MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

HQ Yu,XD He,Y Deng,L Mo

DOI: https://doi.org/10.1109/hase.2004.1281766

2004-01-01

Abstract:Software architecture plays a central role in developing software systems that provide basic functionality and satisfy critical properties such as reliability and security. However, little has been done to formally model software architectures and to systematically enforce required properties. We aim to propose a formal approach to designing secure software architectures. We use the software architecture model (SAM), a general software architecture model combining Petri nets and temporal logic, as the underlying formalism. Architecture design consists of the functionality part and the security part. Guidelines are proposed to design functionality of software architectures at both element level and composition level. Software security is enforced by stepwise refinement.

Huiqun Yu,Xudong He,Shu Gao,Yi Deng

2003-01-01

Abstract:This paper proposes a formal software architecture design method for distributed systems. The underlying formalism is the Software Architecture Model (SAM), a general software architecture model combining Petri nets and temporal logic. We present a two-tier structure for architectural modeling. The upper level models the workflow of a distributed system. Each place at the upper level is a super-place that corresponds to a lower level Petri net. An initial distributed architecture can be directly derived from the upper level model. Security of the architecture is checked using the dependence relation of the model. Security policies are enforced by systematically reconstructing the initial architecture. A Travel Planner is used as the example to demonstrate our approach to secure software architecture design of distributed systems.

Lirong Dai,Kendra Cooper

2007-01-01

Abstract:There has been a growing interest in investigating methodologies to support the development of secure sys- tems in the software engineering research community. Re- cently, much attention has been focused on the modelling and analysis of security properties for systems at the soft- ware architecture design level. The potential benefits of this architecture level work are substantial: security flaws can be detected and removed earlier in the software de- velopment life-cycle. This reduces development time, re- duces development cost, and improves the quality of the resulting system. As a result of this attention, a wide variety of approaches have been proposed in the literature. At this point, a sur- vey for researchers involved in the problem of systemat- ically modelling and analyzing software architecture de- sign that have security properties would be of value to the community. This paper presents such a survey; it includes a discussion of semi-formal, formal, integrated semi-formal and formal, and aspect-oriented approaches. Comparison criteria are defined including: the kinds of notations used to model the security properties (e.g., Petri nets, temporal logic, etc.), whether the approach supports the manual or automated analysis of security properties, the specific security property modelled (e.g., authenti- cation, role-based access control, etc.), and the kind of example system that has been used to illustrate the ap- proach (information, distributed, etc.).

Lin Liu,Eric Yu,John Mylopoulos

DOI: https://doi.org/10.1109/compsac.2006.159

2006-01-01

Abstract:Design for security is extremely complicated due to the unique nature of the issue. It requires a thorough understanding about the social setting of the security system. To obtain such understanding, sensible steps to take include identifying the players involved in the system, recognizing their personal preferences, agenda and power in relation to other players, identifying the assets being protected, the vulnerable points at which the systems may fail when attacked. Equally important is to taking rationale steps to predict most likely attackers, knowing their possible motivations, and capabilities enabled by latest the technologies and resource occupations. Only based on integrated analysis on both sides, rationale, informative and efficient tradeoffs on security can be made. Unfortunately, current system development practices treat design decisions on security in an adhoc way, often as an afterthought. This paper proposes to use social modeling concepts to analyze the business and organizational context of systems with regard to security. The main concepts used are actor, role, agent and goal, task, and resource dependencies between actors. The approach encompasses several analysis steps on the functional and non-functional requirements in relevance to security, thus integrating security into the system design process from the outset.

Huiqun Yu,Xudong He,Yi Deng,Lian Mo

2004-01-01

Abstract:Software architecture plays a central role in developing software systems that satisfy functionality and security requirements. However, little has been done to integrate system design with security enforcement, which would otherwise benefits both development process and system’s quality of service (QoS). This paper proposes a formal method to integrate security administration into software architecture design. We use the Software Architecture Model (SAM), a general software architecture model combining Petri nets and temporal logic, as the underlying formalism. Several techniques for designing functionalit y of software architectures are presented. Security modelin g and administration methods are proposed. As such, SAM serves as a common platform for modeling, design and analysis of secure software architectures.

Nacha Chondamrongkul,Jing Sun,Ian Warren

DOI: https://doi.org/10.1016/j.scico.2021.102631

IF: 1.039

2021-01-01

Science of Computer Programming

Abstract:Analysing security in the architecture design of modern software systems is a challenging task. Emerging technologies utilised in building software systems may pose security threats, so software engineers need to consider both the structure and behaviour of architectural styles that employ these supporting technologies. This paper presents an automated approach to security analysis that helps to identify security characteristics at the architectural level. Key techniques used by our approach include the use of metrics, vulnerability identification and attack scenarios. Our modelling is expressive in defining architectural styles and security characteristics. Our analysis approach gives insightful results that allow software engineers to trace through the design to find parts of the system that may be impacted by attacks. We have developed an analysis tool that allows user to seamlessly model the software architecture design and analyse security. The evaluation has been conducted to assess the accuracy and performance of our approach. The results show that our analysis approach performs reasonably well to analyse the security in the architectural design. (C) 2021 Elsevier B.V. All rights reserved.

