Informatik-Oberseminar: Agile Modellgetriebene Entwicklung von Software Security & Privacy

Montag, 29.10.2018, 15.00 Uhr

Ort: Gebäude E3, Raum 9U10

Referent: Dipl. Inform. Lars Hermerschmidt


IT systems continue to penetrate all aspects of daily life, so that these systems are required to function correctly while they aggregate more and more information to enable a more comfortable and efficient life. However, every day 16 new vulnerabilities in average are reported in software products, which enable adversaries to abuse system functionality in developer unintended way. Nevertheless users do not only fear unauthorized access to their data by adversarial third party when they compromise system's security, but as well if services do not provide transparency over their collection and processing of sensitive user data. These security and privacy aspects need to be addressed during software system development, where developers typically focus on a constructive view on the system, which makes it hard for them to think like an adversary who misuses the system. In this thesis the three aspects security architecture, correct handling of input data during the creation of output data, and user privacy are researched in the context of software development. Models are used to describe these aspects and the agile model-driven software development approach is utilized to connect those models to executable systems. To enable developers to express their constructive view on the security architecture of a system, the security architecture modeling language MontiSecArc is presented. From this language a domain specific transformation language is derived, which enables security experts to express known flaws in the security architecture together with a solution in a flaw correction pattern. These pattern can be applied automatically within an agile development process to prevent architectural flaws. In addition the notation of flaw correction patterns enables precise description, naming, and distinction of architectural flaws such that flaw correction patterns can be collected. Injection vulnerabilities like Cross-Site-Scripting (XSS) and SQL Injection are the most common class of vulnerabilities, which emerge if a program uses input data to create output data that is written in a language without encoding the input according to the output's language. This injection vulnerability preventing encoding is depending on the output language and the different contexts within the language. Therefore, in this work the MontiCoder approach is presented, which integrates the context-specific encoding into the language definition and derives unparser and parser from this definition, which automatically perform context-specific encoding and decoding. This approach shifts the definition of the correct encoding of data from the developer who is using a language to the language developer and provides the latter one the ability to precisely define the encoding together with the language itself. Facing the challenges of developers who aim to provide more transparency and self-determinism to service users about the usage of there data within a service, in this thesis the Privacy Development Language (PDL) is presented. The PDL enables developers to model the service's data structure along with the usage of the data within the service. From this data model an interactive privacy policy is generated, which enables users to select those parts of the service they want to use and present them a description of the used data and the procession which is performed to deliver the selected service. This way the approach enables service users to perform an informed privacy decision and eases developers work to provide transparency. Explicitly modeling these aspects enables analyses of security an privacy on model level, such that vulnerabilities are fixed within models as well. This way there is no need to extract all flaws from handwritten low level code after development.

Es laden ein: Die Dozenten der Informatik