Académique Documents
Professionnel Documents
Culture Documents
1. INTRODUCTION
Mainly software systems are developed without security
requirements in mind, which happen because developers
usually tend to concentrate their efforts in first understanding
systems functional requirements, non-function ones, like
security, on a second plan [Ferraz et al., 2009]. Number of
approaches of security incorporation in software development
life cycle had been proposed, some of the well-known
approaches includes UMLsec [Jurjens,2004]; CORAS
[Braber,
2003];
CLASP
[Chandra,
2006];
SecureTropos[Mouratidis, 2007] ;Goal-Risk [Ansar et al.,
2007] etc. But there is no standard method that is reliable,
well defined and based on security features and design
patterns. Still there is significant need to develop a risk
estimation method in the design phase of the software that can
estimate the need of security feature and guide the designer to
choose appropriate security design pattern accordingly.
In this paper CC (Common Criteria) security requirements
[Common Criteria, 2008] is taken as a reference model and its
all 64 classes (software specific) are accumulated in six basic
security feature classes which include 1).Authentication;
2).Authorization; 3). Audit and Logging; 4).Secured Storage;
5). Secure Information Flow and 6). Secure Session
Management. The percentage of contribution of each security
feature is calculated on the basis of common keywords in the
CC security requirement class and the security feature class
definition. Further the weightage of each requirement is
calculated on the basis of availability of security feature under
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
71
Access Control at
Storage Level
Secured
Storage
1.
Vulnerability Classes
Authentication
Common Keywords
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
72
2.
Authorization
3.
4.
5.
6.
Secure Information
Flow
Secure Session
Management
Table 3.2 Availability matrix of vulnerability class and the CC security requirement class
S.No.
1.
Requirement Classes
Authen
ticatio
n
(Au)
Autho
rization
(Ao)
Audit
and
Loggi
ng
(At)
Secured
Storage
(S)
Secur
e
Infor
mation
Flow
(If)
Secure
Session
manage
ment
(Ss)
Tota
l
Max
=6
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
73
0
0
0
1
1
1
1
1
0
0
0
0
2
3
1
1
1
1
0
0
1
0
0
0
0
0
3
2
1
1
1
1
0
0
0
0
0
0
0
0
2
2
1
0
0
0
0
0
1
1
1
1
0
1
0
1
1
0
1
0
0
0
0
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
2
2
2
1
1
3
N/A
N/A
N/A
N/A
N/A
N/A
N/A
0
0
0
0
0
0
1
0
0
1
0
0
0
1
1
0
1
1
2
2
2
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
74
0
0
0
0
0
0
0
1
1
1
1
1
2
3
1
0
0
0
1
1
1
1
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
3
1
1
1
0
27
0
46
0
21
0
18
1
20
0
9
Security Features
OSR
SFC
1.
Authentication
27
19.14894
2.
Authorization
46
32.62411
3.
21
14.89362
4.
Secure Storage
18
12.76596
5.
Secured Information
Flow
20
Secured Session
Management
09
Total
141
14.1844
6.38297
100
The final values of OSR and SFC are shown in table 4.3
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
75
Subsets of security
TSFC
Features
1.
8.1
(At)
14.89362
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
8.2
8.3
8.4
8.5
8.6
9.1
9.2
10.1
10.2
11.1
11.2
11.3
11.4
11.5
11.6
11.7
11.8
11.9
11.10
11.11
11.12
11.13
12.1
12.2
12.3
12.4
12.5
12.6
13.1
13.2
13.3
13.4
13.5
13.6
13.7
14.1
14.2
14.3
14.4
15.1
15.2
15.3
15.4
15.5
( Ao, At )
(Ao, At )
(Ao, At)
(Ao, At )
(Ao, At )
(Ao, At)
(Au, Ao, At )
(Ao, S, If )
( If)
( Au, Ao)
( Au, Ao)
( Au, S)
( Au, If)
( Au, If, Ss )
( Au, If, Ss )
( Au, Ao,If,)
( Au, Ao,If,)
( Au, Ao, If)
( At, S,)
( Ao, At, S )
(Ao, If)
(Ao, If )
( Au, At, S)
( Au, Ao,)
( Au, Ao, S )
( Au,S )
( Au, Ao, S )
( Au, Ao )
( Au, Ao, S )
( Au, Ao, S)
( Au, Ao )
( Au, Ao)
( Au, Ao)
( Au, Ao)
( Au, Ao)
( Au, Ao )
( Ao, At)
( Ao, At )