Zhang Baowen,Chang Xiao,Li Jianhua

DOI: https://doi.org/10.1049/cje.2020.02.017

IF: 1.019

2020-01-01

Chinese Journal of Electronics

Abstract:As a new security defense theory, Cyberspace mimic defense（CMD） provides an architecture named Dynamic heterogeneous redundancy（DHR） to enhance the defense level of system security. Due to the new dynamic defense mechanism DHR introduced in CMD systems, traditional security modelling and analysis methods can hardly be used for them. In this paper, we propose a Security ontology-based modelling method for CMD systems（SOCMD）, which uses ontology to represent DHR components and to define their inner relationships. SOCMD also connects information components including DHRs with security vulnerabilities,threats and attackers in cyberspace. Next, attacking rules,multi-mode arbitration mechanism and combination rules are designed with SOCMD for CMD systems and a new logical-checking method is proposed to make judgement about the security state of SOCMD. Finally, different use cases and performance tests are developed to demonstrate the application process for the model and to verify the validity of our method.

Sergej Japs,Harald Anacker

DOI: https://doi.org/10.1017/pds.2021.517

2021-07-27

Proceedings of the Design Society

Abstract:Abstract Cyber-physical systems (CPS), like autonomous vehicles, are intelligent and networked. The development of such systems and its components requires interdisciplinary cooperation between different stakeholders. A lack of system understanding between stakeholders can lead to unidentified and unresolved security threats & safety hazards in early engineering phases, resulting in high costs in product development and potentially compromises compliance with the safety of CPS. Model-based systems engineering (MBSE) improves the system understanding between stakeholders by using models. However, MBSE approaches only partially address security threats & safety hazards. In particular, their integrative consideration is not taken into account. Established security & safety approaches are either only applicable to specific disciplines or only partially consider security threats & safety hazards. In the context of this paper we present a method for the resolution of safety relevant security threats in the system architecture design phase using design patterns. We illustrate our approach with the example of the automotive sector. Finally, we present an evaluation of the method, based on an 8 week project with 67 master students.

Vivek Nigam,Alexander Pretschner,Harald Ruess

DOI: https://doi.org/10.48550/arXiv.1810.04866

2018-10-11

Logic in Computer Science

Abstract:By exploiting the increasing surface attack of systems, cyber-attacks can cause catastrophic events, such as, remotely disable safety mechanisms. This means that in order to avoid hazards, safety and security need to be integrated, exchanging information, such as, key hazards/threats, risk evaluations, mechanisms used. This white paper describes some steps towards this integration by using models. We start by identifying some key technical challenges. Then we demonstrate how models, such as Goal Structured Notation (GSN) for safety and Attack Defense Trees (ADT) for security, can address these challenges. In particular, (1) we demonstrate how to extract in an automated fashion security relevant information from safety assessments by translating GSN-Models into ADTs; (2) We show how security results can impact the confidence of safety assessments; (3) We propose a collaborative development process where safety and security assessments are built by incrementally taking into account safety and security analysis; (4) We describe how to carry out trade-off analysis in an automated fashion, such as identifying when safety and security arguments contradict each other and how to solve such contradictions. We conclude pointing out that these are the first steps towards a wide range of techniques to support Safety and Security Engineering. As a white paper, we avoid being too technical, preferring to illustrate features by using examples and thus being more accessible.

Lirong Dai,Yan Bai

DOI: https://doi.org/10.1109/SSIRI.2011.25

2011-01-01

Abstract:Enterprises security is a complex problem. Pure technology-driven development methods are not sufficient to solve a broad range of enterprise security issues. This paper analyzes the complexity of enterprise security and proposes an organization-driven approach for the problem. The approach combines a set of Unified Modeling Language-based approaches to bridge the gap between enterprise security architecture models and security application development models. It allows an enterprise to coordinate security resources from an enterprise point of view, and develop security applications systematically and efficiently. A comprehensive case study is conducted to illustrate the approach. The study shows through the refinement of enterprise security goals, both software goals and software requirements for a security application can be obtained. In particular, a security application is built to support the specification and automated verification of separation of duty access policies using the Object Constraint Language and formal method Alloy.

HU Yan,XIE Xiao-rong,XIN Yao-zhong

DOI: https://doi.org/10.3321/j.issn:1000-3673.2006.02.002

2006-01-01

Abstract:At present there are not quantitative security architecture design methods and computer-aided design tools for power information system. The authors propose a pattern based quantitative security architecture design method, in which the aggressive behavior and safeguard are modeled by aggressive pattern and safeguard pattern respectively and the quantitative indices to select several safeguards are strictly defined with set theory. The advantages of the proposed method over the traditional risk management method are demonstrated in detail in security policy, system modeling, attack modeling, safeguard modeling, risk measurement, risk analysis and selection of safeguards. In order to decrease the cost of security architecture design and implement computer-aided design tools, the security architecture design process is further abstracted into a mathematical model of 0-1-integer programming.

