Relations: RAD18 i RAD34, RAD34 t RAD18. Recommendation: The choice of an operating system is strongly use case dependent. From a security perpective ...
A Guidance Model for Architecting Secure Mobile Applications Widura Schwittek André Diermann Stefan Eicker 1
Agenda • Introduction – Background, Motivation, Objectives
• The Guidance Model – Basics, Structure, Use Cases, Case Study
• Conclusion – Summary, Conclusion, Future Research
2
Background • Architecting is a decision making process [1], [2], [3] • Security is a quality attribute of software intensive systems [4], [5], [6] • Software should be secure by design [7], [8] • Mobile application development features special characteristics [9], [10], [11] • Security and Privacy have outstanding roles within the context of mobility [12], [13] 3
Motivation • Many ad-hoc solutions and unstructured agile approaches exist • Focus on time-to-market or interoperability • Security issues are usually solved ex-post by updates and patches
• No dedicated management of security knowledge
4
Objectives • Structured approach • Security at design time
• Dedicated to mobile application development • Assist the decision making process
• Codification of hidden security knowledge
5
Agenda • Introduction – Background, Motivation, Objectives
• The Guidance Model – Basics, Structure, Use Cases, Case Study
• Conclusion – Summary, Conclusion, Future Research
6
Architectural Decision Models Existing approaches Kruchten’s Ontology DAMSAK SOAD
AREL
SOAD • • •
Generic framework Well documented Tested and elaborated
…
[14], [15]
7
Structure instantiatedInto
Meta Model
Project specific model
instantiatedInto
Unresolved Decisions
Tailoring
Domain specific model
(Issues)
Required Decisions
Considered Solutions
(Issues)
(Alternatives)
Potential Solutions
Decisions Made
(Alternatives)
(Outcomes)
Harvesting
1.
2.
3.
4.
5.
6.
7.
Identify
Model
Structure
Add
Tailor
Make
Enforce
[16], [17]
8
Decision Template Name Problem Statement Background Reading Scope
(Level)
Phase
Short Name
Role
Decision Drivers
Relations
Alternatives Name, Pros, Cons, Known Uses, Relations
…
Recommendation [16]
9
Modelled Design Decision Name: Mobile Operating Systems Problem Statement: Which mobile OS is Background Reading: [x] Scope: Operating System
Short Name: RAD34
Phase: Solution Outline
Decision Drivers: Use case
Role: Security Engineer
Relations: RAD18 i RAD34, RAD34 t RAD18
Alternatives Name, Pros, Cons, Known Uses, Relations
…
Name, Pros, Cons, Known Uses, Relations
Recommendation: The choice of an operating system is strongly use case dependent. From a security perpective Android and BlackBerry 10
Mobile Security Decisions Executive Level
• • • •
Risks Evaluation Criteria Make or Buy Open Source vs. Closed Source
Conceptual Level
• • • • • • • • •
Authenticity Authentication Integrity Confidentiality Availability Non-Repudiation Anonymity Pseudonymity Dependability
Technological Level
• • •
Network Security Transmission Technology Development and Application Technology
Vendor Asset Level
•
Mobile Operating Systems
•
Server Operating System
• • • • • • • • •
• • •
Security Strategies Security Compliance Policies
Trust Security Models Cryptography Access Controll Security Patterns Human Factor Identity Management Security Principles Session Management
• • • •
• • • • • •
Data Validation Exception Handling, Auditing and Logging Configuration Multi-User Support Patching and Updating Physical Security
Symmetric Encryption Method Hash Algorithm Authorization Standard Programming Language
11
Use Cases The guidance model can be used as • an instrument before and during the development process to assist the architect and accelerate the design time • a checklist after the development process to assure, that all security issues has been considered • a communication tool within the mobile architect / security community to exchange knowledge 12
Case Study Bank
Challenges • Security knowledge • Multi-layer issues • Limited resources
Requirements • Non repudiation • Policy enforcement • Remote control
13
Case Study Domain specific model
Project specific model Authenticity 5.