( Ao )
( At)
(Ao, S, If)
( Ao, At, If )
(Ao, At, If)
(Ao, At, If )
47.51773
47.51773
47.51773
47.51773
47.51773
47.51773
66.66667
59.57447
14.1844
51.77305
51.77305
31.9149
33.33334
39.71631
39.71631
65.95745
65.95745
65.95745
27.65958
60.28369
46.80851
46.80851
46.80852
51.77305
64.53901
31.9149
64.53901
51.77305
64.53901
64.53901
51.77305
51.77305
51.77305
51.77305
51.77305
51.77305
47.51773
47.51773
32.62411
14.89362
59.57447
61.70213
61.70213
61.70213
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
76
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
15.7
15.8
15.9
15.10
15.11
15.12
15.13
15.14
16.1
16.2
16.3
17.1
17.2
17.3
17.4
17.5
17.6
18.1
18.2
(At, S)
( If, Ss )
( If, Ss )
(If, Ss )
( S, If, Ss )
( Au, Ao, At )
( At, S)
( Au, Ao, S)
(Ao )
( Ao )
(Ao )
(Ao )
( Ao, If, Ss )
(Ao, Ss )
( Ao )
( Ao, At, S )
( Au,Ss )
( If )
( If )
27.65958
20.56737
20.56737
20.56737
33.33333
66.66667
27.65958
64.53901
32.62411
32.62411
32.62411
32.62411
53.19148
39.00708
32.62411
60.28369
25.53191
14.1844
14.1844
2857.447
0
714.361
1428.724
2143.085
2857.447
Undefine
General
Secured
Very Secured
Fig. 3.1 Software Security Requirement Scale
The scale is divided into four equal parts as shown in Fig.3.1.
First part i.e. (0 714.361) is for undefined security
requirements, second part i.e. (714.361-1428.724) is for
general security requirements, third part i.e. (1428.724 2143.085) is for secured requirements and the last slot i.e.
MVSFC Sloth
Class
- 714.361
714.36 1428.724
1428.724
2143.085
2143.085
2857.447
Undefined
General
Risk
Mitigation
Level
N/A
L1
Secured
L2
Very Secured
L3
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
77
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
78
SC=
Attribute
Values
OSR
PSR=
RFS=
MaxRF=
APRf=RF
severity
(OSR/M
SC*PSR/
SC*MaxPSR
*100/Max
*10
axOSR)
100
/100
RF
* 100
Security
Max
MaxOSR
Max
Max
Max
value=
=No.
value=10
value
=100
100
Desired
=100
Features
of
value
Max value
=100
Requirem
-ents
Authentication
70
Authorization
85
Audit
&
40
Secure Storage
60
Secured
50
logging
Session
Management
Secured
65
Information
Flow
33.3
Level 1
66.6
Level2
100
Level3
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
79
UML
Security
Pattern Name
Brief description
Reference
1.
UML
Security
Pattern
ID
PAu1
Password
Design and
Use
2.
PAu2
Authenticator
pattern
3.
PAu3
Single Access
Point (SAP)
4.
PAu4
Security
Provider
5.
PAu5
Biometrics
Design
Alternatives
6.
PAo1
Check point
7.
PAo2
Role-Based
Access
Control
8.
PAo3
Roles
9.
PAo4
Limited View
10.
PAo5
Security
Context
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
80
11.
PAo6
Secure Chain
of
Responsibility
user/environment-trust dependent
functionality from the portion of the
application requesting the functionality
12.
PAo7
Reference
Monitor
13.
PAo8
Multilevel
Security
14.
PAt1
Audit
Interceptor
15.
PAt2
Security Event
Logging
16.
PAt3
[Romanosky, 2001], p. 8;
[Romanosky, 2002], p. 4; [Amos,
2003], p. 4; [Berry,2002], p. 205
[Kienzle et al., 2006] p.141
17.
PSs1
Client Data
Storage
18.
PSs2
Information
Obscurity
19.
PSm1
Session
20.
PSm2
21.
PSm3
Secure Session
Manager
Directed
Session
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
81
22.
PSm4
Secure Session
Object
23.
PSm5
Secure
Association
24.
PSm6
Front Door
25.
PSi1
Authoritative
Source of Data
26.
PSi2
27.
PSi3
28.
PSi4
29.
30.
Secure
Message
Router
Secure
Channels
Third-Party
Communicatio
n
PSi5
Known
Partners
PSi6
Network
Address
Blacklist
PSi7
Validated
Transaction
32.
PSi8
Network
Encryption
Protocol
33.
PSi9
Protection
Reverse Proxy
34.
PSi10
Integration
Reverse Proxy
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
82
S.N
A
Data
Location of
Potential
Sensitivity
data
Location
Sector
No. of
User role in
users
organization
Level
of
transferred
data
1.
PAu1
N/A
2.
PAu2
3.
PAu3
N/A
N/A
4.
