-
Kevin Kenan. Cryptography in the Database. Addison-Wesley, 2006.
-
Original Java code without annotations
-
Local copy (to avoid versioning problems)
-
Annotated Java code with ownership domain annotations
-
Available upon request
-
SECORIA stands for Security Conformance of Object-oriented Runtime views of Architecture
For the best overview of the SECORIA approach, please refer to the following published research paper:
Abi-Antoun, M. and Barnes, J. M. Analyzing Security Architectures. In IEEE/ACM International Conference on Automated Software Engineering (ASE), 2010.
|
|
Acme specification [Download zip]
SyncFamily.acme is the reusable Acme architectural style which defines component types, connector types, port types and constraints (in appendix above)
CryptoDBTarget.acme is the target architecture for the CryptoDB system (in appendix above)
DFD Security Family [Download zip]
Re-implements using Acme types and predicates a STRIDE-based security analysis
The security model appeared in the following paper: Abi-Antoun, M., Wang, D. and Torr, P. Checking Threat Modeling Data Flow Diagrams for Implementation Conformance and Security (Short Paper). International Conference on Automated Software Engineering (ASE), pp. 393–396, 2007. [DOI] An extended version appeared as Carnegie Mellon University Technical Report CMU-ISRI-06-124.
Remarks:
We tested the constraints on a nightly AcmeStudio build which fixes some important bugs (use any version after 04/15/2009). Do not use an older stable build.
SyncFamily currently extends from the built-in Acme style, TieredFam, which is overly restrictive. We use a modified version.
Overwrite <EclipsePlugins>\org.acmestudio.acme.family_x.y.z.nnnnnnnnN\families\TieredFam.acme and TieredFam.mtd with the contents of the zip file.
We will resolve this mismatch in future work.
Abi-Antoun, M. and Barnes, J. M. Enforcing Conformance between Security Architecture and Implementation. Carnegie Mellon University Technical Report CMU-ISR-09-113, April 2009. [PDF]
Abi-Antoun, M. and Barnes, J. M. STRIDE-based security model in Acme. Carnegie Mellon University Technical Report CMU-ISR-10-106, January 2010. [PDF]
Abi-Antoun, M., Wang, D. and Torr, P. Checking Threat Modeling Data Flow Diagrams for Implementation Conformance and Security (Short Paper/Presented only during poster session.). International Conference on Automated Software Engineering (ASE), pp. 393–396, 2007. [DOI] An extended version appeared as Carnegie Mellon University Technical Report CMU-ISRI-06-124.
Analyzing conformance using the SCHOLIA conformance tools is illustrated using the Aphyds system.
ArchRecJ: extracts a hierarchical object graph from Java code with ownership domain annotations
ArchCog: abstracts an extracted object graph and represent it as a Component-and-Connector architecture (C&C view) in the Acme Architecture Description Language;
ArchConf: checks and displays conformance between the built and the designed runtime architectures.
Enforcing structural constraints in Acme takes place in AcmeStudio; warnings appear in the AcmeStudio output window
TODO: Add snapshot
Abi-Antoun, M. and Aldrich, J. Practical Static Extraction and Conformance Checking of the Runtime Architecture of Object-Oriented Systems. Half-day tutorial at the SEI Architecture Technology User Network (SATURN), May 5th 2009. [Presentation (PDF)] [Handout (PDF)]
The idea of re-implementing a STRIDE-based security model using types and predicates in the Acme ADL was inspired by ongoing discussions with David Garlan, Kirti Garg and Bradley Schmerl at Carnegie Mellon University. The authors thank Bradley Schmerl for his help with Acme and AcmeStudio. Raed Almomani also worked on re-implementing the security model in Acme.
Last Updated: 09/10/2010