Mobile Operating System
Tailor
… Authorization Standard
14
Case Study Project specific model
Decisions Made Authenticity
Authenticity Mobile Operating System
6.
Knowledge
Make
… Mobile Operating System
Authorization Standard
Android
… Development Artifacts
Authorization Standard 7. Enforce
OAuth 15
Case Study Scrum? Integration into method
16
Agenda • Introduction – Background, Motivation, Objectives
• The Guidance Model – Basics, Structure, Use Cases, Case Study
• Conclusion – Summary, Conclusion, Future Research
17
Summary • Adapted a generic architectural decisions framework to the domain of mobile security • Provided a domain specific model, with currently – 40 decisions – 162 alternatives – 60 relations
• Did a case study and learned how to tailor a project specific model 18
Conclusion • Secure by design mobile applications • Acceleration of design phase
• Integration into enterprise methods • Extension with enterprise knowledge
19
Future Research • Identify more decisions • Provide tool support
• Community-based knowledge exchange • Extension to other quality attributes, e.g. – Energy consumption – Performance – Usability
20
References 1. Bosch, J.: Software Architecture: The next step. In: Oquendo, F., Warboys B., Morrison, R. (eds.) Software architecture, First European Workshop (EWSA), LNCS, vol. 3047, pp.194–199. Springer, Heidelberg (2004) 2. Jansen, A., Bosch, J.: Software architecture as a set of architectural design decisions. In: Proceedings of the 5th IEEE/IFIP Working Conference on Software Architecture (WICSA), pp. 109–119. IEEE Computer Society (2005) 3. Van Der Ven J., Jansen A., Nijhuis J., Bosch J.: Design Decisions: The Bridge between Rationale and Architecture. Rationale management in software engineering, pp. 329–348. Springer (2006)
4. Heyman, T., Scandariato, R., Joosen, W.: Security in Context: Analysis and Refinement of Software Architectures. In: Computer Software and Applications Conference (COMPSAC) (2010) 5. Alkussayer, A., Allen, W.H.: A scenario-based framework for the security evaluation of software architecture. In: Computer Science and Information Technology (ICCSIT) (2010) 6. Dai, L.: Security Variability Design and Analysis in an Aspect Oriented Software Architecture. In: Secure Software Integration and Reliability Improvement (2009) 7. Lipner, S.: The Trustworthy Computing Security Development Lifecycle. In: 20th Annual Computer Security Applications Conference 995349, 2-13 (2005) 8.
21
References 9. Nekoo A.H., Vakili K.: A Practical Course on Mobile-Software Engineering: Mobile Solu-tions Laboratory. In: Conferene on Software Engineering Advances (2009) 10. Hu W., Chen T., Shi Q., Lou X.: Smartphone Software Development Course Design Based on Android. In: IEEE Computer and Information Technology (CIT) (2010) 11. Rana O. F.: Software engineering for mobile environments. In: IEEE Seminar on Mobile Agents - Where Are They Going? (Ref. No. 2001/150) (2001) 12. Dwivedi H., Clark C., Thiel D.V.: Mobile application security. McGraw-Hill, New York (2010) 13. Six, J.: Application Security for the Android Platform. Oreilly (2012) 14. Shahin, M., Liang, P., Khayyambashi, M.R.: Architectural design decision: Existing models and tools. In: Joint Working IEEEIFIP Conference on Software Architecture European Conference on Software Architecture, pp. 293-296 (2009) 15. Shahin M, Liang P, Khayyambashi MR (2009) A Survey of Architectural Design Decision Models and Tools. 16. Zimmermann O.: An Architectural Decision Modeling Framework for Service-Oriented Architecture Design, PhD Thesis, Univ. of Stuttgart (2009) 17. Zimmermann O.: Architectural Decisions as Reusable Design Assets. In: IEEE Software, Vol. 28, No. 1., pp. 64-69 (2011)
22
Backup
23
