Security Pattern Validation and Recognition
Total Page:16
File Type:pdf, Size:1020Kb
Security-Pattern Recognition and Validation Dissertation Submitted by Michaela Bunke on 12th December 2018 to the Universit¨atBremen Faculty of Mathematics and Computer Science in partial fulfillment of the requirements for the degree of Doktor der Ingenieurwissenschaften { Dr.-Ing. { Reviewed by Prof. Dr. Hans-J¨orgKreowski Universit¨atBremen, Germany and Dr. Karsten Sohr Universit¨atBremen, Germany In Memorial of Ilse Schlamilch Karl Schlamilch Manfred Friedrichs 21 November 1924 03 March 1927 29 August 1935 09 June 2017 19 June 2018 3 July 2017 ABSTRACT The increasing and diverse number of technologies that are connected to the Internet, such as distributed enterprise systems or small electronic devices like smartphones, brings the topic IT security to the foreground. We interact daily with these technologies and spend much trust on a well-established software development process. However, security vulnerabilities appear in software on all kinds of PC(- like) platforms, and more and more vulnerabilities are published, which compromise systems and their users. Thus, software has also to be modified due to changing requirements, bugs, and security flaws and software engineers must more and more face security issues during the software design; especially maintenance programmers must deal with such use cases after a software has been released. In the domain of software development, design patterns have been proposed as the best-known solutions for recurring problems in software design. Analogously, security patterns are best practices aiming at ensuring security. This thesis develops a deeper understanding of the nature of security patterns. It focuses on their validation and detection regarding the support of reviews and maintenance activities. The landscape of security patterns is diverse. Thus, published security patterns are collected and organized to identify software-related security patterns. The description of the selected software-security patterns is assessed, and they are compared against the common design patterns described by Gamma et al. to identify differences and issues that may influence the detection of security patterns. Based on these insights and a manual detection approach, we illustrate an automatic detection method for security patterns. The approach is implemented in a tool and evaluated in a case study with 25 real-world Android applications from Google Play. iii ZUSAMMENFASSUNG Die zunehmende und vielf¨altige Anzahl von Technologien, die mit dem Internet verbunden sind, zum Beispiel verteilte Unternehmenssysteme oder kleine elektronische Ger¨ate wie das Smartphone, r¨ucken das Thema IT-Sicherheit in den Vordergrund. Wir interagieren t¨aglich mit diesen Technologien und setzen viel Vertrauen in einen gut etablierten Software-Entwicklungsprozess, der u.a. auch die Gew¨ahrleistungvon Sicherheit beinhalten sollte. Sicherheitsl¨ucken treten jedoch in allen Arten von Software auf, wie die zunehmende Anzahl an ver¨offentlichten Sicherheitsl¨ucken in Software-Systemen zeigt. Daraus ergibt sich, dass eine bestehende Software aufgrund sich ¨andernder Anforderungen, Fehlern aber auch Sicherheitsl¨ucken modifiziert werden muss. Dadurch m¨ussen sich Entwickler und Entwicklerinnen beim Software-Design und vor allem bei der Softwarewartung mehr und mehr mit Sicherheitsproblemen und Sicherheitsfragestellungen auseinandersetzen. Im Bereich der Softwareentwicklung haben sich Entwurfsmuster als L¨osungen f¨urwiederkehrende Probleme beim Software-Design etabliert. Analog dazu sind Sicherheitsmuster (engl. security patterns) bew¨ahrte Praktiken, die auf die Gew¨ahrleistung von Sicherheit abzielen. Diese Arbeit vermittelt ein tieferes Verst¨andnis¨uber die Natur von Sicherheitsmustern und konzentriert sich dabei auf die Validierung und die Erkennung von Sicherheitsmustern zur Unterst¨utzungvon Pr¨ufungs-und Wartungsaktivit¨aten in der Softwareentwicklung. Die Landschaft der Sicherheitsmuster ist vielf¨altig. Daher werden in dieser Arbeit zuerst ver¨offentlichte Sicherheitsmuster gesammelt und kategorisiert, um softwarebezogene Sicherheitsmuster zu identifizieren. Anschließend wird die Beschreibung der ausgew¨ahlten Software-Sicherheitsmuster untersucht und mit den in der Softwareentwicklung bekannten Entwurfsmustern von Gamma et al. verglichen. Im Anschluss wird mit einem manuellen Verfahren versucht, implementierte Sicherheitsmuster in Softwaresystemen zu erkennen. Die aus den vorangegangenen Schritten gewonnenen Erkenntnisse fließen dann in eine automatische Erkennungsmethode f¨urSicherheitsmuster ein, die im Rahmen dieser Arbeit implementiert und mit einer Fallstudie mit 25 Applikationen von Google Play evaluiert wurde. v ACKNOWLEDGEMENTS Working on a Ph.D. is truly a marathon, and I would not have been able to complete this way without the aid and support of many people over the past eight