Computational verification of security requirements

Bibu, Gideon Dadik

January 2014

One of the reasons for persistence of information security challenges in organisations is that security is usually seen as a technical problem. Hence the emphasis on technical solutions in practice. However, security challenges can also arise from people and processes. We therefore approach the problem of security in organisations from a socio-technical perspective and reason that the design of security requirements for organisations has to include procedures that would allow for the design time analysis of the system behaviour with respect to security requirements. In this thesis we present a computational approach to the verification and validation of elicited security requirements. This complements the existing approaches of security requirements elicitation by providing a computational means for reasoning about security requirements at design time. Our methodology is centered on a deontic logic inspired institutional framework which provides a mechanism to monitor the permissions, empowerment, and obligations of actors and generates violations when a security breach occurs. We demonstrate the functionality of our approach by modelling a practical scenario from health care domain to explore how the institutional framework can be used to develop a model of a system of interacting actors using the action language InstAL. Through the application of the semantics of answer set programming (ASP), we demonstrate a way of carrying out verification of security requirements such that it is possible to predict the effect of certain actions and the causes of certain system states. To show that our approach works for a number of security requirements, we also use other scenarios to demonstrate the analysis of confidentiality and integrity requirements. From human factor point of view compliance determines the effectiveness of security requirements. We demonstrate that our approach can be used for management of security requirements compliance. By verifying compliance and predicting non-compliance and its consequences at design time, requirements can be redesigned in such a way that better compliance can be achieved.

658.4

Verification ; Security ; Requirements

A Security Requirements Management Framework for Open-Source Software Projects

Wang, Wen Tao

01 October 2019

No description available.

Computer Science

Security requirements

open-source software

security requirements identification

requirements traceability

requirements dependency

Modelling security requirements through extending Scrum agile development framework

Alotaibi, Minahi

January 2016

Security is today considered as a basic foundation in software development and therefore, the modelling and implementation of security requirements is an essential part of the production of secure software systems. Information technology organisations are moving towards agile development methods in order to satisfy customers' changing requirements in light of accelerated evolution and time restrictions with their competitors in software production. Security engineering is considered difficult in these incremental and iterative methods due to the frequency of change, integration and refactoring. The objective of this work is to identify and implement practices to extend and improve agile methods to better address challenges presented by security requirements consideration and management. A major practices is security requirements capture mechanisms such as UMLsec for agile development processes. This thesis proposes an extension to the popular Scrum framework by adopting UMLsec security requirements modelling techniques with the introduction of a Security Owner role in the Scrum framework to facilitate such modelling and security requirements considerations generally. The methodology involved experimentation of the inclusion of UMLsec and the Security Owner role to determine their impact on security considerations in the software development process. The results showed that overall security requirements consideration improved and that there was a need for an additional role that has the skills and knowledge to facilitate and realise the benefits of the addition of UMLsec.

005.1

Physical Security Assessment of a Regional University Computer Network

Timbs, Nathan H

01 December 2013

Assessing a network's physical security is an essential step in securing its data. This document describes the design, implementation, and validation of PSATool, a prototype application for assessing the physical security of a network's intermediate distribution frames, or IDFs (a.k.a. "wiring closets"). PSATool was created to address a lack of tools for IDF assessment. It implements a checklist-based protocol for assessing compliance with 52 security requirements compiled from federal and international standards. This checklist can be extended according to organizational needs. PSATool was validated by using it to assess physical security at 135 IDFs at East Tennessee State University. PSATool exposed 95 threats, hazards, and vulnerabilities in 82 IDFs. A control was recommended for each threat, hazard, and vulnerability discovered. The administrators of ETSU's network concluded that PSATool's results agreed with their informal sense of these IDFs' physical security, while providing documented support for improvements to IDF security.

Physical Security Assessment

Information Assurance

Security Requirements

Computer Sciences

Enhancing Software Security through Modeling Attacker Profiles

Hussein, Nesrin

21 September 2018

No description available.

