Requirements-Driven Mediation

for Collaborative Security

Amel Bennaceur*, Arosha Bandara*, Michael Jackson*, Wei Liu*,

Lionel Montrieux*, Thein Than Tun* , YijunYu*, Bashar Nuseibeh*

*The Open University, UK+Lero, Ireland

SEAMS 2014

+

The Need for Collaborative Security

2

Security Challenges in Ubicomp

The boundary of the systems is uncertain

The components can change

The components are designed and implemented independently

3

Environment

Component 1

Component 3

Component 5

Component 2

Component 4

Collaborative Security

Making multiple, heterogeneous, software-intensive components collaborate in order to meet security requirements

Coping with changes in

Changes in the environment

Changes in the assets under protection and their values

Discovery of new threats and vulnerabilities

4

5

Collaborative Security

Adaptive Security

Reasoning about assets, threats, attacks, and vulnerabilities

Identify the security controls necessary to keep security requirements satisfied

How to enact these security controls?

Reasoning about dynamic discovery and composition

Making multiple components collaborate

How to reason about assets, threats and security controls?

Collaborative Adaptation

Adaptive Security meets Collaborative Adaptation

Capabilities

Collaborative Security Framework

Component 1 Component 2

Component 3Component 4

Secure Operational Environment

Component 5

Security Requirements

Security Controls Mediators

Determine Capture Represent Reason Synthesise Deploy

Collaborative Security Framework - Example

7

Security Requirements

I can see, talk, pick objects and walk

I can clean and move

I can phone

Asset

Protect my phone against theft

Collaborative Security à la Michael Jackson

8

Environment

Component 1

Component 3

Component 5

Component 2

Component 4

Collaborative Security à la Michael Jackson

9

Environment

Component 1

Component 3

Component 5

Component 2

Component 4

Collaborative Security à la Michael Jackson

10

Environment

Component 1

Component 3

Component 5

Component 2

Component 4

Component 1 Component 2

Component 4

Secure Operational Environment

Mediator

Selection Mediation Verification

Selection

Which components should collaborate to satisfy security requirements?

Feature-oriented capability selection

Use features to represent components’ capabilities

Elicit the features associated with security controls

Find a composition of features of the available capabilities that:

Subsumes the features of a selected security control provided some domain properties

Respects the constraints between features

Optimises quality attributes (e.g., performance or usability)

11

Selection Mediation Verification

Mediation

How do we make components collaborate?

Behavioural capability mediation

Consider a behavioural description of capabilities

Synthesise a mediator that acts as :

Translator: ensures meaningful exchange of data between

components

Controller: ensures the absence of errors (e.g., deadlock) in their

interaction

Middleware: ensures interoperability by enabling each component to

receive the data it expects at the right moment and in the right format12

Selection Mediation Verification

Verification

How to prove that the collaboration satisfies security requirements? How to verify properties such as correctness, safety, and minimality?

Additional constraints on feature composition to avoid known vulnerabilities

Use anti-goals for mediator synthesis

13

Selection Mediation Verification

A Research Agenda

Selection How does changing and underspecified domain properties

impact the selection of capabilities?

How does trust assumptions influence the selection of the capabilities?

Mediation How can we synthesise mediators that prevent unknown

attacks?

Verification Can we build upon the security satisfaction argument to drive

the selection and mediation of capabilities?

Collaborative Security Video

14

Thank youwww.amel.me

Adaptive Security and Privacywww.asap-project.eu