requirements-driven mediation for collaborative security
DESCRIPTION
Presentation at SEAMS 2014 of the paper entitled "Requirements-Driven Mediation for Collaborative Security"TRANSCRIPT
Requirements-Driven Mediation
for Collaborative Security
Amel Bennaceur*, Arosha Bandara*, Michael Jackson*, Wei Liu*,
Lionel Montrieux*, Thein Than Tun* , YijunYu*, Bashar Nuseibeh*
*The Open University, UK+Lero, Ireland
SEAMS 2014
+
The Need for Collaborative Security
2
Security Challenges in Ubicomp
The boundary of the systems is uncertain
The components can change
The components are designed and implemented independently
3
Environment
Component 1
Component 3
Component 5
Component 2
Component 4
Collaborative Security
Making multiple, heterogeneous, software-intensive components collaborate in order to meet security requirements
Coping with changes in
Changes in the environment
Changes in the assets under protection and their values
Discovery of new threats and vulnerabilities
4
5
Collaborative Security
Adaptive Security
Reasoning about assets, threats, attacks, and vulnerabilities
Identify the security controls necessary to keep security requirements satisfied
How to enact these security controls?
Reasoning about dynamic discovery and composition
Making multiple components collaborate
How to reason about assets, threats and security controls?
Collaborative Adaptation
Adaptive Security meets Collaborative Adaptation
Capabilities
Collaborative Security Framework
Component 1 Component 2
Component 3Component 4
Secure Operational Environment
Component 5
Security Requirements
Security Controls Mediators
Determine Capture Represent Reason Synthesise Deploy
Collaborative Security Framework - Example
7
Security Requirements
I can see, talk, pick objects and walk
I can clean and move
I can phone
Asset
Protect my phone against theft
Collaborative Security à la Michael Jackson
8
Environment
Component 1
Component 3
Component 5
Component 2
Component 4
Collaborative Security à la Michael Jackson
9
Environment
Component 1
Component 3
Component 5
Component 2
Component 4
Collaborative Security à la Michael Jackson
10
Environment
Component 1
Component 3
Component 5
Component 2
Component 4
Component 1 Component 2
Component 4
Secure Operational Environment
Mediator
Selection Mediation Verification
Selection
Which components should collaborate to satisfy security requirements?
Feature-oriented capability selection
Use features to represent components’ capabilities
Elicit the features associated with security controls
Find a composition of features of the available capabilities that:
Subsumes the features of a selected security control provided some domain properties
Respects the constraints between features
Optimises quality attributes (e.g., performance or usability)
11
Selection Mediation Verification
Mediation
How do we make components collaborate?
Behavioural capability mediation
Consider a behavioural description of capabilities
Synthesise a mediator that acts as :
Translator: ensures meaningful exchange of data between
components
Controller: ensures the absence of errors (e.g., deadlock) in their
interaction
Middleware: ensures interoperability by enabling each component to
receive the data it expects at the right moment and in the right format12
Selection Mediation Verification
Verification
How to prove that the collaboration satisfies security requirements? How to verify properties such as correctness, safety, and minimality?
Additional constraints on feature composition to avoid known vulnerabilities
Use anti-goals for mediator synthesis
13
Selection Mediation Verification
A Research Agenda
Selection How does changing and underspecified domain properties
impact the selection of capabilities?
How does trust assumptions influence the selection of the capabilities?
Mediation How can we synthesise mediators that prevent unknown
attacks?
Verification Can we build upon the security satisfaction argument to drive
the selection and mediation of capabilities?
Collaborative Security Video
14
Thank youwww.amel.me
Adaptive Security and Privacywww.asap-project.eu