Evaluating the usability and security of a video CAPTCHA /

Kluever, Kurt Alfred.

January 2008

Thesis (M.S.)--Rochester Institute of Technology, 2008. / Typescript. Includes bibliographical references (leaves 77-88).

Processus IDM pour l’intégration des patrons de sécurité dans une application à base de composants / An MDE process for security pattern integration in component based application

Bouaziz, Rahma

06 December 2013

La sécurité est devenue un enjeu important dans le développement des systèmes logiciels actuels. La majorité des concepteurs de ces systèmes manquent d’expertise dans le domaine de la sécurité. Il s’avère donc important de les guider tout au long des différentes phases de développement logiciel dans le but de produire des systèmes plus sécurisés. Cela permettra de réduire le temps ainsi que les coûts de développement. Pour atteindre cet objectif, nous proposons d’appliquer l’expertise en matière de sécurité sous forme de patrons de sécurité lors de la phase de conception de logiciels. Un patron de sécurité intègre des solutions éprouvées et génériques proposées par des experts en sécurité. Cependant, les patrons de sécurité sont souvent négligés au niveau de la conception et ne constituent pas une solution intuitive qui peut être utilisée par les concepteurs de logiciels. Cela peut être le résultat de l’inadaptation de ces patrons au contexte des systèmes, la non-expertise des concepteurs dans le domaine de la sécurité ou encore l’absence d’un processus d’intégration de ces patrons dans les modèles à un haut niveau d’abstraction.Afin de permettre aux concepteurs d’utiliser les solutions proposées par des patrons de sécurité, cette thèse propose une approche d’ingénierie dirigée par les modèles pour sécuriser des applications via l’intégration de patrons de sécurité. Nous avons choisi comme contexte d’application de notre approche, les applications à base de composants qui visent à faciliter le développement d’applications à partir de l’assemblage de briques logicielles préfabriquées appelées composants. Le processus proposé assure la séparation entre l’expertise du domaine d’application et l’expertise de sécurité, toutes les deux étant nécessaires pour construire une application sécurisée. La méthodologie proposée assure une intégration semi-automatique des patrons de sécurité dans le modèle initial. Cette intégration est réalisée tout d’abord lors de la modélisation de l’application à travers, dans un premier temps, l’élaboration de profils étendant les concepts du domaine avec les concepts de sécurité. Dans un second temps, l’intégration se fait à travers la définition de règles, qui une fois appliquées, génèrent une application sécurisée. Finalement, cette intégration est assurée aussi au niveau de la génération du code fonctionnel de l’application en intégrant le code non-fonctionnel relatif à la sécurité à travers l’utilisation des aspects. L’utilisation de l’approche orientée aspect garantit que l’application des patrons de sécurité est indépendante de toute application particulière. Le processus proposé est décrit avec le standard SPEM.Ce travail a été concrétisé par un outil nommé SCRI-TOOL pour SeCurity patteRn Integration Tool. Cet outil permet aux développeurs non experts en sécurité d’intégrer les différentes propriétés de sécurité (intégrées dans les patrons) dans une application à base de composants. Afin d’illustrer l’utilisation de SCRI-TOOL, nous proposons une étude de cas portant sur le domaine des systèmes de soins distribués. Le choix d’une telle étude de cas s’explique par l’importance des exigences en termes de sécurité requises pour le bon fonctionnement d’une telle application. En effet, vue le grand nombre d’acteurs pouvant interagir, la sécurité est une exigence critique dans de tels systèmes. Cette étude nous a permis de mettre en évidence l’importance de la gestion de la sécurité à un haut niveau d’abstraction et la façon d’appliquer la méthodologie proposée sur un cas réel. / Security has become an important challenge in current software and system development. Most of designers are experts in software development but not experts in security. It is important to guide them to apply security mechanisms in the early phases of software development to reduce time and cost of development. To reach this objective, we propose to apply security expertise as security patterns at software design phase. A security pattern is a well-understood solution to a recurring information security problem. So, security patterns encapsulate the knowledge accumulated by security experts to secure a software system. Although well documented, patterns are often neglected at the design level and do not constitute an intuitive solution that can be used by software designers. This can be the result of the maladjustment of those patterns to systems context, the inexpertness of designers with security solutions and the need of integration process to let designers apply those pattern ? solutions in practical situations and to work with patterns at higher levels of abstraction. To enable designers to use solutions proposed by security patterns, this thesis proposes a model driven engineering approach to secure applications through the integration of security patterns. Component-based approach is a powerful means to develop and reuse complex systems. In this thesis, we take component based software systems as an application domain for our approach to facilitate the development of applications by assembling prefabricated software building blocks called components. The proposed process provides separation between domain expertise and application security expertise, both of which are needed to build a secure application. Our main goal is to provide a semi-automatic integrating of security patterns into component-based models, and producing an executable secure code. This integration is performed through a set of transformation rules. The result of this integration is a new model supporting security concepts. It is then automatically translated into aspect-oriented code related to security. These aspects are then woven in a modular way within the functional application code to enforce specified security properties. The use of aspect technology in the implementation phase guarantees that the application of security patterns is independent from any particular implementation. In order to provide a clear comprehension of the SCRIP process, we have described it using the standard SPEM . This work is implemented in a software tool called SCRI-TOOL (SeCurity patteRn Integration Tool). This tool allows not security experts developers to integrate different security properties throughout the development cycle of an component based application. To illustrate the use of SCRI-TOOL, we propose a case study regarding electronic healthcare systems. The choice of such a case study is motivated by the great attention archived for such systems from academia and industry and by the importance of security in such systems. Indeed, because of the large number of actors that can interact in such systems, security is a critical requirement. This case study will also allow us to illustrate the proposed methodology to highlight the importance of security management at a high level of abstraction. As results of the application of this process, we obtain a health care application completely secure and meeting the requirements of medical context.

