Tools for Model-Based Information Assurance Analysis · 2019. 7. 16. · system size and complexity...

The Dependability Solution Provider TM

WW Technology Group

WW Technology Group © Copyright 2012 All rights reserved.

Layered Assurance Workshop 2012

EDICT-IA Tools for Model-Based Information

Assurance Analysis

December 2012

Mr. Brian LaValley [email protected]

(401) 348 - 8525

mailto:[email protected]


WW Technology Group



Security Challenges for Distributed Systems-of-Systems

• Increased information management security risks with higher levels of integration

• Information Assurance certification/recertification is a costly, burdensome process

• The lack of domain specific and common representations for IA concerns places large burdens on developers and program managers

• Rapid technology development and expanding system size and complexity renders current design and certification methods untenable

Increasing integration of sensitive information systems coupled with rapid technology development is generating

systems of expanding size and complexity

New methods for Design and Certification of Information Assurance intensive systems are required to meet these challenges


WW Technology Group



Property Based Information Assurance

Goals – Reduce development, certification and accreditation costs

• Break problems into manageable pieces • Analyze pieces independently • Provide a structured method for synthesis of pieces into a system

that supports incremental certification/re-certification – Support top-down specification/decomposition of problem

• Establish critical property requirements based on system needs • Flow down properties to drive system architecture and component

level selection – Support bottom-up certification chains for full traceability

• Flow up component level IA properties to system architecture and requirements

– Integrate stand-alone component certifications (CC) into a system context

• Provide property traceability for certification evaluation


WW Technology Group



IA Property Hierarchy • A structured set of properties that

support the composition and analysis of information assurance

• Three Tiers of properties – Application

• Functional application level aspects for IA

– Architecture • Structural system architecture

aspects that support application – Infrastructure

• Component aspects that support architecture

• Properties can be flowed down for refinement and requirement allocation

• Properties can be traced upward for certification and analysis

Application Properties Application Properties

Architecture Properties

Infrastructure Properties

Confidentiality Confidentiality

Integrity Integrity

Availability Availability

Access Control Access Control

Non-Repudiation Non-Repudiation

Information Flow Information Flow

Damage Limitation Damage Limitation Data Isolation Data Isolation

Least Privilege Least Privilege

Infiltration Infiltration Exfiltration Exfiltration

Mediation Mediation


WW Technology Group



XML Based Model and Results Storage

5

B

A text D

C

SecretUnclass

SLS

SLS

SLS

MLS SLS

Shall Display to theOperator

Shall Process XShall Log Maintenance

Shall Store Maintenance

Shall Download to Operator

uP – Partitioned OS uP – Partitioned OS

Part 1 Part 2 Part 3 Part 1 Part 2

ButtonDisc

A

C

B.1 DIPC

Part 3

IPC

ButtonDiscB.2

Network

System Architecture Component Properties

Logical Architecture Information Flow / Partitioning Architectural Properties

Information Domains Application Properties

Traceability Abs

tract

ion

Stakeholder Views Stakeholder Views Modeling and Analysis Modeling and Analysis Certification Certification

System Architect

System Security Engineer

System Certifier

Evidence Assurance

Cases

External Sources External Sources

Property Based Information Assurance Property Based Information Assurance

Analysis Results

Architecture Data

Test

Res

ults

D

ocum

ents

EDICT Tool Suite Eclipse Open Tool Framework

XMI/XML EMF

Tool Integration -OSATE - TOPCASED

Property Based Analysis



WW Technology Group



Our Perspective is Engineering Driven • WWTG’s background is in mission critical system architectures

– Not simply a language/tool specific approach • Each language or analysis technique has its own strengths and

weaknesses but complex system architectures must leverage all areas

• Makes our approach scalable - focus on integration of modeling technologies and tools – Pick the right

representation for each aspect of the job

Utilize Complementary and Consistent Models and Analysis Techniques


WW Technology Group



Architecture Modeling

Architecture models are used to define the system under analysis


WW Technology Group



• When a new source of architecture information is integrated, no change is required to any supporting EDICT modeling and analysis features… this greatly reduces time and cost!

EDICT Architecture Framework Eases Integration of Different Modeling Technologies

8

EDICT System Architecture

EDICT Augmenting Models

EDICT Analysis

Control System

Core Control Processor I/O Control Processor

System Bus

Sensor Device

Actuator Device

20 ms

Sensor Filtering

100ms

System Control

User Input Processing

250ms

User Display

50ms

Device Control

SensedData

User Orders

User State and Status

Device Commands

System Hardware Implementation

System Software Deployment

Display Processor

User Input Device Display

500ms

DataRecording

Control and OrderLogging

Device Logging

Control System

Core Control Processor I/O Control Processor

System Bus

Sensor Device

Actuator Device

20 ms

Sensor Filtering

100ms

System Control

User Input Processing

250ms

User Display

50ms

Device Control

SensedData

User Orders

User State and Status

Device Commands

System Hardware Implementation

System Software Deployment

Display Processor

User Input Device Display

500ms

DataRecording

Control and OrderLogging

Device Logging

AADL Model

UML Model

• With a known common architecture representation, augmenting models and analyzers can be built once.

AADL TRNS

UML TRNS

• Effort to integrate different modeling technologies is shifted out of core EDICT tools and into translation software.


