Access Control in Web Applications - PowerPoint PPT Presentation

About This Presentation
Title:

Access Control in Web Applications

Description:

Access Control in Web Applications Peter Trommler Faculty of Computer Science Georg Simon Ohm University Nuremberg, Germany U = R I Agenda Programming errors and ... – PowerPoint PPT presentation

Number of Views:111
Avg rating:3.0/5.0
Slides: 18
Provided by: Samer7
Category:

less

Transcript and Presenter's Notes

Title: Access Control in Web Applications


1
Access Control in Web Applications
  • Peter Trommler
  • Faculty of Computer Science
  • Georg Simon Ohm University Nuremberg, Germany

U R I
2
Agenda
  • Programming errors and security
  • Access control engineering
  • Metamodel
  • Implementation

3
Context
  • Web applications access corporate databases
  • Hundreds if not thousands of vulnerabilities
  • Vulnerabilities are symptoms
  • Few root causes

4
Types of Programming Errors Pfleeger
  • Buffer Overflow
  • int a3 a31
  • Incomplete Mediation
  • February 30 4,99999999999995
  • code injection (SQL, shell, ...)
  • Time-of-Check-Time-of Use
  • back-end identifiers (primary key)
  • no check on parameter returned

5
Motivation
ltform action"../../action/order.php4"
methodpost name"artikel_0"gt ltinput typehidden
name'articleTitle' value'Card Reader Combo
USB read/write'gt ltinput typehidden
name'articleVAT' value'16'gt ltinput
typehidden name'articleItem_Number'
value'250001'gt ltinput typehidden
name'articlePrice' value'49,90 EUR'gt ltinput
typehidden name'articleCategory'
value'/Angebote'gt
6
Solution
ltform action"../../action/order.php4"
methodpost name"artikel_0"gt ltinput typehidden
name'articleTitle' value'Card Reader Combo
USB read/write'gt ltinput typehidden
name'articleVAT' value'16'gt ltinput
typehidden name'articleItem_Number'
value'250001'gt ltinput typehidden
name'articlePrice' value'49,90 EUR'gt ltinput
typehidden name'articleCategory'
value'/Angebote'gt ltinput type"hidden"
name"articlec" value"fba45a02ebd931ce30a90fe18
d263578"gt
7
Challenges
  • Access control decisions everywhere
  • Difficult to
  • check completeness
  • audit for correctness
  • read and understand
  • Dependencies on other code
  • Separate AC from app code

8
Protection Mechanisms
  • Reject illegal transactions
  • Interception mechanism

Internet
Application Firewall Filtering Servlet
AOP, MDA before/after methods
Parameterized Views SQL Screening
9
Business Rule or Security
  • Show list of customers accounts
  • omit one business
  • show one too many security
  • Many business rules have security flavor
  • Challenge extract security requirements

10
Access Control Engineering
  • Identify access control requirements early
  • Refine with refining of functional requirements
  • Automate steps
  • Verify correctness of refinements
  • Manually review rule set (audit)

11
Security Requirements Engineering Giorgini
  • Object-level modeling
  • re-use requirements framework
  • i/Tropos, KAOS, UML
  • hard to model more general rules
  • Meta-level modeling
  • add new linguistic constructs
  • UMLSec Jürjens, Secure UML Lodderstedt
  • integration with MDA

12
Observation Users Own Data
  • Navigate relations between tables/classes
  • Restrict access
  • columns/fields
  • methods
  • OO-Views
  • Parameterized Views Roichman
  • Anchor entity/object

13
Temporal Logic
  • View solution after assignment submitted
  • Can submit assignment only once
  • Temporal Logic of Actions vs. Interval Temporal
    Logic Janicke
  • Traces in database
  • certain object exists
  • AC decision depends on current system state

14
Modeling Implementation Level
  • Reachability in relations graph
  • O(n)
  • n objects in transitive closure (own
    objects)
  • caching
  • AC method/fields through facades
  • additional call indirection
  • static check
  • Existence of traces
  • O(1) hashes, DB indices

15
Implementation
  • specify trace for each temporal quantifier
  • specify navigation graph for each subject role
  • Manual
  • specify object level rules
  • verify correctness Hu
  • Automatic
  • generate code

16
Conclusion
  • Time-of-Check-Time-of-Use
  • Web application partially untrusted
  • Separate access control from application code
  • Metamodel
  • Efficient implementation
  • Code generation

17
References
  • Pfleeger C. P. Pfleeger, S. Lawrence Pfleeger
    Security in Computing, 4th ed, Prentice Hall PTR,
    2006.
  • Giogini P. Giorgini, F. Massaci, N. Zannone
    Security and Trust Requirements Engineering.
  • Jürjens J. Jürjens Secure Systems Development
    with UML, Springer Verlag, 2004.
  • Lodderstedt T. Lodderstedt, D. Basin, J. Doser
    A UML-based Modeling Language for Model Driven
    Security, in Proc. of UML02, LNCS 2460, Springer
    Verlag, 2002.
  • Roichman A. Roichman, E. Gudes Fine-grained
    Access Control to Web Databases, in Proc. of
    SACMAT07, ACM, 2007.
  • Janicke H. Janicke, A. Cau, H. Zedan A note on
    the formalization of UCON, in Proc. of SACMAT07,
    ACM, 2007.
  • Hu H.Hu, G.-J. Ahn Enabling Verification and
    Conformance Testing for Access Control Model, in
    Proc. of SACMAT08, ACM, 2008.
Write a Comment
User Comments (0)
About PowerShow.com