Systematic secure design guideline to improve integrity and availability of system security

Security is the most important dimension to the systems that involves processing and interchange of confidential information. Therefore it is a must to be designed so that they achieved a high level at security. Security specification languages can be used to represent security specification such as...

Full description

Saved in:
Bibliographic Details
Main Author: Krishnan, Ashvini Devi
Format: Thesis
Published: 2013
Subjects:
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Security is the most important dimension to the systems that involves processing and interchange of confidential information. Therefore it is a must to be designed so that they achieved a high level at security. Security specification languages can be used to represent security specification such as attack specification or to be more precise about who can do what and when, and this can be achieved by enforcing access control. The suitable approach to enforce access control is Role- Based Access Control (RBAC). Only secureUML metamodel is using RBAC as security mechanism. However, secureUML metamodel does not indicate the properties of supporting basic security requirements which focusing on integrity and availability, and even the consideration of situation that leads to different possible attacks. The objective of this dissertation is to propose a systematic secure design guideline by enhancing secureUML metamodel. The enhancement is performed by integrating with protection-levels of secured layers which provides protection for the critical assets in various layers to support integrity and availability and to identify possible internal threats based on scenario by using Step-by-Step Secure Design Guideline (3SDG). In order to use the enhanced secureUML metamodel for designing a secure system, it needs to follow 3SDG to identify and validate system process. 3SDG is a guideline which is formed by integrating Comprehensive, Lightweight Application Security Process (CLASP) design steps and Sommerville’s security guideline which most suitable design guideline. Both guidelines are mainly focuses on designing secure system. By using the enhanced secureUML metamodel with 3SDG in a case study, it ables to show the solution for selected internal threats to improve integrity and Availability. This will help security designer provide protection to the computer which the system runs, application and records from threats. This model and the guideline will able to help to design more persistence secure system to maintain security from internal attacks