IDM

Patrons de sécurité

Processus

ATL

UML

MDA

Security pattern

ATL

UML

Process

UM FRAMEWORK BASEADO EM PADRÕES DE SEGURANÇA PARA TRANSFORMAÇÕES DE MODELOS / A FRAMEWORK BASED ON SECURITY PATTERNS FOR TRANSFORMATIONS OF MODELS

Prass, Fábio Sarturi

18 April 2012

The increased automation in the process of systems development is becoming more popular in the current context because of the increased complexity. With this increasingly arise tools based on the idea of automatic code generation from models. As result of this complexity, information systems may have errors and vulnerabilities. So, there is a need for increasing the level of abstraction and automation in the software development processes, thereby allowing greater security in the application. These needs are answered by using the approaches of Model-Driven Engineering that allows the modeling and the application of transformations onto models aiming at obtaining software in an automatized way. This study proposes a framework based on security patterns oriented to model is proposed in this paper. This provides guidelines for implementing the model application abd the correct validation of using patterns. The security is implicitly included into the system through a transformation between models, which automatically encodes the security pattern, ensuring that the generated code is not susceptible to errors or changes in code. These transformations are defined through XML syntax and a set of rule implemented in Java and ATL language. They can be further executed in a unidirectional way, through the transformation application implemented to support the use of the proposed approach. It is also presented an example of model transformation for the Java platform. / O aumento da automatização nos processos de desenvolvimento de sistemas vem ganhando espaço no contexto atual devido ao aumento da complexidade. Com isto, cada vez mais surgem ferramentas baseadas na ideia de geração automática de código a partir de modelos. Por causa desta complexidade, os sistemas de informação estão sujeitos a erros e vulnerabilidades. Com isso, surgem as necessidades do aumento da automatização e do nível de abstração no desenvolvimento de software, permitindo assim maior segurança na aplicação. Essas necessidades são respondidas pela utilização da abordagem da Engenharia Dirigida por Modelos que permite a modelagem e aplicação de transformações sobre os modelos, visando à obtenção do software de forma automatizada. Este trabalho propõe um framework baseado em padrões de segurança orientado a modelo, fornecendo diretrizes para implementação do modelo e a validação correta do uso dos padrões. A segurança é inserida implicitamente no sistema por meio de transformação entre modelos e codificação automática, garantindo que a segurança não será violada em nenhum nível e não será suscetível a erros ou alterações do código. Estas transformações são definidas através de uma sintaxe XMI e um conjunto de regras implementadas em linguagem Java e ATL, e podem ser posteriormente executadas de maneira unidirecional, através da aplicação de transformações implementada para apoiar o uso da abordagem proposta. É apresentado também, um exemplo de transformação de modelos para a plataforma Java.

