scholarly journals Towards a More Systematic Approach to Secure Systems Design and Analysis

2013 ◽  
Vol 4 (1) ◽  
pp. 11-30 ◽  
Author(s):  
Simon Miller ◽  
Susan Appleby ◽  
Jonathan M. Garibaldi ◽  
Uwe Aickelin
Keyword(s):  
Cyber Security ◽  
Systematic Approach ◽  
Systems Design ◽  
Software Systems ◽  
Security Risks ◽  
Secure Systems ◽  
Secure Systems Design ◽  
Consensus View ◽  
Security Advice

The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading to variation in assessment. This paper presents research into measuring the variability in decision making between security professionals, with the ultimate goal of improving the quality of security advice given to software system designers. A set of thirty nine cyber-security experts took part in an exercise in which they independently assessed a realistic system scenario. This study quantifies agreement in the opinions of experts, examines methods of aggregating opinions, and produces an assessment of attacks from ratings of their components. The authors show that when aggregated, a coherent consensus view of security emerges which can be used to inform decisions made during systems design.

Designing Secure Data Warehouses

2008 ◽  
pp. 679-692
Author(s):  
Rodolfo Villarroel ◽  
Eduardo Fernandez-Medina ◽  
Juan Trujillo ◽  
Mario Piattini
Keyword(s):  
Conceptual Modeling ◽  
Systems Design ◽  
Specific Information ◽  
Sensitive Information ◽  
Data Warehouses ◽  
Personal Beliefs ◽  
Operational Environment ◽  
Sensitive Data ◽  
Secure Systems ◽  
Secure Systems Design

Organizations depend increasingly on information systems, which rely upon databases and data warehouses (DWs), which need increasingly more quality and security. Generally, we have to deal with sensitive information such as the diagnosis made on a patient or even personal beliefs or other sensitive data. Therefore, a final DW solution should consider the final users that can have access to certain specific information. Unfortunately, methodologies that incorporate security are based on an operational environment and not on an analytical one. Therefore, they do not include security into the multidimensional approaches to work with DWs. In this chapter, we present a comparison of six secure-systems design methodologies. Next, an extension of the UML that allows us to specify main security aspects in the multidimensional conceptual modeling is proposed, thereby allowing us to design secure DWs. Finally, we present how the conceptual model can be implemented with Oracle Label Security (OLS10g).

Designing Secure Data Warehouses

2008 ◽  
pp. 1048-1061
Author(s):  
Rodolfo Villarroel ◽  
Eduardo Fernandez-Medina ◽  
Juan Trujillo ◽  
Mario Piattini
Keyword(s):  
Conceptual Modeling ◽  
Systems Design ◽  
Specific Information ◽  
Sensitive Information ◽  
Data Warehouses ◽  
Personal Beliefs ◽  
Operational Environment ◽  
Sensitive Data ◽  
Secure Systems ◽  
Secure Systems Design

Organizations depend increasingly on information systems, which rely upon databases and data warehouses (DWs), which need increasingly more quality and security. Generally, we have to deal with sensitive information such as the diagnosis made on a patient or even personal beliefs or other sensitive data. Therefore, a final DW solution should consider the final users that can have access to certain specific information. Unfortunately, methodologies that incorporate security are based on an operational environment and not on an analytical one. Therefore, they do not include security into the multidimensional approaches to work with DWs. In this chapter, we present a comparison of six secure-systems design methodologies. Next, an extension of the UML that allows us to specify main security aspects in the multidimensional conceptual modeling is proposed, thereby allowing us to design secure DWs. Finally, we present how the conceptual model can be implemented with Oracle Label Security (OLS10g).

SETER

2012 ◽  
Vol 3 (3) ◽  
pp. 23-49 ◽  
Author(s):  
Ayda Saidane ◽  
Nicolas Guelfi
Keyword(s):  
Development Process ◽  
Security Requirements ◽  
Software Systems ◽  
Test Cases ◽  
Security Testing ◽  
Secure Systems ◽  
Architecture Model ◽  
Software Engineering Process ◽  
Secure Software Development

The quality of software systems strongly depends on their architecture. For this reason, taking into account security requirements at the architecture level is crucial for the success of secure software development. Today, systems are permanently evolving due to customer needs, technology evolution or maintenance constraints. Thus, a resilient secure system is expected to evolve towards more satisfaction of its security requirements (Guelfi 2011). In particular, such evolution process should identify and eliminate faults and vulnerabilities during the development process or runtime. This study focuses on the design phases and aims to propose a resilient software engineering process guaranteeing the development of secure systems that satisfy their critical requirements. During the development process, the system is expected to evolve until reaching satisfactory compliance against its requirements. The satisfaction computation is based on the quantification of failures and degradations. In this paper, the authors propose a novel architecture model-based security testing approach for identifying faults and vulnerabilities. The originality of the proposal resides in the usage of the architecture model for security testing and in coupling security requirements with threat model for generating both security functional test cases and malicious test cases. The assessment of the security requirements’ satisfaction and the overall system resilience is based on the test traces analysis. Throughout this study, a client-server system is used as a running example for illustrating the approach.

Comparing the Security Architectures of Sun ONE and Microsoft .NET

2008 ◽  
pp. 1828-1838
Author(s):  
Eduardo B. Fernandez ◽  
Michael Thomsen ◽  
Minjie H. Fernandez
Keyword(s):  
Web Services ◽  
Systems Design ◽  
Secure Systems ◽  
Secure Systems Design ◽  
Basic Approaches ◽  
The Web

Platforms for web services have been reduced to two basic approaches: Microsoft .NET and Sun ONE (J2EE). We compare here these two platforms with respect to the security they provide to the web services that use them. We arrive to the conclusion that although the basic security architectures are fairly similar, their actual implementations differ. Microsoft’s approach appears weaker because of their self-contained approach, and a failure to follow good principles of software and secure systems design.

Comparing the Security Architectures of Sun ONE and Microsoft .NET

2004 ◽  
pp. 317-330 ◽  
Author(s):  
Eduardo B. Fernandez ◽  
Michael Thomsen ◽  
Minjie H. Fernandez
Keyword(s):  
Web Services ◽  
Systems Design ◽  
Secure Systems ◽  
Secure Systems Design ◽  
Basic Approaches ◽  
The Web

Platforms for web services have been reduced to two basic approaches: Microsoft .NET and Sun ONE (J2EE). We compare here these two platforms with respect to the security they provide to the web services that use them. We arrive to the conclusion that although the basic security architectures are fairly similar, their actual implementations differ. Microsoft’s approach appears weaker because of their self-contained approach, and a failure to follow good principles of software and secure systems design.

Sign in / Sign up

Export Citation Format

Share Document