Towards a More Systematic Approach to Secure Systems Design and Analysis

The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading to variation in assessment. This paper presents research into measuring the variability in decision making between security professionals, with the ultimate goal of improving the quality of security advice given to software system designers. A set of thirty nine cyber-security experts took part in an exercise in which they independently assessed a realistic system scenario. This study quantifies agreement in the opinions of experts, examines methods of aggregating opinions, and produces an assessment of attacks from ratings of their components. The authors show that when aggregated, a coherent consensus view of security emerges which can be used to inform decisions made during systems design.

Designing Secure Data Warehouses

Organizations depend increasingly on information systems, which rely upon databases and data warehouses (DWs), which need increasingly more quality and security. Generally, we have to deal with sensitive information such as the diagnosis made on a patient or even personal beliefs or other sensitive data. Therefore, a final DW solution should consider the final users that can have access to certain specific information. Unfortunately, methodologies that incorporate security are based on an operational environment and not on an analytical one. Therefore, they do not include security into the multidimensional approaches to work with DWs. In this chapter, we present a comparison of six secure-systems design methodologies. Next, an extension of the UML that allows us to specify main security aspects in the multidimensional conceptual modeling is proposed, thereby allowing us to design secure DWs. Finally, we present how the conceptual model can be implemented with Oracle Label Security (OLS10g).

Designing Secure Data Warehouses

Organizations depend increasingly on information systems, which rely upon databases and data warehouses (DWs), which need increasingly more quality and security. Generally, we have to deal with sensitive information such as the diagnosis made on a patient or even personal beliefs or other sensitive data. Therefore, a final DW solution should consider the final users that can have access to certain specific information. Unfortunately, methodologies that incorporate security are based on an operational environment and not on an analytical one. Therefore, they do not include security into the multidimensional approaches to work with DWs. In this chapter, we present a comparison of six secure-systems design methodologies. Next, an extension of the UML that allows us to specify main security aspects in the multidimensional conceptual modeling is proposed, thereby allowing us to design secure DWs. Finally, we present how the conceptual model can be implemented with Oracle Label Security (OLS10g).

Designing Secure Data Warehouses

Organizations depend increasingly on information systems, which rely upon databases and data warehouses (DWs), which need increasingly more quality and security. Generally, we have to deal with sensitive information such as the diagnosis made on a patient or even personal beliefs or other sensitive data. Therefore, a final DW solution should consider the final users that can have access to certain specific information. Unfortunately, methodologies that incorporate security are based on an operational environment and not on an analytical one. Therefore, they do not include security into the multidimensional approaches to work with DWs. In this chapter, we present a comparison of six secure-systems design methodologies. Next, an extension of the UML that allows us to specify main security aspects in the multidimensional conceptual modeling is proposed, thereby allowing us to design secure DWs. Finally, we present how the conceptual model can be implemented with Oracle Label Security (OLS10g).

Designing Secure Data Warehouses

Organizations depend increasingly on information systems, which rely upon databases and data warehouses (DWs), which need increasingly more quality and security. Generally, we have to deal with sensitive information such as the diagnosis made on a patient or even personal beliefs or other sensitive data. Therefore, a final DW solution should consider the final users that can have access to certain specific information. Unfortunately, methodologies that incorporate security are based on an operational environment and not on an analytical one. Therefore, they do not include security into the multidimensional approaches to work with DWs. In this chapter, we present a comparison of six secure-systems design methodologies. Next, an extension of the UML that allows us to specify main security aspects in the multidimensional conceptual modeling is proposed, thereby allowing us to design secure DWs. Finally, we present how the conceptual model can be implemented with Oracle Label Security (OLS10g).

Comparing the Security Architectures of Sun ONE and Microsoft .NET

Platforms for web services have been reduced to two basic approaches: Microsoft .NET and Sun ONE (J2EE). We compare here these two platforms with respect to the security they provide to the web services that use them. We arrive to the conclusion that although the basic security architectures are fairly similar, their actual implementations differ. Microsoft’s approach appears weaker because of their self-contained approach, and a failure to follow good principles of software and secure systems design.