Segurança

Padrão de segurança

Transformação

Modelos

MDE

Security

Security pattern

Transformation

Models

MDE

Towards robust steganalysis : binary classifiers and large, heterogeneous data

Lubenko, Ivans

January 2013

The security of a steganography system is defined by our ability to detect it. It is of no surprise then that steganography and steganalysis both depend heavily on the accuracy and robustness of our detectors. This is especially true when real-world data is considered, due to its heterogeneity. The difficulty of such data manifests itself in a penalty that has periodically been reported to affect the performance of detectors built on binary classifiers; this is known as cover source mismatch. It remains unclear how the performance drop that is associated with cover source mismatch is mitigated or even measured. In this thesis we aim to show a robust methodology to empirically measure its effects on the detection accuracy of steganalysis classifiers. Some basic machine-learning based methods, which take their origin in domain adaptation, are proposed to counter it. Specifically, we test two hypotheses through an empirical investigation. First, that linear classifiers are more robust than non-linear classifiers to cover source mismatch in real-world data and, second, that linear classifiers are so robust that given sufficiently large mismatched training data they can equal the performance of any classifier trained on small matched data. With the help of theory we draw several nontrivial conclusions based on our results. The penalty from cover source mismatch may, in fact, be a combination of two types of error; estimation error and adaptation error. We show that relatedness between training and test data, as well as the choice of classifier, both have an impact on adaptation error, which, as we argue, ultimately defines a detector's robustness. This provides a novel framework for reasoning about what is required to improve the robustness of steganalysis detectors. Whilst our empirical results may be viewed as the first step towards this goal, we show that our approach provides clear advantages over earlier methods. To our knowledge this is the first study of this scale and structure.

005.8

Model-driven security in service-oriented architectures : leveraging security patterns to transform high-level security requirements to technical policies

