A Goal-oriented Approach to Grid Security Requirements

tansygoobertownInternet and Web Development

Dec 8, 2013 (3 years and 8 months ago)

73 views

A Goal
-
oriented Approach to Grid
Security Requirements

Benjamin Aziz

(STFC Rutherford Appleton Laboratory, UK)


Joint work with
Alvaro Arenas

(STFC RAL, UK),

Philippe Massonet

(CETIC, Belgium) and
Christophe Ponsard

(CETIC, Belgium)



UK e
-
Science All Hands Meeting (AHM 2008)

W4: Information Assurance for the Grid: Crossing boundaries
between stakeholders


10 September 2008, Edinburgh, U.K.

Motivation


“We need more trust and security reasoning earlier in system
development; at the requirement specification stage.”

Analysis

Requirements Specification

Implementation

Integration and Testing

Operation and Maintenance

Design

Software Development

Current
trust
and
security

Future trust

and security

Objectives


Extend a requirement engineering
methodology with constructs for expressing
trust relations and security policies


Apply the extension to a Grid
-
based scenario


Enhance an existing requirement engineering
tool to support the new trust and security
extensions

KAOS in a Nutshell



KAOS (
K
nowledge
A
cquisition in
aut
O
mated
S
pecifications) is a formal
requirement engineering methodology
consisting of several models including:



The Goal Model


The Operation Model


The Object Model


The Agent Model


The Anti
-
Goal Model

Goals

Requirements

Operations

Objects

Agents

Anti
-
Goals

Anti
-

Requirements

Our Scenario: Grid
-
based Content
Management (GCM) System


Complex digital product VO


VO has defined number of
member organisations


Product generation process is
knowledge/content
-
intensive


Product generation process is
structured as a workflow


Policies may be applied to
control usage/access to
resources along the workflow

The Goal/Operation Models for GCM
System

The Agent/Operation/Object Models
for GCM System

Trust and Security Requirements


The previous models cannot express trust relations nor
security policy requirements


The
Trust model

introduces the following relations:


Ownership, Capability and Trust


Delegation


Distrust and Monitoring


The
Policy model

introduces the policy relation

Ownership, Capability and Trust

In our GCM system scenario:


Trust


Trustor

Editor


Goal


[ContentReviewed]


Trustee

Reviewer


Description

Agent
Editor

trusts
Reviewer

to enforce goal
[ContentReviewed]

ag

G

Owner(ag,G/Op)

Op

/

ag

G

Capable(ag,G/Op)

Op

/

G

Op

/

ag1

ag2

Trust(ag1,ag2,G/Op)

Delegation

In our GCM system scenario:


Delegation


Delegator

Reviewer


Operation

Review


Delegatee

AnotherReviewer


PreCondition

Owner(Reviewer,Review)


Description

Agent
Reviewer,
owner of
permission to execute operation
Review
,
delegates such permission to agent
AnotherReviewer

G

Op

/

ag1

ag2

Delegation(ag1,ag2,G/Op)

Owner(ag1,G/Op)

Monitoring and Distrust

In our GCM system scenario:


Distrust


Dis
-
trustor

Reviewer


Operation

Review


Dis
-
trustee

AnotherReviewer


PreCondition

Monitor(Reviewer,Review)


Description

Agent
Reviewer,
monitoring operation
Review
, distrusts
AnotherReviewer

in its use of
Review

G

Op

/

ag1

ag2

Distrust(ag1,ag2,G/Op)

Monitor(ag1,G/Op)

ag

G

Monitor(ag,G/Op)

Op

/

Policies

In our GCM system scenario:


Policy


Subject

Reviewer


Operation

Review


Object


Content


Formula

(Reviewer,Review,Content)

ACL(Content)


Description

Agent
Reviewer
, in applying
operation
Review

to object
Document
, is
constrained by the logical formula
P

Op

ag

Policy(ag,Op,Ob,F)

Ob

Tool Support for Grid Security
Requirements


We are currently developing an Eclipse
-
based design tool for:


modelling trust requirements


deriving semi
-
automatically deployable policies
from the Policy model:


Rule
-
based XACML policies (ABAC)


Process algebra
-
based policies (UCON)

Conclusion


Many systems lack rigorous analysis of trust and security
properties at the requirement specification stage



We proposed one extension of the KAOS requirement
engineering methodology to incorporate trust relations and
security policies



We applied the extension in the context of a Grid
-
based content
management system

Future Work


Investigate other trust and security relations, in particular,
quantified trust



We are planning to finish the tool development and produce a
library of requirement patterns


E.g. The Chinese
-
walls security pattern



Integrate the requirements into system design


Integrating KAOS with Event
-
B specification language

Thank You


Questions?