts K12 Preliminary Findings Physical Infrastructure Networking Equipment &amp; Wiring Connections

289 views • 17 slides
On Biased Reservoir Sampling in the Presence of Stream Evolution VLDB Conference, Seoul, South

On Biased Reservoir Sampling in the Presence of Stream Evolution VLDB Conference, Seoul, South

Charu C. Aggarwal T J Watson Research Center IBM Corporation Hawthorne, NY USA On Biased Reservoir Sampling in the Presence of Stream Evolution VLDB Conference, Seoul, South Korea, 2006 Synopsis Construction in Data Streams Synopsis

506 views • 39 slides
NMO in presence of NSI N. R. Khan Chowdhury 1 5th Nov 2019 | N. R. Khan Chowdhury | Group

NMO in presence of NSI N. R. Khan Chowdhury 1 5th Nov 2019 | N. R. Khan Chowdhury | Group

NMO in presence of NSI N. R. Khan Chowdhury 1 5th Nov 2019 | N. R. Khan Chowdhury | Group Meeting | IFIC, Valencia | Non-Standard Interactions (NSI) The Hamiltonian for time evolution of neutrino propagation in presence Non-Standard

489 views • 15 slides
EVOLUTION X3 - 1 - Evolution X3 Marketing Dpt. November 2006 - 2 - EVOLUTION X3 Evolution X3

EVOLUTION X3 - 1 - Evolution X3 Marketing Dpt. November 2006 - 2 - EVOLUTION X3 Evolution X3

Marketing Dpt. November 2006 EVOLUTION X3 - 1 - Evolution X3 Marketing Dpt. November 2006 - 2 - EVOLUTION X3 Evolution X3 Evolution X3 Technical Features: HP Pum p Highly reliable plunger pump with brass head and 3 ceramic pistons for

405 views • 13 slides
Presence What is it? In certain teachings, such as Buddhism, the practice of mindful presence

Presence What is it? In certain teachings, such as Buddhism, the practice of mindful presence

Presence What is it? In certain teachings, such as Buddhism, the practice of mindful presence is the central fact. In Islam remembrance is the qualifier of all activity. In Christianity we must look to the experience of its great mystics

340 views • 5 slides
1 MICROEVOLUTION: change in the properties of populations of organisms over the course of

1 MICROEVOLUTION: change in the properties of populations of organisms over the course of

Introduction to Molecular Evolution (BIOL 3046) Course website: www.biol3046.info What is evolution? Evolution: from Latin evolvere , to unfold broad sense, to change e.g., stellar evolution, cultural evolution,

518 views • 6 slides
soul Possibly non-existent constructs. See also: presence, identity, trust. dragons of eden

soul Possibly non-existent constructs. See also: presence, identity, trust. dragons of eden

soul Possibly non-existent constructs. See also: presence, identity, trust. dragons of eden Carl Sagan and Anne Druyan. Speculations on the Evolution of Human Intelligence. 5:30pm, April 10th, 1901: Duncan Macdougall. .75 ounces: 21 grams

676 views • 30 slides
INDUSTRY GLOBAL COMPANY WESCO MANUFACTURER &amp; VETERANS WITH LOCAL PRESENCE BROADCAST &amp;

INDUSTRY GLOBAL COMPANY WESCO MANUFACTURER &amp; VETERANS WITH LOCAL PRESENCE BROADCAST &amp;

INDUSTRY GLOBAL COMPANY WESCO MANUFACTURER &amp; VETERANS WITH LOCAL PRESENCE BROADCAST &amp; AV LOGISTICS PARTNER INNOVATIVE &amp; SUSTAINABLE BUSINESS SOLUTIONS Evolution of Liberty AV Solutions Liberty has evolved into a full-service

241 views • 12 slides
Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution

Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution

Rehabilitation Consequences of Road Collisions ine Carroll Evolution Evolution Evolution Exoskeleton Endoskeleton Soft and squishy! Lascaux Consequences Pedestrian RTCs Brain Spinal cord injury Common Clinical Patterns Upper Limbs

706 views • 54 slides
Presence Presence Presence When we wake up in the morning we may automatically leave our

Presence Presence Presence When we wake up in the morning we may automatically leave our

The body in question: presence, paradox and the practice of nursing Jan Draper The body in question: presence , paradox and the practice of nursing Jan Draper The body in question: presence, paradox and the practice of

600 views • 19 slides
EVOLUTION Paper 2: 66 marks THEORIES OF EVOLUTION EVOLUTION : Change over Time Compiled by

EVOLUTION Paper 2: 66 marks THEORIES OF EVOLUTION EVOLUTION : Change over Time Compiled by

EVOLUTION Paper 2: 66 marks THEORIES OF EVOLUTION EVOLUTION : Change over Time Compiled by Mr G. D. MABOTE C.O.P. Member in the NORTHERN CAPE PROVINCE A former Lecturer at THE NATIONAL INSTITUTE FOR HIGHER EDUCATION DEFINE EACH OF THESE

467 views • 29 slides
Prestige and Presence since 1905 Prestige and Presence ESCURA is a firm composed by lawyers,