Menzel, Michael

January 2011

Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Web Services provide a technical foundation to implement this paradigm on the basis of XML-messaging. However, the enhanced flexibility of message-based systems comes along with new threats and risks. To face these issues, a variety of security mechanisms and approaches is supported by the Web Service specifications. The usage of these security mechanisms and protocols is configured by stating security requirements in security policies. However, security policy languages for SOA are complex and difficult to create due to the expressiveness of these languages. To facilitate and simplify the creation of security policies, this thesis presents a model-driven approach that enables the generation of complex security policies on the basis of simple security intentions. SOA architects can specify these intentions in system design models and are not required to deal with complex technical security concepts. The approach introduced in this thesis enables the enhancement of any system design modelling languages – for example FMC or BPMN – with security modelling elements. The syntax, semantics, and notion of these elements is defined by our security modelling language SecureSOA. The metamodel of this language provides extension points to enable the integration into system design modelling languages. In particular, this thesis demonstrates the enhancement of FMC block diagrams with SecureSOA. To enable the model-driven generation of security policies, a domain-independent policy model is introduced in this thesis. This model provides an abstraction layer for security policies. Mappings are used to perform the transformation from our model to security policy languages. However, expert knowledge is required to generate instances of this model on the basis of simple security intentions. Appropriate security mechanisms, protocols and options must be chosen and combined to fulfil these security intentions. In this thesis, a formalised system of security patterns is used to represent this knowledge and to enable an automated transformation process. Moreover, a domain-specific language is introduced to state security patterns in an accessible way. On the basis of this language, a system of security configuration patterns is provided to transform security intentions related to data protection and identity management. The formal semantics of the security pattern language enable the verification of the transformation process introduced in this thesis and prove the correctness of the pattern application. Finally, our SOA Security LAB is presented that demonstrates the application of our model-driven approach to facilitate a dynamic creation, configuration, and execution of secure Web Service-based composed applications. / Im Bereich der Enterprisearchitekturen hat das Paradigma der Service-orientierten Architektur (SOA) in den vergangenen Jahren eine große Bedeutung erlangt. Dieser Ansatz ermöglicht die Strukturierung und Umsetzung verteilter, IT-basierter Geschäftsfunktionen, um einen effizienten und flexiblen Einsatz von IT-Ressourcen zu ermöglichen. Während in der Vergangenheit fachliche Anforderungen in monolithischen Applikationen umgesetzt wurden, setzt dieser Architekturansatz auf wiederverwendbare Dienste, die spezifische Geschäftsfunktionen implementieren. Diese Dienste können dann dynamisch zur Umsetzung von Geschäftsprozessen herangezogen werden und ermöglichen eine schnelle Reaktion auf verändernde geschäftliche Rahmenbedingungen durch Anpassung der Prozesse. Die einzelnen Dienste existieren unabhängig voneinander und sind lose über einen Nachrichtenaustausch gekoppelt. Diese Unabhängigkeit unterscheidet den SOA-Ansatz von der bisherigen Entwicklung klassischer verteilter Anwendungen. Die Verwendung unabhängiger Dienste geht aber auch mit einem größeren Gefährdungspotential einher, da eine Vielzahl von Schnittstellen bereitgestellt wird, die mittels komplexer Protokolle angesprochen werden können. Somit ist die korrekte Umsetzung von Sicherheitsmechanismen in allen Diensten und SOA-Infrastrukturkomponeten essentiell. Kommunikationspartner müssen an jedem Kommunikationsendpunkt authentifiziert und autorisiert werden und ausgetauschte Nachrichten müssen immer geschützt werden. Solche Sicherheitsanforderungen werden in technischen Sicherheitskonfigurationen (Policydokumenten) mittels einer Policysprache kodiert und werden an die Dienste verteilt, die diese Anforderungen durchsetzen. Da Policysprachen für SOA aber durch die Vielzahl und Vielfalt an Sicherheitsmechanismen, -protokollen und -standards eine hohe Komplexität aufweisen, sind Sicherheitskonfigurationen höchst fehleranfällig und mit viel Fachwissen zu erstellen. Um die Generierung von Sicherheitskonfigurationen in komplexen Systemen zu vereinfachen, wird in dieser Arbeit ein modellgetriebener Ansatz vorgestellt, der eine visuelle Modellierung von Sicherheitsanforderungen in Architekturmodellen ermöglicht und eine automatisierte Generierung von Sicherheitskonfigurationen auf Basis dieser Anforderungen unterstützt. Die Modellierungsebene ermöglicht eine einfache und abstrakte Darstellung von Sicherheitsanforderungen, die sich auch für Systemarchitekten erschließen, welche keine Sicherheits-experten sind. Beispielsweise können modellierte Daten einfach mit einem Schloss annotiert werden, um den Schutz dieser Daten zu fordern. Die Syntax, die Semantik und die Darstellung dieser Anforderungen werden durch die in dieser Arbeit vorgestellte Sicherheitsmodellierungssprache SecureSOA spezifiziert. Der vorgestellte modellgetriebene Ansatz transformiert die modellierten Anforderungen auf ein domänen-unabhängiges Policymodell, das eine Abstraktionsschicht zu konkreten Policysprachen bildet. Diese Abstrak-tionsschicht vereinfacht die Generierung von Sicherheitspolicies in verschiedenen Policysprachen. Allerdings kann diese Transformation nur erfolgen, wenn im System Expertenwissen hinterlegt ist, das die Auswahl von konkreten Sicherheitsmechanismen und -optionen bestimmt. Im Rahmen dieser Arbeit werden Entwurfsmuster für SOA-Sicherheit zur Transformation herangezogen, die dieses Wissen repräsentieren. Dazu wird ein Katalog von Entwurfsmustern eingeführt, der die Abbildung von abstrakten Sicherheitsanforderungen auf konkrete Konfigurationen ermöglicht. Diese Muster sind mittels einer Entwurfsmustersprache definiert, die in dieser Arbeit eingeführt wird. Die formale Semantik dieser Sprache ermöglicht die formale Verifikation des Transformationsprozesses, um die Korrektheit der Entwurfsmusteranwendung nachzuweisen. Die Definition dieses Entwurfsmusterkatalogs und der darauf basierende Transformationsprozess ermöglichen die Abbildung von abstrakten Sicherheitsanforderungen auf konkrete technische Sicherheitskonfigurationen und stellen den Beitrag dieser Arbeit dar. Abschließend wird in dieser Arbeit das SOA-Security-Lab vorgestellt, das die Umsetzung dieses Ansatzes demonstriert.

IT-Sicherheit

Service-Orientierte Architekturen

Modell-getriebene Sicherheit

Sicherheitsmodellierung

Entwurfsmuster für SOA-Sicherheit

IT-Security

Service-oriented Architectures

Modell-driven Security

Security Modelling

SOA Security Pattern

Data processing Computer science