DOCSLIB.ORG

A Pattern-Driven Process for Secure Service

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Pattern-Driven Process for Secure Service A PATTERN-DRIVEN PROCESS FOR SECURE SERVICE- ORIENTED APPLICATIONS by Nelly A. Delessy A Dissertation Submitted to the Faculty of The College of Engineering and Computer Science in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy Florida Atlantic University Boca Raton, Florida May 2008 © Copyright by Nelly A. Delessy 2008 ii ACKNOWLEDGEMENTS My deepest gratitude goes to Dr Eduardo B. Fernandez, for not only being my advisor, but also for being a mentor and a friend during my stay at Florida Atlantic University. He was instrumental in my success in the software engineering and security fields. I am grateful for his guidance. His vision and expertise in these domains helped turned ideas into this research work. I am also grateful to the co-chair of my supervisory committee, Dr Maria M. Larrondo-Petrie for her encouragement and advice. Her support was greatly appreciated. I sincerely thank the other members of my dissertation committee, Dr John Yin and Dr Jie Wu for their valuable comments. I am also grateful to the Secure System Research Group, in particular to Dr Michael Van Hilst, Dr Shihong Huang and Tami Sorgente for their valuable suggestions and their constructive criticism along the development of my work. iv ABSTRACT Author: Nelly A. Delessy Title: A Pattern-Driven Process for Secure Service-Oriented Applications Institution: Florida Atlantic University Dissertation Advisor: Dr Eduardo B. Fernandez Degree: Doctor of Philosophy in Computer Science Year: 2008 During the last few years, Service-Oriented Architecture (SOA) has been considered to be the new phase in the evolution of distributed enterprise applications. Even though there is a common acceptance of this concept, a real problem hinders the widespread use of SOA: A methodology to design and build secure service-oriented applications is needed. In this dissertation, we design a novel process to secure service oriented applications. Our contribution is original not only because it applies the MDA v approach to the design of service-oriented applications but also because it allows their securing by dynamically applying security patterns throughout the whole process. Security patterns capture security knowledge and describe security mechanisms. In our process, we present a structured map of security patterns for SOA and web services and its corresponding catalog. At the different steps of a software lifecycle, the architect or designer needs to make some security decisions. An approach using a decision tree made of security pattern nodes is proposed to help making these choices. We show how to extract a decision tree from our map of security patterns. Model-Driven Architecture (MDA) is an approach which promotes the systematic use of models during a system‟s development lifecycle. In the dissertation we describe a chain of transformations necessary to obtain secure models of the service-oriented application. A main benefit of this process is that it decouples the application domain expertise from the security expertise that are both needed to build a secure application. Security knowledge is captured by pre-defined security patterns, their selection is rendered easier by using the decision trees and their application can be automated. A consequence is that the inclusion of security during the software development process becomes more convenient for the architects/designers. A second benefit is that the insertion of security is semi-automated and traceable. Thus, the process is flexible and can easily adapt to changing requirements. Given that SOA was developed in order to provide enterprises with modular, reusable and adaptable vi architectures, but that security was the principal factor that hindered its use, we believe that our process can act as an enabler for service-oriented applications. vii To Nicolas, Thomas and Lunes viii TABLE OF CONTENTS Acknowledgements .................................................................................................................................... iv Abstract ......................................................................................................................................................... v Table of Contents ....................................................................................................................................... ix List of Figures ............................................................................................................................................ xii List of Tables ............................................................................................................................................ xiv Chapter 1 Introduction ............................................................................................................................... 1 1. 1. Motivations ................................................................................................................................... 1 1. 2. Problem statement....................................................................................................................... 2 1. 3. Methodology and overview of the solution ............................................................................ 3 1. 4. Contributions ................................................................................................................................ 6 1. 5. Organization of the dissertation ............................................................................................... 7 Chapter 2 Background ................................................................................................................................ 8 2. 