présentation iwsm-mensura 2016
TRANSCRIPT
Evaluating Security in Web Application DesignUsing Functional and Structural Size Measurements
May 1, 20231 © 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL
Hela Hakim, Asma Sellami, Hanêne Ben-AbdallahHela Hakim, Asma Sellami, Hanêne Ben-Abdallah
FSEG, University of Sfax, TunisiaFSEG, University of Sfax, TunisiaISIMS, University of Sfax, TunisiaISIMS, University of Sfax, TunisiaKing Abdulaziz University, KSAKing Abdulaziz University, KSA
OutlineOutline
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 2
Introduction Background Proposed Approach Illustrative Example: “GeoNetwork” Conclusion & Perspective
IntroductionIntroduction
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 3
Due to the wide spread interconnection of information system within the web, attacks can be waged anonymously and from a safe distance
Many security incidents have been reported, with potentially quite severe consequences
Security becomes an important issue of every software application, and specially security of Web applications
MotivationMotivation
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 4
It is challenging to Early evaluate security (by measuring authenticity sub-characteristics ) at the design phase for developing web application
help software designers/quality engineers to detect risks of authenticity violations
help application owners (end users) to identify the degree of trust in their web applications (in case of an unauthorized access)
classify the risk of the authentication violation at the access control of authenticated users in web application
PProblematicroblematic
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 5
How to evaluate the Security of Web application at early phase of the SDLC ?
How to detect the risk ofviolation of authenticity in web application at the design phase?
it is secure
this web application site?
ObjectivesObjectives
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 6
Evaluating security characteristic in Web application design
Functional Size Measurement of the authenticity (as a sub-characteristic of Security) in terms of CFP units using COSMIC method
Structural Size Measurement of the authenticity sequence diagram using the structural size method
Measurement of the authenticity by combining the Functional and Structural Size measurement
Identifying/Classifying the risk of violation of authenticity in web application
OutlineOutline
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 7
Introduction Background Proposed Approach Illustrative Example: “GeoNetwork” Conclusion & Perspective
COSMIC - ISO 19761COSMIC - ISO 19761
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 8
COSMIC ISO 19761 Functional Measurement size method –V 4.0.1
Allow the quantification of any type of software (business, real-time, embedded,…) from user’s point of view
Independent of any quality or technical criteria Free on the web: http://cosmic-sizing.org/
COSMIC - ISO 19761COSMIC - ISO 19761
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 9
Data moveme
nt = 1CFP
Functional User Requirements
(FUR)
Data movements of a data group between the functional user of the software and a COSMIC functional process allow data exchange with a functional user across a software boundary.
Each data movement is equivalent to 1 CFP. The software
functional size is computed by adding all data movements
identified for every functional process.
Data movements of a data group between the COSMIC functional process and persistent storage allow data exchange with the persistent storage hardware.
Structural Size MethodStructural Size Method
May 1, 202310
The structural size measurement (SSM) is applied on the sequence diagram particularly in combined fragment alt, opt and loop to measure its structural size
Structural Size MethodStructural Size Method
May 1, 202311
Each combined fragments (alt, opt and loop )has its correspondent control flow graph
The SSM of a sequence diagram is equal to the size of these control flow graph (alt, opt and loop combined fragments)
Structural Size MethodStructural Size Method
May 1, 2023© Multimedia, InfoRmation Systems and Advanced Computing Laboratory - MIRACL 12
The use of SSM requires the identification of two types of data manipulation depending on the structure type in which it is defined Data manipulation represented in the flow graph of conditional
control structure (alt, opt combined fragments) Data manipulation represented in the flow graph of the
iterative control structure (loop combined fragment)
Each data manipulation is equivalent to 1 CSM (Control Structure Manipulation)
The sequence structural size is computed by adding all data manipulations identified for every control flow graph
Structural Size MethodStructural Size Method
May 1, 202313
Alt combined fragments (flow graph )Conditional Control Structure
Data manipulation= 1CSM
SS= 2CSM
Structural Size MethodStructural Size Method
May 1, 202314
opt combined fragments (flow graph )Conditional Control Structure
Data manipulation= 1CSM
SS= 1CSM
Structural Size MethodStructural Size Method
May 1, 202315
(flow graph )Iterative Control StructureLoop combined fragment
Data manipulation= 1CSM
SS= N CSM
ISO 25010 Quality ModelISO 25010 Quality Model
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 16
Characteristics
SubCharacteristics
12345
Security in ISO 25010Security in ISO 25010
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 17
the identity of a subject or resource can be proved to be
the one claimed
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 18
Establishment ofauthentication
rules
Number of provided
authentication protocols
Number of requiredauthentication
protocols inthe specification
Number ofauthentication rules
implemented for secure data
Number of authentication
rules required for secure data
Authentication protocols
OutlineOutline
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 19
Introduction Background Proposed Approach Illustrative Example: “GeoNetwork” Conclusion & Perspective