Computer Science

security requirements

Non-functional requirements

security related test cases

Designing secure business processes from organisational goal models

Argyropoulos, Nikolaos

January 2018

Business processes are essential instruments used for the coordination of organisational activities in order to produce value in the form of products and services. Information security is an important non-functional characteristic of business processes due to the involvement of sensitive data exchanged between their participants. Therefore, potential security shortfalls can severely impact organisational reputation, customer trust and cause compliance issues. Nevertheless, despite its importance, security is often considered as a technical concern and treated as an afterthought during the design of information systems and the business processes which they support. The consideration of security during the early design stages of information systems is highly beneficial. Goal-oriented security requirements engineering approaches can contribute to the early elicitation of system requirements at a high level of abstraction and capture the organisational context and rationale behind design choices. Aligning such requirements with process activities at the operational level augments the traceability between system models of different abstraction levels and leads to more robust and context-aware operationalisations of security. Therefore, there needs to be a well-defined and verifiable interconnection between a system’s security requirements and its business process models. This work introduces a framework for the design of secure business process models. It uses security-oriented goal models as its starting point to capture a socio-technical view of the system to-be and its security requirements during its early design stages. Concept mappings and model transformation rules are also introduced as a structured way of extracting business process skeletons from such goal models, in order to facilitate the alignment between the two different levels of abstraction. The extracted business process skeletons, are refined to complete business process models through the use of a set of security patterns, which standardise proven solutions to recurring security problems. Finally, the framework also offers security verification capabilities of the produced process models through the introduction of security-related attributes and model checking algorithms. Evaluation of this work is performed: (i) through individual evaluation of its components via their application in real-life systems, (ii) a workshop-based modelling exercise where participants used and evaluated parts of the framework and (iii) a case study from the public administration domain where the overall framework was applied in cooperation with stakeholders of the studied system. The evaluation indicated that the developed framework provides a structured approach which supports stakeholders in designing and evaluating secure business process models.

Žiniatinklio turinio valdymo sistemų saugumo tyrimas / Web content management systems security research

Radzevičius, Vitalius

05 November 2013

Internete galima rasti nemažai svetainių, kurios yra sukurtos naudojantis viena iš daugelio šiuo metu prieinamų žiniatinklio turinio valdymo sistemų (TVS). TVS paprastai nereikalauja išsamių techninių žinių, jos ir kuriamos su idėja, kad bet kuris naudotojas galėtų nesunkiai sukurti ir paskelbti savo interneto svetainę. Deja, eiliniai TVS naudotojai dažnai turi nedaug žinių informacijos saugumo srityje. Turinio valdymo sistemų pagrindu sukurtoms svetainėms, kaip ir nuo pagrindų suprogramuotiems tinklalapiams, kyla panašios bendrosios su saugumu susiję grėsmės. Tačiau be bendrųjų grėsmių dar egzistuoja ir specifinės, kurias įprastinės saugumo tikrinimo-vertinimo priemonės sunkiai aptinka. Šios problemos dažnai būna konfigūracijos lygmenyje, todėl iš esmės kiekvienai turinio valdymo sistemai ir jos versijai reikia individualiai pritaikyto saugumo vertinimo taisyklių rinkinio. Šiame darbe buvo sudarytas specifinių TVS saugumo kriterijų sąrašas, pateiktas šių kriterijų atitikimą vertinančios programos modelis, suprogramuoti du kriterijų vertinimo algoritmai, įvertinantys dviejų populiarių žiniatinklio TVS (Drupal bei Joomla) reikalavimų atitikimą, bei atliktas eksperimentinis tyrimas su minėtomis žiniatinklio turinio valdymo sistemomis. Tyrimas atliktas su ką tik įdiegtomis turinio valdymo sistemomis ir pakartotas po sistemų parametrų konfigūravimo. Taip pat įvertintos dvi internetu prieinamos ir lankomos Drupal TVS pagrindu sukurtos svetainės. / There are quite a few websites online that use one of many currently available web content management systems (CMS). CMS usually do not require in-depth technological knowledge. In fact, they are designed with an idea that any user can create and publish their website. Unfortunately, ordinary CMS users often lack knowledge in security area. CMS-based websites, same as those that are created from scratch, experience similar common security threats. In addition to common security threats, there are some CMS-specific ones that are hardly discovered by standard security assessment programs, generally called web vulnerability scanners. Security problems often lie in configuration level and, in order to discover them, CMS-specific security checking rules are required. In this paper, CMS-specific security requirements list was compiled and model of the programs that checks if CMS complies with requirements was provided. Then two algorithms were programmed that helped assess how Joomla and Drupal web content management systems comply with security requirements. Experimental study was carried out with two aforementioned content management systems. The study was carried out with the freshly installed content management systems, and then repeated after system configuration parameters adjustment. Finally, two Drupal CMS-based and online-accessible websites were assessed.

Informatics Engineering

Žiniatinklio TVS

Saugumo reikalavimai

Saugumo tikrinimo programa

Web CMS

Security requirements

Security assessment program

A Framework for Security Requirements : Security Requirements Categorization and Misuse Cases / En ram för Säkerhetskrav : Säkerhetskrav kategorisering och missbruk ärenden