WW Technology Group



System Architecture Models Hardware Architecture

Processors – Memory- Networks

Software Architecture Processes – Threads - Subprograms

Devices

• Hierarchical models define the system to the computing platform Systems Subsystem decomposition External Interface Users – Devices – Systems Hardware Architecture Memory – Processors - Buses – Access Software Architecture Processes – Threads – Data – Subprograms – Connections


WW Technology Group



Architecture Flows Are Used To Model Data and Control Flows


WW Technology Group



IA Architecture Defines Partitioning and IA Mechanisms

• Define the hierarchy of Sites, Enclaves and Partitions

• Allocate Components to Partitions • Allocate Group-Level Mechanisms • Allocate Mechanisms to

communication path ports • Allocate Logical Interfaces to

Communication Paths


WW Technology Group



Diverse IA Services are Defined by IA Mechanisms

• IA Mechanisms are used to model the IA functions that are provided by the architecture

• These include – Partitioning – Encoding – Access control – Cross-domain – Redundancy – Physical security

• Mechanism sets are used to combine mechanisms into integrated IA services


WW Technology Group



Users Create New Mechanisms Based On These Types

• Users can create new mechanisms to fit needs • Each mechanism type has a dedicated editor that allows users to

define the attributes of the mechanism


WW Technology Group



IA Requirements Specification

IA Requirements models enable the specification of IA related requirements - Information domain model specified separation and allowed interfaces - Domain attributes specify required IA properties


WW Technology Group



IA Requirements Modeling • Define the IA Domains, as

well as domains associated with Actors and Externals

• Define the connectivity between domains

• Associate IA properties and attributes with domains

• JAFAN certification models enables domain properties to be specified using JAFAN nomenclature

• Each domain can have a unique characterization – Eliminates “float high”

effect of certification requirements for a system


WW Technology Group



Domain Traceability

Provides direct relationships between levels of abstraction Ensures IA Requirements model address all functions and data flows


WW Technology Group



IA Domain to Architecture Traceability • IA Requirements elements

– Information Domains – Cross Domain Interfaces

are traced to the architecture models through a traceability model and editor

• Components can be allocated to domains to support traceability of processing

• Cross Domain Interfaces are defined by allocating: – Interfaces – direct

interfaces between components that are allocated to

– Flows – flows that cross domain boundaries must also be allocated

• Model verifier is used to ensure that all elements are fully traced – Ensures all components are allocated – Ensure all data paths are accounted for


WW Technology Group




Architectural Analysis used to verify that IA properties hold across the architecture


WW Technology Group



IA Property Analysis Matrix

Application Property

Inte

grit

y

Co

nfi

de

nti

alit

y

Acc

ess

Co

ntr

ol

Ava

ilab

ility

No

n-R

ep

ud

iati

on

Architecture Property IA Architecture Analysis Methods

Information Flow Flow Confidentiality X X

Flow Integrity Protection Strength X X

Identification and Authentication X

Security Threshold Protection X

Persisted Data Utilization X

Data Isolation Domain Partitioning X X X X

Mixed Security Partitioning X

Partition Integrity Strength X

Persisted Data Confidentiality X

PartitionConfidentaility Strength X

Mixed Security Designation X

Damage Limitation Persited Data Containment X X

Persisted Data Hot-Spot X X

Persisted Data Integrity X X

Persisted Data Criticality X

Least Privilege Persisted Data Access X X

Boundary Flow Tracing X X X X X

Boundary Interface Allocation X X X X X


WW Technology Group



IA Analyzers • Each of the architectural analysis methods has a

dedicated analyzer • Each of these provides configuration options and results

display


WW Technology Group



IA Application Property Analysis Summary

• Provides access to a summary of all error and warning conditions uncovered by analyzers for all IA Application Properties

• Arranges analyzer results by IA property

• Strives to narrow the focus to a particular problem area to avoid overwhelming the user.

• Short-cut mechanisms are provided to facilitate navigation from the problem area to the analyzer the generated the individual concerns


WW Technology Group



Certification and Reporting

Support generation of evidence from the models and analysis methods Organize and monitor evidence in context of certification process


WW Technology Group



JAFAN Compliance Modeling Analysis and Reporting

Specification Features JAFAN 6/3 Views - Management

Common IA Specs

IA Requirements

IA Architecture

IA Deployment

Compliance Features JAFAN 6/3 Views – Analyzers - Management

IA Analysis Results

External Sources

Reports Assurance Cases Certification Artifacts

Trac

eabi

lity

EDICT Certification

Test Results Certification Results Documentation/Plans


WW Technology Group



JAFAN Certification Package Editor Feature Set Tab - Evidence

User defined external

evidence

User defined external

evidence

Assurance Case Assurance Case

Selected Evidence

Summary Table

Selected Evidence

Summary Table

Available Evidence updated

to include

system architecture data

Available Evidence updated

to include

system architecture data

Feature

Assurance

Sets

Feature

Assurance

Sets

Evidence

Status Indicators

Evidence

Status Indicators


WW Technology Group



Assurance Case Evidence Also Updated For System Architecture Data

• Solution elements can have evidence associated with them

• There are several possible sources – Analyzers – Verifiers – Reports – External Data

• Status of evidence is updated live


WW Technology Group



Wrap up • Increased reliance on integrated distributes systems poses

significant challenges for assurance of desired system properties • The needs to be innovation in the areas of specification, modeling

techniques, analysis methods to represent information assurance aspects

• The EDICT IA tools begin to address these challenges through – A structured, property based approach to evaluating system

architecture for information assurance – A framework that supports traceability and decomposition from

requirements down to detailed design models. – A suite to tools that implement the framework using open tool

platforms and modeling languages – Generation of certification evidence from model based analysis for

JAFAN compliance – A suite of analysis tools that can evaluate system architectures for

Confidentiality, Integrity and Access Control properties


WW Technology Group



Questions?

Date post:	28-Feb-2021
Category:	Documents
Upload:	others
View:	1 times
Download:	0 times

Tools for Model-Based Information Assurance Analysis · 2019. 7. 16. · system size and complexity...

Documents