Venue

Campus Center - Rice

Major

Computer Science and Mathematics

Field of Study

Computer Science

Abstract

With Advanced Persistent Threats (APTs) becoming a larger threat among the cyber world, it is important that software is designed with security in mind. In order to aide this process, software developers can use design patterns when creating systems. All aspects of a system's design should be concerned with security, because any one point of weakness can still lead to the compromise of the entire system. We propose a method of determining if a system contains a security pattern, and we suggest several security patterns which might be helpful in deterring a specific APT. We utilize an algorithm based on graph homomorphism theory that gives a metric for how close a UML model is to being a realization of a security pattern, from which it may be verified that a system is indeed a realization of the Role Based Modeling Language (RBML) model of the pattern. We find that our distance metric gives the desired result for several example applications.

Start Date

25-4-2019 1:30 PM

End Date

25-4-2019 1:45 PM

Share

COinS
 
Apr 25th, 1:30 PM Apr 25th, 1:45 PM

Using Role Based Modeling Language to Determine Safety from Advanced Persistent Threats

Campus Center - Rice

With Advanced Persistent Threats (APTs) becoming a larger threat among the cyber world, it is important that software is designed with security in mind. In order to aide this process, software developers can use design patterns when creating systems. All aspects of a system's design should be concerned with security, because any one point of weakness can still lead to the compromise of the entire system. We propose a method of determining if a system contains a security pattern, and we suggest several security patterns which might be helpful in deterring a specific APT. We utilize an algorithm based on graph homomorphism theory that gives a metric for how close a UML model is to being a realization of a security pattern, from which it may be verified that a system is indeed a realization of the Role Based Modeling Language (RBML) model of the pattern. We find that our distance metric gives the desired result for several example applications.