Bogale, Helen Yeshiwas, Ahmed, Zohaib

January 2011

Context: Security Requirements engineering is necessary to achieve secure software systems. Many techniques and approaches have been proposed to elicit security requirements in the initial phases of development. With the growing importance of security and immense increase in security breaches over the past few years, researchers and practitioners have been striving to achieve a mature process of coping with security requirements. Much of the activities in this regard are seen in academia but industry still seems to be lacking in giving the required importance to security requirements engineering. That is why, security requirements engineering is still not always considered as a central part of requirements engineering. This study is targeted to bridge this gap between academia and industry in terms of security requirements engineering and to provide a concrete approach to efficiently elicit and specify security requirements. The Misuse case technique is proposed for this purpose. However it lacks in providing guidelines for enabling scalable use. This limitation has been addressed to achieve a mature process of security requirements elicitation. Objectives: In this study, we propose a framework to elicit security requirements early in the software development using misuse case technique. Objective is to make misuse case technique scalable and applicable to the real-world projects. The proposed framework was presented to two representatives from the Swedish Armed Forces (SWAF). The feedback received from the representatives was utilized to refine, update and finalize the framework. Methods: The study involved a systematic review to gain an insight of the academic perspective in the area of study. Document extraction was adopted to observe the industrial trends in the said subject. These were the software requirements specification documents of the real-world systems. Document extraction was supported with informed brainstorming because the study revolved around misuse case technique and informed brainstorming is considered to be the most suitable technique for this purpose. A workshop was conducted with two representatives of Swedish Armed Forces followed by two subsequent asynchronous communication rounds and a facilitated session to get feedback about the proposed solution. This feedback was utilized to refine, update and finalize the proposed solution. Results: The results of the systematic review were organized in tabular forms for a clear understanding and easy analysis. A security requirements categorization was obtained as a result which was finalized after an initial validation with the help of real-world projects. Furthermore, a framework was proposed utilizing this categorization to address the limitations of misuse case technique. The framework was created and refined through workshop and different communication rounds with representatives of SWAF. Their feedback was used as input to further improve the usefulness and usability aspects of the framework. Conclusions: The significance of security requirements engineering is undisputedly accepted both in academia and industry. However, the area is not a subject of practice in industrial projects. The reasons include lack of mature processes as well as expensive and time consuming solutions. Lack of empirical evidences adds to the problems. The conducted study and proposed process of dealing with this issue is considered as a one step forward towards addressing the challenges. / Säkerhet Kravhantering är nödvändigt för att uppnå säkra programvarusystem. Många tekniker och metoder har föreslagits för att framkalla säkerhetskraven i de inledande faserna i utvecklingen. Med den växande betydelsen av säkerhet och enorma ökning av brott mot säkerheten under de senaste åren har forskare och praktiker strävat efter att uppnå en mogen process för att klara säkerhetskraven. Mycket av verksamheten i detta avseende ses i den akademiska världen, men industrin fortfarande tycks saknas i att ge den nödvändiga betydelse för säkerheten kravhantering. Därför är säkerheten kravhantering fortfarande inte alltid som en central del av kravhantering. Denna studie är inriktad att överbrygga denna klyfta mellan akademi och näringsliv när det gäller säkerhet kravhantering och att ge en konkret strategi för att effektivt få fram och specificera säkerhetskrav. Missbruk fallet tekniken föreslås för detta ändamål. Men det saknar i att ge riktlinjer för att möjliggöra skalbar användning. Denna begränsning har åtgärdats för att uppnå en mogen process av säkerhetskrav elicitation. / +46 (0) 735 84 12 97, +46 (0) 760 60 96 55

Misuse Case

Security Requirements

Categorization

Elicitation

Specification

Computer Sciences

Datavetenskap (datalogi)

Software Engineering

Programvaruteknik

Identifying Security Requirements using Meta-Data and Dependency Heuristics

Mahakala, Kavya Reddy

January 2018

No description available.

Computer Science

security requirements

classification

meta-data heuristics

dependency heuristics

requirements engineering

Reviewing and Evaluating Techniques for Modeling and Analyzing Security Requirements

Abu-Sheikh, Khalil

January 2007

The software engineering community recognized the importance of addressing security requirements with other functional requirements from the beginning of the software development life cycle. Therefore, there are some techniques that have been developed to achieve this goal. Thus, we conducted a theoretical study that focuses on reviewing and evaluating some of the techniques that are used to model and analyze security requirements. Thus, the Abuse Cases, Misuse Cases, Data Sensitivity and Threat Analyses, Strategic Modeling, and Attack Trees techniques are investigated in detail to understand and highlight the similarities and differences between them. We found that using these techniques, in general, help requirements engineer to specify more detailed security requirements. Also, all of these techniques cover the concepts of security but in different levels. In addition, the existence of different techniques provides a variety of levels for modeling and analyzing security requirements. This helps requirements engineer to decide which technique to use in order to address security issues for the system under investigation. Finally, we found that using only one of these techniques will not be suitable enough to satisfy the security requirements of the system under investigation. Consequently, we consider that it would be beneficial to combine the Abuse Cases or Misuse Cases techniques with the Attack Trees technique or to combine the Strategic Modeling and Attack Trees techniques together in order to model and analyze security requirements of the system under investigation. The concentration on using the Attack Trees technique is due to the reusability of the produced attack trees, also this technique helps in covering a wide range of attacks, thus covering security concepts as well as security requirements in a proper way.

Security Requirements

Abuse Cases

Misuse Cases

Data Sensitivity and Threat Analyses

Strategic Modeling

Attack Trees.

Software Engineering

Programvaruteknik