1. System Security ............................................................................................................................. 8 2. 2. Software Patterns ...................................................................................................................... 10 2.2.1. Security Patterns .............................................................................................................. 12 2. 3. Service Oriented Architecture ................................................................................................ 12 2.3.1. Why Service Oriented Architecture? ........................................................................... 12 2.3.2. What is Service Oriented Architecture? ...................................................................... 13 2.3.3. Service-oriented applications ......................................................................................... 15 2.3.4. Implementing Service Oriented Architecture ............................................................ 15 2. 4. Web Services .............................................................................................................................. 16 2.4.1. XML Schema .................................................................................................................... 17 2.4.2. WSDL ................................................................................................................................ 17 2.4.3. SOAP ................................................................................................................................. 18 2.4.4. WS-BPEL (a.k.a. BPEL4WS or BPEL) ...................................................................... 18 2.4.5. Putting it all together ....................................................................................................... 18 2. 5. Model-Driven Development .................................................................................................. 19 ix 2. 6. Model-Driven Architecture .................................................................................................... 20 2.6.1. The MDA views .............................................................................................................. 21 2.6.2. The MDA process ........................................................................................................... 22 2.6.3. MDA specifications ........................................................................................................ 24 2. 7. Related work .............................................................................................................................. 26 Chapter 3 A Pattern-Based Process For Secure Service-Oriented Applications .......................... 29 3. 1. Motivation: Non-composability of security properties in service-oriented applications ......................................................................................................................................... 29 3.1.1. A simple model for SOA ............................................................................................... 31 3.1.2. Securing atomic services ................................................................................................. 34 3.1.3. Composability of security properties for service-oriented systems ....................... 37 3.1.4. Discussion ......................................................................................................................... 41 3. 2. Theoretical foundations ........................................................................................................... 42 3. 3. Overview of the methodology ............................................................................................... 45 3. 4. The detailed process ................................................................................................................
Load more

Recommended publications
  • Capturing Interactions in Architectural Patterns
    Capturing Interactions in Architectural Patterns Dharmendra K Yadav Rushikesh K Joshi Department of Computer Science and Engineering Department of Computer Science and Engineering Indian Institute of Technology Bombay Indian Institute of Technology Bombay Powai, Mumbai 400076, India Powai, Mumbai 400076, India Email: [email protected] Email: [email protected] TABLE I Abstract—Patterns of software architecture help in describing ASUMMARY OF CCS COMBINATORS structural and functional properties of the system in terms of smaller components. The emphasis of this work is on capturing P rimitives & Descriptions Architectural the aspects of pattern descriptions and the properties of inter- Examples Significance component interactions including non-deterministic behavior. Prefix (.) Action sequence intra-component Through these descriptions we capture structural and behavioral p1.p2 sequential flow specifications as well as properties against which the specifications Summation (+) Nondeterminism choice within a component are verified. The patterns covered in this paper are variants of A1 + A2 Proxy, Chain, MVC, Acceptor-Connector, Publisher-Subscriber Composition (|) Connect matching multiple connected and Dinning Philosopher patterns. While the machines are CCS- A1 | A2 i/o ports in assembly components based, the properties have been described in Modal µ-Calculus. Restriction (\) Hiding ports from Internal The approach serves as a framework for precise architectural A\{p1, k1, ..} further composition features descriptions. Relabeling ([]) Renaming of ports syntactic renaming A[new/old, ..] I. INTRODUCTION In component/connector based architectural descriptions [6], [13], components are primary entities having identities in the represents interface points as ports uses a subset of CSP for system and connectors provide the means for communication it’s formal semantics.