Proposed ApproachProposed Approach
Proposed Approach Proposed Approach Measuring quality attribute based on the functional size and Measuring quality attribute based on the functional size and structural size of authentication in UML sequence diagram (1)structural size of authentication in UML sequence diagram (1)
May 1, 202321
Authentication protocols
Proposed Approach Proposed Approach Measuring quality attribute based on the functional size and Measuring quality attribute based on the functional size and structural size of authentication in UML sequence diagram (1)structural size of authentication in UML sequence diagram (1)
May 1, 202322
Proposed Approach Proposed Approach Measuring quality attribute based on the functional size and Measuring quality attribute based on the functional size and structural size of authentication in UML sequence diagram (1)structural size of authentication in UML sequence diagram (1)
May 1, 202323
Quality subCharacteristic measures
Authenticity measuresQualifiers and QMEs related to the measure in ISO 25023
Qualifiers and QMEs relatedto the proposed measure based on SS and FS
AuthenticationProtocols
QM 1
Ap= Number of provided authentication protocols
Bp=Number of required authentication protocols in the specification
SSa = Structural size of the authentication sequence diagram containing alt combined diagram
Bp= Functional size of sequence diagram describing the authentication functional process
Establishment of
Authentication Rules QM2
Ar = Number of authentication rules implemented for secure data
Br= Number of authentication rules required for secure data
SSl= Structural size of the authentication sequence diagram containing loop combined diagram
Br= Functional size of sequence diagram describing the authentication functional process
Proposed Approach Proposed Approach Measuring quality attribute based on the functional size and Measuring quality attribute based on the functional size and structural size of authentication in UML sequence diagram (1)structural size of authentication in UML sequence diagram (1)
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 24
Proposed ApproachProposed ApproachEvaluating Security Characteristic of Web Application (2)Evaluating Security Characteristic of Web Application (2)
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 25
Proposed ApproachProposed ApproachInterpretation of the Security Characteristic Measured Values (3)Interpretation of the Security Characteristic Measured Values (3)
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 26
Measurement Results are generally between the range of values [0,1] because the SSa or SSl are always equals or lower than Bp, Br respectivelyLet:
Fp = SSa / BpFr = SSl / Br
The ratio between structural size and functional size measurements (Fp or Fr) represents the level of strength of authentication
Proposed Proposed ApproachApproach Interpretation of the Security Characteristic Measured Values (3)Interpretation of the Security Characteristic Measured Values (3)
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 27
The more data movement identified in the application, the more the control structure is likely to be
Consequently, the ratio (Fp or Fr) is proportional
Proposed ApproachProposed Approach Interpretation of the Security Characteristic Measured Values (3)Interpretation of the Security Characteristic Measured Values (3)
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 28
Bp is considered bigger than SSa and Br is considered bigger than SSl
If the measured value Ms is nearer or equal to the min value (the zero)
a weak authenticationis nearer or equal to the max value (the one)
a strong authenticationis in the medium (between 0 and 1; +/- 0.5)
an acceptable authentication
Proposed ApproachProposed ApproachClassification of the Violation of the Authentication (4)Classification of the Violation of the Authentication (4)
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 29
“How the measured value can be explored?” Classify the risk into different categories
OutlineOutline
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 30
Introduction Background Proposed Approach Illustrative Example: “GeoNetwork” Conclusion & Perspective
Includes three partitions: Commuter, Ticket
vending machine, and Bank Allows a Commuter to buy a ticket for a trip
Sequence Diagram: Sequence Diagram: “GeoNetwork” “GeoNetwork”
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 31
1
Applying the COSMIC methodBp ? And Br
2Applying the Stuctural size
methodSSa and SSl
Sequence Diagram: “GeoNetwork” Sequence Diagram: “GeoNetwork”
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 32
Measurement Results ( agregations)
Measurements Functions (Fp ,Fr, F)
Measurements Results
Fp = SSa / Bp Fp = 2 CSM / 13 CFP = 0.15 CSM /CFP
Fr= SSl / Br Fr = 3 CSM / 13 CFP = 0.23 CSM/CFP
F=Fp+Fr/2 0.15+0.23=0.38 CSM/CFP
OutlineOutline
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 33
Introduction Background FC impact in UML-AD Illustrative Example : “GeoNetwork” Conclusion & Perspective
ConclusionConclusion
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 34
Evaluating security in terms of Authenticity sub characteristic
FS SS Combination of FS and SS
Identifying and classifying the risk violation (“Secure”, “Moderate”, “Very high” )
Secure : the measured values is nearer or equal to the max value
Moderate : the measured values is in the medium Very high risk : the measured values is nearer or equal to
the min value
PerspectivePerspective
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 35
Further works
Validating the proposed measure Providing an automatic tool to help
designers/quality assurance in making appropriate decisions related to the security of their web application
Thank you!Thank you!
May 1, 2023© 2016 “Multimedia, InfoRmation Systems and Advanced Computing Laboratory” - MIRACL 36
Hela Hakim
Asma Sellami&
Hanêne Ben-Abdallah
e-mail:[email protected]
[email protected]@kau.edu.sa