Scribd Logo
Upload

Welcome to Scribd!

  • Security Risk-Aware Secure Tropos

    Uploaded by

    Julián González
    8 views49 pages
    Software secure design 1

    Original Title

    L07

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Software secure design 1

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views49 pages

    Security Risk-Aware Secure Tropos

    Uploaded by

    Julián González
    Software secure design 1

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 49

    Fundamentals of

    Secure System Modelling


    Springer, 2017

    Chapter 6:
    Security Risk-Aware
    Secure Tropos

    Raimundas Matulevičius
    University of Tartu, Estonia, rma@ut.ee

    © Springer International Publishing AG 2017


    Goal
    • Explain how security risks can be captured
    through organisation’s goals
    • Understand how security risk management
    could be performed using Secure Tropos

    © Springer International Publishing AG 2017 2


    Outline
    • Tropos and Secure Tropos
    • Security risk management
    – Abstract and concrete syntax
    – Semantics
    • Example
    • Further reading

    © Springer International Publishing AG 2017 3


    Outline
    • Tropos and Secure Tropos
    • Security risk management
    – Abstract and concrete syntax
    – Semantics
    • Example
    • Further reading

    © Springer International Publishing AG 2017 4


    Goal modelling
    • Approach
    – Focus on why a system is required
    – Use goal refinement to arrive at specific
    requirements
    – Goal analysis
    • document, organize and classify goals
    – Goal hierarchy
    • Refinements and alternatives
    • Advantages
    – Reasonably intuitive
    – Explicit declaration of goals provides sound
    basis for conflict resolution
    • Disadvantages
    – Captures a static picture
    – Can regress forever up (or down) the goal hierarchy
    © Springer International Publishing AG 2017 5
    Goal modelling

    © Springer International Publishing AG 2017 6


    Goal modelling

    • Early requirements
    • Late requirements
    • Architecture design
    • Detailed design

    © Springer International Publishing AG 2017 7


    Tropos Constructs

    © Springer International Publishing AG 2017 8


    Secure Tropos Constructs

    © Springer International Publishing AG 2017 9


    Secure Tropos

    © Springer International Publishing AG 2017 10


    Secure Tropos
    • Security constraint
    – Restriction related to the security of the
    system
    – Influence the analysis and design of a
    system
    – Restricts alternative design solutions
    • Secure dependency
    – Introduces security constraint(s) that must
    be fulfilled for the dependency to be
    satisfied

    © Springer International Publishing AG 2017 11


    Outline
    • Tropos and Secure Tropos
    • Security risk management
    – Abstract and concrete syntax
    – Semantics
    • Example
    • Further reading

    © Springer International Publishing AG 2017 12


    Abstract and Concrete syntax

    Actor model

    © Springer International Publishing AG 2017 13


    Abstract and Concrete syntax

    Actor model

    © Springer International Publishing AG 2017 14


    Abstract and Concrete syntax

    Actor model

    15
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Actor model

    16
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Actor model

    17
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Goal model

    18
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Goal model

    19
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Goal model

    20
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Goal model

    21
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Relationships to Security Constraints

    22
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Relationships to Security Constraints

    23
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Relationships to Security Constraints

    24
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Relationships to Security Constraints

    25
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Relationships to Security Constraints

    26
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Relationships in Attack Scenario

    27
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Relationships in Attack Scenario

    28
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Relationships in Attack Scenario

    29
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Relationships in Attack Scenario

    30
    © Springer International Publishing AG 2017
    Abstract and Concrete syntax

    Relationships in Attack Scenario

    31
    © Springer International Publishing AG 2017
    Outline
    • Tropos and Secure Tropos
    • Security risk management
    – Abstract and concrete syntax
    – Semantics
    • Example
    • Further reading

    © Springer International Publishing AG 2017 32


    Asset-related concepts

    33

    © Springer International Publishing AG 2017


    Risk-related concepts

    34

    © Springer International Publishing AG 2017


    Risk-related concepts

    35

    © Springer International Publishing AG 2017


    Risk treatment-related concepts

    36

    © Springer International Publishing AG 2017


    Outline
    • Tropos and Secure Tropos
    • Security risk management
    – Abstract and concrete syntax
    – Semantics
    • Example
    • Further reading

    © Springer International Publishing AG 2017 37


    Security risk
    management process

    © Springer International Publishing AG 2017 38


    Context and Assets Identification

    • Description of organisation and its environment


    – sensitive activities related to information security

    39 © Springer International Publishing AG 2017 39


    Security Objectives Determination
    • Determine the security objectives to be reached
    – Confidentiality, Integrity, Availability

    40 40
    © Springer International Publishing AG 2017
    Risk Analysis and Assessment
    • Identify risks and estimate them qualitatively or
    quantitatively

    41 41
    © Springer International Publishing AG 2017
    Risk Analysis and Assessment
    • Identify risks and estimate them qualitatively or
    quantitatively

    42 42
    © Springer International Publishing AG 2017
    Risk Treatment Decisions

    Risk treatment Definition


    decisions
    Avoiding risk Decision not to be involved in, or to
    withdraw from a risk
    Transferring risk Sharing with another party the
    burden of loss for a risk
    Retaining risk Accepting the burden of loss from a
    risk
    Reducing risk Action to lessen the probability,
    negative consequences, or both,
    associated with a risk

    43 43
    © Springer International Publishing AG 2017
    Security Requirements Definition
    • Security requirements - security solutions to
    mitigate the risks

    • If security requirements are unsatisfactory


    – Revise the risk treatment step
    – Revise all of the preceding steps 44
    44
    © Springer International Publishing AG 2017
    Control Selection and Implementations
    • Implement system countermeasures within
    organisation

    45 45
    © Springer International Publishing AG 2017
    Outline
    • Tropos and Secure Tropos
    • Security risk management
    – Abstract and concrete syntax
    – Semantics
    • Example
    • Further reading

    © Springer International Publishing AG 2017 46


    Further reading
    • Trust, delegation, provisioning, and ownership
    [Giorgini et al., 2005]

    • Goal risk-driven assessment [Asnar et al., 2011]

    • Three-layer security analysis framework


    [Li and Horkoff, 2014]

    • Socio-technical system development


    [Dalpiaz ei al., 2016]

    © Springer International Publishing AG 2017 47


    Ilhan Çelebi, Privacy Enhanced Secure Tropos: A
    Privacy Modeling Language for GDPR Compliance,
    Master thesis, University of Tartu, 2018
    Swedbank employees' technical thesis award
    <https://www.cs.ut.ee/en/news/institute-computer-
    science-alumnus-won-swedbank-thesis-award> 48
    Summary
    • Tropos and Secure Tropos
    • Security risk management
    – Abstract and concrete syntax
    – Semantics
    • Example
    • Further reading

    © Springer International Publishing AG 2017 49

    You might also like