    [Show full text]
  • Automatic Verification of Java Design Patterns
    Automatic Verification of Java Design Patterns Alex Blewitt, Alan Bundy, Ian Stark Division of Informatics, University of Edinburgh 80 South Bridge, Edinburgh EH1 1HN, UK [email protected] [email protected] [email protected] Abstract 2. Design patterns There are a number of books which catalogue and de- Design patterns are widely used by object oriented de- scribe design patterns [4, 1, 6] including an informal de- signers and developers for building complex systems in ob- scription of the key features and examples of their use. ject oriented programming languages such as Java. How- However, at the moment there are no books which attempt ever, systems evolve over time, increasing the chance that to formalise these descriptions, possibly for the following the pattern in its original form will be broken. reasons: We attempt to show that many patterns (implemented in Java) can be verified automatically. Patterns are defined 1. The implementation (and description) of the pattern is in terms of variants, mini-patterns, and constraints in a language-specific. pattern description language called SPINE. These specifi- 2. There are often several ways to implement a pattern cations are then processed by HEDGEHOG, an automated within the same language. proof tool that attempts to prove that Java source code 3. Formal language descriptions are not common within meets these specifications. the object oriented development community. Instead, each pattern is presented as a brief description, and an example of its implementation and use. Designers and developers are then expected to learn the ‘feel’ of a pat- 1.
    [Show full text]
  • Co-Occurrence of Design Patterns and Bad Smells in Software Systems
    XI Brazilian Symposium on Information System, Goi^ania,GO, May 26-29, 2015. Co-Occurrence of Design Patterns and Bad Smells in Software Systems: An Exploratory Study Bruno Cardoso Eduardo Figueiredo Software Engineering Lab (LabSoft) Software Engineering Lab (LabSoft) Federal University of Minas Gerais (UFMG) Federal University of Minas Gerais (UFMG) Belo Horizonte, MG - Brazil Belo Horizonte, MG - Brazil [email protected] [email protected] ABSTRACT In a previous work [1], we performed a systematic literature A design pattern is a general reusable solution to a recurring review in order to understand how studies investigate these two problem in software design. Bad smells are symptoms that may topics, design patterns and bad smells, together. Our results indicate something wrong in the system design or code. showed that, in general, studies have a narrow view concerning Therefore, design patterns and bad smells represent antagonistic the relation between these concepts. Most of them focus on structures. They are subject of recurring research and typically refactoring opportunities. Among these, some tools [3][7][15][17] appear in software systems. Although design patterns represent have been proposed to identify code fragments that can be good design, their use is often inadequate because their refactored to patterns. Other studies [2][6] establish a structural implementation is not always trivial or they may be unnecessarily relationship between the terms design pattern and bad smell. In employed. The inadequate use of design patterns may lead to a addition, there are reported cases in the literature where the use of bad smell. Therefore, this paper performs an exploratory study in design patterns may not always be the best option and the wrong order to identify instances of co-occurrences of design patterns use of a design pattern can even introduce bad smells in code [19] and bad smells.
    [Show full text]
  • Enterprise Development with Flex
    Enterprise Development with Flex Enterprise Development with Flex Yakov Fain, Victor Rasputnis, and Anatole Tartakovsky Beijing • Cambridge • Farnham • Köln • Sebastopol • Taipei • Tokyo Enterprise Development with Flex by Yakov Fain, Victor Rasputnis, and Anatole Tartakovsky Copyright © 2010 Yakov Fain, Victor Rasputnis, and Anatole Tartakovsky.. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles (http://my.safaribooksonline.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editor: Mary E. Treseler Indexer: Ellen Troutman Development Editor: Linda Laflamme Cover Designer: Karen Montgomery Production Editor: Adam Zaremba Interior Designer: David Futato Copyeditor: Nancy Kotary Illustrator: Robert Romano Proofreader: Sada Preisch Printing History: March 2010: First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. Enterprise Development with Flex, the image of red-crested wood-quails, and related trade dress are trademarks of O’Reilly Media, Inc. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc. was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation of this book, the publisher and authors assume no responsibility for errors or omissions, or for damages resulting from the use of the information con- tained herein.
