Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. - -

Wednesday 24 June 2009

Model Driven Security Accreditation (MDSA)

Exciting news! Model Driven Security is now applied to assurance accreditation for agile IT landscapes.

Assurance accreditation of agile, interconnected IT landscapes is a great challenge, and is currently often cited as one of the show-stoppers for the adoption of modern IT architectures (e.g. SOA) in mission critical domains.

ObjectSecurity’s patent-pending Model Driven Security Accreditation (MDSA) approach automates large parts of the compliance and assurance accreditation management processes (e.g. Common Criteria). The benefits of MDSA are most significant for agile, interconnected IT “systems of systems” that are model-driven (potentially also business process-driven). MDSA automatically analyses and documents two main aspects:
  1. Does the actual security match with the stated requirements?
  2. Do any changes impact the current accreditation?
Model Driven Security Accreditation (MDSA) enables “agile accreditation” in a way that is cost-effective, low-effort (i.e. partly automated), and reliable / traceable. MDSA especially enables agile accreditation for agile, interconnected IT landscapes based on model-driven, process-led application development and deployment approaches, and on standard middleware and runtime platforms (e.g. SOA). MDSA allows the automated, formalised assignment of “undistorted” Common Criteria assurance requirements to IT landscape specific technical assurance control objectives in functional system specifications. Both are expressed as formalised models and are automatically and traceably matched.Using model-driven security (MDS), the technical assurance control requirements are then automatically transformed into concrete technical IT enforcement & monitoring at runtime. In addition, the traceable correspondence between technical security implementation and the information assurance requirements is analysed and checked. MDSA also documents Common Criteria “supporting evidence” based on all available design-time system / security models, system / security artefacts, system / security model transformations, and runtime system / security incident logs.Furthermore, MDSA enables the automated analysis whether changes to or newly discovered knowledge about an agile IT landscape impact its security properties, and whether the accreditation is still valid. The goal of MDSA is to automatically check whether IT systems security meets its assurance accreditation requirements, and to check the impact of changes (incl. system, security, requirements, newly discovered vulnerabilities) on the accreditation. Based on so-called “change policies”, MDSA decides whether particular system re-configurations are within scope of the current accreditation (thus enabling a level of IT agility) or whether manual corrections and re-accreditation are required. MDSA also allows to assess the impact of newly discovered security vulnerabilities, e.g. weaknesses in crypto algorithms or buffer overflows in libraries, on one system or multiple systems as part of an Accreditation Management System (AMS), a central database of fine grained accreditation information. If manual re-accreditation is required, MDSA also acts as a decision support tool.

Current State
A ~80 page concept exploration study has been produced for UK Ministry of Defence, and a scientific paper is being submitted for publication. MDSA is currently at the prototype stage. Please contact ObjectSecurity if you are interested in further information about the OpenPMF MDSA prototype or the study.