Prestige and Presence since 1905 Prestige and Presence ESCURA is a firm composed by lawyers,

Prestige and Presence since 1905 Prestige and Presence ESCURA is a firm composed by lawyers, economists and social graduates founded in 1905. A service focused on our client's satisfaction, together with high quality ethical standards and

461 views • 15 slides
The Evolution of Subsidies Disciplines in The Evolution of Subsidies Disciplines in GATT and the

The Evolution of Subsidies Disciplines in The Evolution of Subsidies Disciplines in GATT and the

IIBE&amp;L Evolution of Subsidies Disciplines Seminar Washington, DC 15 February 2006 Institute for International Business, Economics &amp; Law The University of Adelaide, Australia The Evolution of Subsidies Disciplines in The Evolution

562 views • 41 slides
Evolution Change over time but what is the process? Evolution: Change through time

Evolution Change over time but what is the process? Evolution: Change through time

Evolution Change over time but what is the process? Evolution: Change through time Unrolling Lamarckian No extinction Evolution by Natural Selection Charles Darwin Alfred Russel Wallace Evolution by Natural

1.11k views • 33 slides
Extinction What is evolution? What is evolution? The change in the genetic makeup of a

Extinction What is evolution? What is evolution? The change in the genetic makeup of a

Origins of Life and Extinction What is evolution? What is evolution? The change in the genetic makeup of a population over time Evolution accounts for the diversity of life on Earth Natural selection is the major driving mechanism

656 views • 37 slides
Extinction What is evolution? What is evolution? The change in the genetic makeup of a

Extinction What is evolution? What is evolution? The change in the genetic makeup of a

Origins of Life and Extinction What is evolution? What is evolution? The change in the genetic makeup of a population over time Evolution accounts for the diversity of life on Earth Natural selection is the major driving mechanism

452 views • 34 slides
Managing Your Online Presence For Tourism Businesses Presented by RTO 9 ONLINE PRESENCE FOR

Managing Your Online Presence For Tourism Businesses Presented by RTO 9 ONLINE PRESENCE FOR

Managing Your Online Presence For Tourism Businesses Presented by RTO 9 ONLINE PRESENCE FOR TOURISM BUSINESSES - RTO 9 BENTOSMB INC. Welcome to this workshop! We have a busy morning, with a lot to cover. Today, we will talk about the

646 views • 41 slides
Galaxy Evolution interstellar matter (ISM) drives galaxy evolution, but SFR evolution driven

Galaxy Evolution interstellar matter (ISM) drives galaxy evolution, but SFR evolution driven

Galaxy Evolution interstellar matter (ISM) drives galaxy evolution, but SFR evolution driven by gas supply ?? starburst vs main sequence ?? need to measure the mass of ISM gas or dust CO / long dust em. w/ ALMA high J CO ??

416 views • 38 slides
Karl Sims and the Digital Evolution (Co-)Evolution of Morphologies and Behavior

Karl Sims and the Digital Evolution (Co-)Evolution of Morphologies and Behavior

Karl Sims and the Digital Evolution (Co-)Evolution of Morphologies and Behavior Aesthetic (Graphics) Complex behavior Natural Morphology CPSC 607 In Class Presentation Russel Ahmed Apu Building Blocks of Evolution

293 views • 4 slides
Chapter: 12 12 HSPA Evolution HSPA Evolution Ruiyuan Tian Department of Electrical and

Chapter: 12 12 HSPA Evolution HSPA Evolution Ruiyuan Tian Department of Electrical and

3G Evolution Chapter: 12 12 HSPA Evolution HSPA Evolution Ruiyuan Tian Department of Electrical and Information Technology p gy 2009-04-02 3G Evolution - HSPA and LTE for Mobile Broadband 1 Outline Introduction Evolved Features

319 views • 28 slides
Technology Evolution Technology Focused Evolution Architectural Changes Impact on

Technology Evolution Technology Focused Evolution Architectural Changes Impact on

Introduction - Products Product Evolution Market Focused Evolution New Features Improvements Technology Evolution Technology Focused Evolution Architectural Changes Impact on Architecture of a Technology

421 views • 11 slides
The Generalized Theories of Evolution Why it is the Theory of Evolution that is Constantly

The Generalized Theories of Evolution Why it is the Theory of Evolution that is Constantly

The Generalized Theories of Evolution Why it is the Theory of Evolution that is Constantly Generalized? Ozan Altan Altinok The Generalized Theories of Evolution Outline - Introduction: Too quick generalizations? r: - Evolution, theories,

336 views • 22 slides
Meta-Evolution Style for Software Architecture Evolution lah Ad Adel Ha Hassan n and Mourad d

Meta-Evolution Style for Software Architecture Evolution lah Ad Adel Ha Hassan n and Mourad d

Meta-Evolution Style for Software Architecture Evolution lah Ad Adel Ha Hassan n and Mourad d Oussalah SOFSEM 2016 1 Harrachov, Czech Republic Outline Motivation Preliminaries Evolution styles Meta-evolution style

554 views • 18 slides

More recommend