SCAM - Security-Centric Architecture Modelling

Background & Problem Statement

It is impossible to imagine our world today without software: whether it is smartphones, with which we carry a powerful computer with us almost everywhere and are connected to the internet around the clock, highly scalable cloud applications that we use in our everyday working lives, airports, hospitals, supermarkets - the list of areas in which software is used in one form or another seems endless. And it is unlikely that this trend will reverse in the foreseeable future. However, the widespread use of software in all areas of life also poses many potential dangers. From data leaks where sensitive user data fall into the wrong hands and are traded for big money in the dark sites of the internet, to the failure of critical software systems that can cost human lives, such as the software in hospital systems or aircraft control systems. Additionally, while software security has always been an essential quality factor of software applications, in today’s world, where most software applications are connected to the internet in some way, it seems even more important to protect all software applications from intruders and outside attackers. For this reason, it is crucial in almost all areas to keep software security as high as possible at all times, i.e. to implement secure software.

However, not only the importance of secure software increased. Due to the high degree of distribution of today’s software systems, such as in IoT systems or microservice applications, the complexity of implementing secure software increased, too. This indicates the need for appropriate security modelling techniques to enable stakeholders to understand the potential security breaches and the solutions developed in underlying architecture to address them, despite the high complexity of security solutions. Furthermore, appropriate security modelling techniques could enable software engineers to develop important metrics for measuring the security properties of the underlying software architecture and infrastructure, allowing for automated security assessment through CI/CD pipelines.

While there have been some approaches to security modeling in recent years, such as AEGIS [1], UMLsec [2], SecureUML [3], and ASE [4], none of them seem to have found much appeal in industry. For example, a recent study investigates why UMLsec has not been adopted in industry [5]. We argue that one of the reasons is that while all of the approaches demonstrate useful concepts for modeling security, none of them address the problem of complexity that arises when modeling security-related concepts. We argue that it is impractical to document and describe security in its entirety in complex models, especially for enterprise software applications that consist of hundreds of different software services. Apart from the general problem, this also contradicts the ideology of DevOps or DevSecOps, according to which team silos should be eliminated and cross-functional teams should be used for software development. How is the security of a software application to be communicated and jointly developed by cross-functional teams if the modeling language for modeling security in the software architecture or IT architecture leads to special and highly complex models that can only be understood and maintained by a few experts?

Vision

In this reseach project new approaches shall be developed to create more lightweight and easy accessable security models for system architectures. We want to investigate what the practical obstacles are that hinder the use of existing modeling concepts in industrial and academic contexts. Based on this, we want to develop new approaches to mitigate the obstacles and thus create a more usable approach to security modeling.

References

[1] Flechais, Ivan, M. Angela Sasse, and Stephen MV Hailes. “Bringing security home: a process for developing secure and usable systems.” Proceedings of the 2003 workshop on New security paradigms. 2003.

[2] Jürjens, Jan. “UMLsec: Extending UML for secure systems development.” International Conference on The Unified Modeling Language. Springer, Berlin, Heidelberg, 2002.

[3] Lodderstedt, Torsten, David Basin, and Jürgen Doser. “SecureUML: A UML-based modeling language for model-driven security.” International Conference on the Unified Modeling Language. Springer, Berlin, Heidelberg, 2002.

[4] Uzunov, Anton V., Eduardo B. Fernandez, and Katrina Falkner. “ASE: A comprehensive pattern-driven security methodology for distributed systems.” Computer Standards & Interfaces 41 (2015): 112-137.

[5] Ebad, Shouki A. “An Exploratory Study of Why UMLsec Is Not Adopted.” ICISSP. 2022.

Project information

Researchers:
Project start & end:
2023 – ongoing