Chao Huang,Jianling Sun,Xinyu Wang,Yuanjie Si

DOI: https://doi.org/10.1109/ICNDS.2009.94

2009-01-01

Abstract:Access control is always essential for safe and security access to the system resource. Role based access control (RBAC) model is widely used in large enterprise software systems. The quality of the RBAC policy design especially role definition has great impact on the system security policy implementation. In this paper we propose a novel role engineering methods with security KAOS (SKAOS), which guide the engineering process via keeping decomposing the functional requirement objective and combining the system security requirement. SKAOS not only simplifies the system userpsilas involvement in the role engineering process via supplying with the objective decomposition but also reduces the complexity of the operation analysis. After building the objective decomposition and activity analysis diagrams, the role definition can be delivered. We illustrate the effectiveness of our method via analyzing a real world requirement problem.

HQ Yu,DM Liu,XD He,L Yang,S Gao

DOI: https://doi.org/10.1109/iceccs.2005.75

2005-01-01

Abstract:Security design at architecture level is critical to achieve high assurance software systems. However, most security design techniques for software architectures were in ad hoc fashion and fell short in precise notations. This paper proposes a formal aspect-oriented approach to designing secure software architectures. The underlying formalism is the software architecture model (SAM) that combines Petri nets and temporal logic. SAM supports a precise way to model the problem domain, its software architecture, and security aspects of the software architecture. An integrated architecture is obtained by weaving aspect models with the base architecture model. Mechanisms in SAM are amenable to analyzing correctness of the architecture design.

Shu Gao,Yi Deng,Huiqun Yu,Xudong He,Konstantin Beznosov,Kendra Cooper

DOI: https://doi.org/10.5072/zenodo.309258

2004-01-01

Abstract:As a security policy model evolves, the design of security systems using that model could become increasingly complicated. It is necessary to come up with an approach to guide the development, reuse and evolution of the design. In this paper, we propose an aspect-oriented design approach to designing flexible and extensible security systems. A case study demonstrates that such an approach has multifold benefits and is worth further exploration.

Y Rao,Bq Feng,Jc Han

DOI: https://doi.org/10.1007/978-3-540-30208-7_49

2004-01-01

Abstract:A security architecture model for web services, Security extended-Resources, Services, Roles, Protocols and Methods (SX-RSRPM) model, was proposed based on the conceptions about security of web services and Degree of Safety for Web Services (DoS4WS), which is a qualitative analysis index of Web Services security, in the paper. This model could effectively increase the value of DoS4WS by the extended emerging XML-based security of protocol stacks and a new affiliated role as security CA center. In addition, an integrated security solution has been developed and the results in practice show that this solution can build a confidence security environment for all roles and provide a flexible and extensible security manage mechanism.

HU Yan,XIE Xiao-rong,XIN Yao-zhong

DOI: https://doi.org/10.3321/j.issn:1000-3673.2006.04.008

2006-01-01

Abstract:Power information system is a typical distributed and interconnected system, which needs a systematic security design method. The authors analyze the features and defects of existing security design methods such as risk management method, guideline adherence, formal verification, find and fix approach and preventive design approach, and summarize the research results, which are available for reference, such as information system security engineering, analysis and design of survivable systems and security requirements analysis methods. The ten points to assess security design methods proposed in this paper can be used to classify and compare various security design methods, which can promote the research of security design process.

朱红,周立,嵇文路,张明

DOI: https://doi.org/10.3969/j.issn.1009-0665.2009.03.010

2009-01-01

Abstract:This paper presents an open,standards integrated monitoring and control platform for secondary system,which can meet the security requirements of secondary electrical system,and introduces the system architecture,soft system,network topology,key technologies and main functions of the platform.The design of the platform stresses the importance of scalability,adopts object-oriented mode and common rule engine,and also defines standard interface specification to support flexible access of multiple application systems.

Yuqiang Guo,Yingxu Li,Jun Zhao,Hui Zhao,Junxian Guo

DOI: https://doi.org/10.1088/1742-6596/2755/1/012007

2024-05-15

Journal of Physics Conference Series

Abstract:UAFML or UPDM is the language for modeling System of System(SoS) architecture. While SysML is used to model system architecture with solid connections with requirements, multidisciplinary analysis, software development, verification, etc. Many companies export the SoS architecture model into an XMI file or even a Word document to the system-architecture-level design team to perform further development. It will cost more time and may cause information inconsistency in practice. To bridge the gap, studying a more economical way to perform the modeling information exchange is necessary. This paper studied architecture modeling language building and transformation mechanisms and proposed a unified SoSE and SE modeling approach, which will make the most of the architecture model, guarantee the different architecture level model consistency and save cost.