    [Show full text]
  • Prof. Catalin Boja, Phd [email protected] Source Code Quality
    Design patterns Prof. Catalin Boja, PhD [email protected] http://acs.ase.ro/software-quality-testing Source code quality Principles for writing the code: • Easy to read / understand - clear • Easy to modify - structured • Easy to reuse • Simple (complexity) • Easy to test • Implement patterns for the standard problem Left: Simply Explained: Code Reuse 2009-12- acs.ase.ro [email protected] 03.By Oliver Widder, Webcomics Geek Aad Poke.2 Source code quality Forces that influence it: • Available time (delivery terms) • Costs • The experience of the programmer • Programmer competences • Specifications clarity • Solution complexity • Change rates for specifications, requirements, team, etc http://khristianmcfadyen.com/ acs.ase.ro [email protected] 3 Anti-Pattern: Big ball of mud “A Big Ball of Mud is a haphazardly structured, sprawling, sloppy, duct-tape- and-baling-wire, spaghetti- code jungle.” Brian Foote and Joseph Yoder, Big Ball of Mud, September 1997 acs.ase.ro [email protected] 4 Anti-Pattern: Big ball of mud Where from ? Why ? • Throwaway code - Temporary (Prototyping) solutions to be replaced / rewritten • Cut and Paste code • Adapting code by commenting / deleting other solutions • Very short or unrealistic deadlines • Lack of experience • Lack of standards / procedures acs.ase.ro [email protected] 5 Anti-Pattern: Big ball of mud How do you avoid it? • Rewriting the code (Refactoring) to an acceptable maturity level • Use Clean Code Principles • Design Patterns Implementation acs.ase.ro [email protected] 6 Design-pattern • A pattern is a reusable solution for a standard problem in a given context • Facilitates the reuse of architectures and software design • They are not data structures acs.ase.ro [email protected] 7 Design-pattern “A pattern involves a general “..
    [Show full text]
  • Reducing Maintenance Costs Through the Application of Modern Software Architecture Principles
    Reducing Maintenance Costs Through the Application of Modern Software Architecture Principles Christine Hulse and Michael Ubnoske Louis Vazquez Scott Edgerton Architecture Technology Department of the Army United Defense, LP Minneapolis, Minnesota Picatinny Arsenal, Minneapolis, Minnesota 1.612.829.5864 New Jersey 1.612.572.6109/6156 [email protected] 1.973.724.5259 [email protected] [email protected] [email protected] 1. ABSTRACT 1.1 Keywords Large software programs are usually long lived Architecture, design patterns, software maintenance, modeling, real-time software and continually evolve. Substantial maintenance effort is often extended by 2. INTRODUCTION engineers trying to understand the software The Crusader Field Artillery System is the U.S. Army's next prior to making changes. To successfully generation 155-mm self-propelled howitzer (SPH) and its companion resupply vehicle (RSV). The Crusader is a evolve the software, a thorough understanding software-intensive system that is being designed to last well of the architect's intentions about software into the next century. Ada95 is the implementation language organization is required. Software for all software development on the Crusader program. maintenance costs can be reduced significantly Modern software architecture methods are being applied to if the software architecture is well defined, capture the general principles used throughout the design and to provide a guide for further development of the clearly documented, and creates an software. The architecture is being modeled using the environment that promotes design consistency Unified Modeling Language (UML) to bring together the through the use of guidelines and design design vision of all of the key stakeholders.
    [Show full text]
  • HEDGEHOG: Automatic Verification of Design Patterns in Java
    HEDGEHOG: Automatic Verification of Design Patterns in Java Alex Blewitt I V N E R U S E I T H Y T O H F G E R D I N B U Doctor of Philosophy School of Informatics University of Edinburgh 2006 Abstract Design patterns are widely used by designers and developers for building complex systems in object-oriented programming languages such as Java. However, systems evolve over time, increasing the chance that the pattern in its original form will be broken. To verify that a design pattern has not been broken involves specifying the original intent of the design pattern. Whilst informal descriptions of patterns exist, no formal specifications are available due to differences in implementations between programming languages. This thesis shows that many patterns (implemented in Java) can be verified automatically. Patterns are defined in terms of variants, mini-patterns, and artefacts in a pattern description language called SPINE. These specifications are then processed by HEDGEHOG, an automated proof tool that attempts to prove that Java source code meets these specifications. iii Acknowledgements I am indebted to Alan Bundy who has given me the freedom to work on this thesis whilst at the same time guiding me towards the final production and presentation of these results. I not would have been able to achieve this without Alan’s support through a sometimes difficult, but always busy part of my life. This project, and especially the production of this thesis, would not have been possible without the care and attention that Alan provided. Ian Stark has provided invaluable feedback on all aspects of this thesis, from the low-level technical intricacies of Java’s design patterns through to the high-level structure of the thesis as a whole.