PAu4
N/A
N/A
5.
PAu5
6.
PAo1
N/A
7.
PAo2
8.
PAo3
N/A
9.
PAo4
10.
PAo5
N/A
11.
PAo6
12.
PAo7
N/A
N/A
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
83
13.
PAo8
14.
PAt1
15.
PAt2
16.
PAt3
17.
PSs1
18.
PSs2
19.
PSm1
20.
PSm2
21.
PSm3
22.
PSm4
23.
PSm5
24.
PSm6
25.
PSi1
N/A
26.
PSi2
N/A
N/A
27.
PSi3
N/A
28.
PSi4
29.
PSi5
30.
PSi6
31.
PSi7
32.
PSi8
33.
PSi9
34.
PSi10
Table 5.3 Risk Mitigation Levels in the form of Security Design Patterns
S. No.
Security Features
Level1
Level2
Level3
Level to
be used
Authentication
PAu1; PAu2
PAu1; PAu2;
PAu3
2nd
Authorization
PAo1; PAo2;
PAo3; PAo4
PAo1;PAo2;
PAo3; PAo4;
PAo5
PAu1; PAu2;
PAu3; PAu4;
PAu5
PAo1; PAo2;
PAo3; PAo4;
PAo5; PAo6;
PAo7; PAo8
PAt1
PAt1; PAt2
PAt1; PAt2;
PAt3
1st
2nd
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
84
Secure Storage
PSs1
PSs1; PSs2
PSs1; PSs2
1st
Secured Session
Management
PSm1
PSm1;PSm2
PSm1; PSm2;
PSm3; PSm4;
PSm5; PSm6
1st
Secured Information
Flow
PSi1; PSi2
PSi1;PSi2
PSi3; PSi4
PSi1; PSi2;
PSi3; PSi4;
PSi5; PSi6;
PSi7; PSi8;
PSi9; PSi10
2nd
33.3
Level 1
66.6
Level2
100
Level3
Fig. 5.1 Risk Mitigation Scale
6. CASE STUDY
In this section the use of the proposed process is explained.
The whole process of security requirement risk assessment is
shown in Fig 6.1. The steps wise process of security
requirement risk assessment is explained as follows:
S.No.
Security Feature
No.
Occurrences
Authentication
16
Authorization
17
11
Secure Storage
10
13
of
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
85
n
MVSFC = TSFC = 1591
i=1
Therefore, the value of security class will be Secured and
Level 2 of risk mitigation will be applicable to this software
design, as shown in Table 6.2
S.no.
Security
Features
Authentication
Authorization
Audit
&
logging
Secure
Storage
Secured
Session
Management
Secured
Information
Flow
SC=
severity
*10
OSR
PSR=
(OSR/MaxOSR)
* 100
RFS=
SC*PSR/100
MaxRF=
SC*MaxPSR
/100
APRf=RF*100/MaxRF
Max
value=
100
MaxOSR
(e.g. 42)
Max value=100
Max
=100
Max
=100
70
85
40
16
17
11
38.09524
40.47619
26.66667
34.40476
44.8
54.4
59.52382
63.24404
26.19048
10.47619
25.6
40.92262
60
10
23.80952
14.28571
38.4
37.20237
50
4
9.52381
4.761905
32
14.88095
65
13
30.95238
20.11905
41.6
48.3631
value
value
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
86
Check
point
S.
No.
Security
Features
Level1
Level2
Authentication
PAu1;
PAu2
PAu1;
PAu2;
PAu3
Authorization
PAo1;
PAo2;
PAo3;
PAo4
PAt1
Secure Storage
Secured Session
Management
Level3
Level to be used
2nd
PSs1
PAu1;
PAu2;
PAu3;
PAu4;
PAu5
PAo1;PAo2; PAo1;
PAo3;
PAo2;
PAo4;
PAo3;
PAo5
PAo4;
PAo5;
PAo6;
PAo7; PAo8
PAt1; PAt2 PAt1; PAt2;
PAt3
PSs1; PSs2 PSs1; PSs2
PSm1
PSm1;PSm2
1st
PSm1; PSm2;
2nd
1st
1st
PSm3; PSm4;
PSm5; PSm6
6
Secured
Information Flow
PSi1; PSi2
PSi1;PSi2
PSi3; PSi4
PSi1; PSi2;
PSi3; PSi4;
PSi5; PSi6;
2nd
PSi7; PSi8;
PSi9; PSi10
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
87
[7]
[8]
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
88
[21]
[22]
[23]
[24]
[25]
[26]
[27]
[28]
[29]
[30]
[31]
[32]
[33]
__________________________________________________________________________________________
Volume: 02 Issue: 07 | Jul-2013, Available @ http://www.ijret.org
89