Pobierz prezentację
Pobieranie prezentacji. Proszę czekać
1
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Internet security risk management Prof. Artis Teilans, Aleksandrs Larionovs Rēzeknes Augstskola (Rezekne University of Applied Sciences) Rezekne, Latvia Arnis Kleins Riga Technical University, Riga, Latvia
2
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Outline UML modelling Domain Specific Languages DSL for IT risk analysis Examples of Modelling Conclusions Questions
3
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Two communities of modellers While developing or reengineering business systems it is common to use UML. -Design the system structure -Describe behaviour of the system - Model is static
4
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Two communities of modellers Simulation –Process of modelling the system and experimentation with the model of the system –Imitation of the operation of the system over time, considering stohastic factors –Forecasting system’s behaviour in different circumstances –Optimize parameters –Identify faults,etc.
5
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Two communities of modellers UML modellers –Describe behaviour using diagrams such as Use Cases, Actors, Activities, Objects etc. Simulationists –Describe behaviour using simulation tools and languages –Prepare experiments with a system
6
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie UML modelling
7
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie UML modelling Describes the system structure and behaviour using diagrams Builds up an abstract model of a system Functional model – Use case diagrams Structural model – Class & Component diagrams Dynamical model – Activity, State, Sequence, Collaboration diagrams
8
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie UML Use Case diagram
9
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie UML Activity diagram
10
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Example of stohastic output condition of an activity
11
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Event-based process simulation
12
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Domain Specific Language Programming or specification language dedicated to a particular problem domain Allow solutions to be expressed in the idiom and at the level of abstraction of the problem domain Allow validation at the domain level Self-documenting Enhance quality, productivity, reliability, maintainability, portability and reusability
13
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Domain Specific Language
14
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Sample DSL for Risk Analysis domain Sample DSL for the Risk Analysis domain Application in financial industry – risk analysis of the Delivery vs Payment process
15
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie CORAS method EU funded CORAS project (IST-2000- 25031). Security critical IT system risk analysis methodology Set of symbols and diagrams for description of a system at various stages of risk analysis
16
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie CORAS method – conceptual model
17
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Two paralel activities UML modelling Describe system behaviour using –Use Case and Activity diagrams Risk analysis –Describe threats, threat scenarios, system vulnerabilities, unwanted incidents, risks and their impact on valuable system assets –Perform simulation experiments.
18
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Risk analysis DSL. Misuse Case diagram
19
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Risk analysis DSL. Activity diagram.
20
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Simulation of Activity diagrams
21
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Simulation of Risk diagrams Diagramm elementStohastic attribute Relation between Risk and Asset Impact Unwanted incidentUsed as connector between risk and system models. Transfer events from treatment scenario to system model. Event raises a disability of selected activity of a system model. Duration of disability Threat ScenarioStart Delay Number of Threat events in group Delay between groups Number of Groups
22
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Simulation Engine
23
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Conclusions A prototype of the domain specific modelling tool was implemented. The given approach allows to perform IT risk analysis which is based on the unified IT system model specification. In this way the one window approach is realised for both system developers and maintainers and for those responsible for the security policy of a system. The presented DSL and modelling tool are still in the early development stages. Further work will be performed to improve the Domain specific language.
24
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Conclusions The second group of further activities will be devoted to implementation of an appropriate simulation engine. Model repository and tools for storing and processing simulation results will be developed for domain specific decision support. This approach will be approved on state-wide IT systems and important financial sector IT systems.
25
www.wspkorczak.eu Wyższa Szkoła Pedagogiczna im. Janusza Korczaka w Warszawie Thank you for your kind attention! Questions ??
Podobne prezentacje