years. Firstly, I would like to express my sincere gratitude to my advisor Karsten Sohr for the continuous support of my Ph.D. study and related research help from the very beginning to the end of this thesis. Without his guidance and constant feedback, this Ph.D. would not have been achievable. Besides my advisor, I am grateful to Hans-J¨orgKreowski who had taken over the supervision of this thesis in the final phase. Thanks to Rainer Koschke who provided me years ago an opportunity to join his research group and supported me in the beginning of my research. Special thanks to Bernhard Berger for sharing his Eclipse integrated Soot framework with me, our inspiring conversations about static analysis and security, and nevertheless our coffee walks to the GW2; I miss them. I also want to thank Dierk L¨udemann and Rebecca Tiarks for being there to listen when I needed an ear, especially when problems with my research and other stuff arose. Furthermore a big thank you to Immo Colonius, who reviewed this thesis and gave me constructive feedback on how to improve it. I am also deeply thankful to Ralf Streibl, Maxie and Malte Hesse, and all my friends who encouraged me to finish this thesis. Also many thanks to all the people that I met at various conferences as well as the members of SAFECode for the fruitful discussions, inspirations, and feedback on my work. I want to thank my mother Ingrid for her open ear and ongoing support of almost everything I do. Thanks to my daughters Cilia and Naomi for their patience when I could not play with them and had to work on my thesis or as Cilia always said: "am langen Text weiterschreiben". Finally, I would like to acknowledge the most important person in my life { my partner Thomas. There were times during the past eight years when everything seemed hopeless, and I didn't have any hope. I can honestly say that it was only his support and sometimes a kick on my backside when I needed one that made it possible for me to see this project through to the end. Michaela Bunke, 12th December 2018 vii TABLE OF CONTENTS I Prelude 1 1 Introduction 3 1.1 Motivation . .4 1.2 Problem Statement . .6 1.3 Approach . .7 1.3.1 Security Pattern Validation . .7 1.3.2 Security Pattern Detection . .8 1.4 Contributions . .9 1.5 Origin of Chapters and Related Publications . .9 1.6 Thesis Outline . 10 2 Background 13 2.1 Software Maintenance . 13 2.2 Software Reengineering . 14 2.3 Software Security . 14 2.3.1 Security by Design . 14 2.3.2 Security Bug Finder . 15 2.3.3 Software Security-Review . 15 2.4 Program Comprehension . 16 2.5 Patterns . 16 2.5.1 Origins of the Design Pattern Technique . 16 2.5.2 Software Design Patterns . 17 2.5.3 Security Patterns . 17 2.6 Conclusion . 18 II Validation 19 3 Literature Review 21 3.1 Article Selection and Discovery . 21 3.1.1 Process . 22 3.1.2 Result . 23 3.2 Summary . 27 ix 4 Classification 29 4.1 Requirements for Classifications . 30 4.2 Existing Classifications . 31 4.2.1 Design-Pattern Classifications . 31 4.2.2 Security-Pattern Classifications . 34 4.2.3 Classification Similarity . 37 4.2.4 Classification Distinction . 37 4.2.5 Resum´e . 39 4.3 Challenges in Categorizing Security Patterns . 39 4.3.1 Description Form Inspection . 39 4.3.2 Section Assessment/Examination . 40 4.3.3 Challenges for the Classification Approach . 41 4.4 Application-Domain Classification . 42 4.4.1 Organizing by Application-Domain . 42 4.4.2 The Application-Domain Criteria . 42 4.4.3 Result . 44 4.5 Merging Pattern Recognition and Security Needs . 44 4.5.1 Classification . 45 4.5.2 Pattern-Recognition Aspects . 45 4.5.3 Security Aspects . 47 4.5.4 Result . 47 4.6 Discussion . 48 4.7 Summary . 49 5 Analysis of Security-Pattern Descriptions 51 5.1 Introduction . 51 5.2 Identification of Additionally Used Sections . 53 5.2.1 Analysis . 54 5.2.2 Result . 55 5.3 Description-Form Alignment . 55 5.3.1 Process . 57 5.3.2 Section Mapping . 57 5.3.3 Security-Specific Sections . 60 5.4 Case Study . 61 5.4.1 Context . 61 5.4.2 Hypothesis and Measurable Terms . 61 5.4.3 Object-Selection Process . 61 5.4.4 Object Preparation . 64 5.4.5 Comparison Process . 64 5.4.6 Analyzing the Results . 64 5.4.7 Resum´e . 66 5.5 Summary . 66 6 Software-Security Patterns: Degree of Maturity 69 6.1 Introduction . 69 6.2 Patterns and the Software Life-Cycle . 71 6.2.1 Software Engineering|Forward Engineering . 72 6.2.2 Software Maintenance|Reverse Engineering . 73 6.2.3 Resum´e . 74 6.3 Possible Issues Affecting the Adoption of Patterns . 75 6.3.1 Terminology . 75 6.3.2 Classification . 76 6.3.3 Pattern Presentation . 77 6.3.4 Resum´e . 83 6.4 Summary . 83 III Recognition 85 7 Manual Security-Pattern Detection 87 7.1 Bauhaus Tool and Hierarchical Reflexion Analysis . 87 7.2 Early Case Studies . 88 7.2.1 Single Access Point Pattern . 89 7.2.2 Case Study: Spark . 90 7.2.3 Case Study: Simple Android Instant Messaging Application . 91 7.2.4 Resum´e . 92 7.3 Security Aspects and the RFG .