    [Show full text]
  • Java Design Patterns I
    Java Design Patterns i Java Design Patterns Java Design Patterns ii Contents 1 Introduction to Design Patterns 1 1.1 Introduction......................................................1 1.2 What are Design Patterns...............................................1 1.3 Why use them.....................................................2 1.4 How to select and use one...............................................2 1.5 Categorization of patterns...............................................3 1.5.1 Creational patterns..............................................3 1.5.2 Structural patterns..............................................3 1.5.3 Behavior patterns...............................................3 2 Adapter Design Pattern 5 2.1 Adapter Pattern....................................................5 2.2 An Adapter to rescue.................................................6 2.3 Solution to the problem................................................7 2.4 Class Adapter..................................................... 11 2.5 When to use Adapter Pattern............................................. 12 2.6 Download the Source Code.............................................. 12 3 Facade Design Pattern 13 3.1 Introduction...................................................... 13 3.2 What is the Facade Pattern.............................................. 13 3.3 Solution to the problem................................................ 14 3.4 Use of the Facade Pattern............................................... 16 3.5 Download the Source Code.............................................
    [Show full text]
  • Lecture 17: Pattern Potpourri: Pure Fab, Facade, Proxy, Command
    Lecture 17: Patterns Potpourri Copyright W. Howden 1 GOF Patterns • GOF: Gamma, Helm, Johnson, Vlissides – Design Patterns, Addison Wesley, 1995 • Patterns we have seen so far – Creational Patterns • e.g. Factory, Singleton – Structural Patterns • e.g. Wrappers (Decorator, Adapter) – Behavioral Patterns • e.g. Observer/Observable, State Copyright W. Howden 2 Some Additional GOF Patterns • Structural – Bridge, Composite (Compound), Flyweight, Facade, Proxy • Behavioral – Command, Iterator, Mediator, Chain of Responsibility, Visitor, Memento, Strategy Copyright W. Howden 3 Other Patterns • Misc: Indirection, Pure Fabrication, • System architecture – layers, filters Copyright W. Howden 4 Bridge Pattern • Purpose: Decouple an abstraction from its implementation so that the implementation can be easily changed • Strategy: make the implementation details an object that is a component in the abstraction • E.g. Graphics objects such as Window have a WindowPeer component that is constructed to work for a particular graphics platform Copyright W. Howden 5 Composite Pattern • Purpose: build arbitrarily large, complex objects from simple parts. • Strategy: – Use recursion Copyright W. Howden 6 Recursion • Languages, e.g. char -> A | B | ... | Z alphaString -> char | string + char • Functions, e.g. factorial(n) = {if n=0 then 1 else n*factorial(n-1)} • Classes ? Compound objects are constructed from parts that are instances of subclasses of an abstract class, of which the compound object is itself a subclass Copyright W. Howden 7 Composite Structure «metaclass» metaclass1 Class3 Class2 CompoundObjectsClass Copyright W. Howden 8 Composite Example 1 • SequenceInputStream constructor can take 2 or more concrete instances of InputStream and concatenate them to produce a new concrete instance of Inputstream • Abstract class: InputStream • Compound Object: SequenceInputStream Copyright W.
    [Show full text]
  • Functional Programming at Work in Object-Oriented Programming
    Functional Programming at Work in Object-Oriented Programming Narbel version 2010 Narbel Functional Programming at Work in Object-Oriented Programming 1 A Claim about Programming Styles Claim: Adding functional programming capabilities to an object-oriented language leads to benefits in object-oriented programming design. Narbel Functional Programming at Work in Object-Oriented Programming 2 Existing Languages with a FP-OOP Mix Some old and less old languages with FP+OOP: For instance, Smalltalk, Common Lisp (CLOS). More recently, Python or Ruby. Notations: FP, Functional programming; OOP, Object-oriented programming, Narbel Functional Programming at Work in Object-Oriented Programming 3 FP techniques emulated in OOP Practices in OOP languages include emulations of FP techniques: C++ programmers: function pointers and overloadings of the () operator, i.e. “object-functions” or functors. Java programmers: anonymous classes and introspection/reflexion. Narbel Functional Programming at Work in Object-Oriented Programming 4 Existence of FP-OOP Comparison Points The idea of using FP to enrich OOP is old, see e.g. the discussions about the problem of the user-defined datatype extension: User-defined types and procedural data structures as complementary approaches to data abstraction. Reynolds. 1975. The Expression Problem. Wadler. 1998. Narbel Functional Programming at Work in Object-Oriented Programming 5 A Trend: FP Extensions for OO Languages A recent trend: to propose and include typed FP extensions in mainstream static OO languages. Extensions for C++ (see e.g. Laufer, Striegnitz, McNamara, Smaragdakis), and work in progress in the C++ standard committees. Java 7 expected to include FP constructs. C# offers FP constructs (even more in its 3.0 version).
    [Show full text]
  • Design Patterns Mock Test
    DDEESSIIGGNN PPAATTTTEERRNNSS MMOOCCKK TTEESSTT http://www.tutorialspoint.com Copyright © tutorialspoint.com This section presents you various set of Mock Tests related to Design Patterns Framework. You can download these sample mock tests at your local machine and solve offline at your convenience. Every mock test is supplied with a mock test key to let you verify the final score and grade yourself. DDEESSIIGGNN PPAATTTTEERRNNSS MMOOCCKK TTEESSTT IIII Q 1 - Which of the following describes the Composite pattern correctly? A - This pattern builds a complex object using simple objects and using a step by step approach. B - This pattern is used where we need to treat a group of objects in similar way as a single object. C - This pattern hides the complexities of the system and provides an interface to the client using which the client can access the system. D - This pattern is primarily used to reduce the number of objects created and to decrease memory footprint and increase performance. Q 2 - Which of the following describes the Decorator pattern correctly? A - This pattern allows a user to add new functionality to an existing object without altering its structure. B - This pattern is used where we need to treat a group of objects in similar way as a single object. C - This pattern hides the complexities of the system and provides an interface to the client using which the client can access the system. D - This pattern is primarily used to reduce the number of objects created and to decrease memory footprint and increase performance. Q 3 - Which of the following describes the Facade pattern correctly? A - This pattern allows a user to add new functionality to an existing object without altering its structure.
    [Show full text]
  • The Impact of Flyweight and Proxy Design Patterns on Software Efficiency: an Empirical Evaluation
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 10, No. 7, 2019 The Impact of Flyweight and Proxy Design Patterns on Software Efficiency: An Empirical Evaluation Muhammad Ehsan Rana1, Wan Nurhayati Wan Ab Rahman2 Masrah Azrifah Azmi Murad3, Rodziah Binti Atan4 Faculty of Computer Science and IT, Universiti Putra Malaysia 43400 Serdang, Selangor, Malaysia Abstract—In this era of technology, delivering quality There are three perspectives of quality attributes in Jim software has become a crucial requirement for the developers. McCall’s model, namely Product Revision, Product Transition, Quality software is able to help an organization to success and and Product Operations. Product revision is the ability or gain a competitive edge in the market. There are numerous enhancement of the ability for the software to change in quality attributes introduced by various quality models. Various accordance to user needs. Product transition on the other hand, researches and studies prove that the quality of the object- is the ability for the software to adapt itself to changing oriented software can be improved by using design patterns. The environments. Finally, product operation, which is the topic of main purpose of this research is to identify the relationships discussion of this research, is defined by the ability of the between the design patterns and software efficiency quality software to operate in accordance to the user demands and attribute. This research is focused on the impact of Flyweight without defects [1]. and Proxy Design Patterns on the efficiency of software. An example scenario is used to empirically evaluate the effectiveness Efficiency is “the state or quality of being efficient”, which of applied design refinements on efficiency of a system.
    [Show full text]