Difference between revisions of "MQP:Security Analysis Data Model"

From JimboWiki
Jump to: navigation, search
Line 5: Line 5:
  
 
==Requirements==
 
==Requirements==
*The structure should be easy to traverse
+
*The structure should be easy to search and traverse
*Mappings should exist between each security requirement and the block of code that the requirement applies to
+
*The structure must contain a representation of each code element analyzed along with the permissions required by each code element
*Levels of requirements should exist including:
+
*Each permission requirement must provide a complete path to where the requirement originated
**Method level requirements
+
*Each permission requirement must provide the names of the methods that determined it
**Class level requirements
+
*The structure must hold ''"Management Data"'' - policy information that comes from absolute sources (for example, the security policy of a given server or user input at runtime)
**Protection Domain requirements
+
*There must be a way to calculate the resultant set of policy
*The structure should provide a clear understanding of what permissions are "absolutely required" and "possibly required" for each code block
+
*There should be a way to optimize the resultant set of policy by analyzing overlapping permission requirements
**'''Possibly Required''' - This permission is required under certain conditions, but not all conditions
+
**'''Absolutely Required''' - This permission is required under all conditions
+
**We can assume any permission that is not on either list of required permissions is not required under any condition
+
*The structure should provide a clear understanding of what permissions are "granted" and "denied" for each code block
+
**'''Granted''' - This permission is granted to the code block in the policy file
+
**'''Denied''' - This permission is explicitly denied in the policy file, or was denied during a runtime analysis
+
  
 
==Design==
 
==Design==
 
*Data storage
 
*Data storage
**A top level singleton class, ''AnalysisModel'', contains each result set
+
**A top level singleton class, ''AnalysisModel'', contains each CodeBlock
**The result set, ''ProgramAnalysisResult'', contains sets of permissions for each class
+
***'''CodeBlock''' - Any grouping of code: package, protection domain, class, method, etc.
**Each class's policy requirements are stored within the ''ProgramAnalysisResult'' as a ''ClassResult''
+
***The CodeBlock contains any number of PermissionRequirements and any number of PolicyDescriptions
**Each of the class's method's policy requirements are stored within the ''ClassResult'' as a ''MethodResult''
+
****'''PermissionRequirement''' - Tells what permission is required (using a ''PermissionDescription''), the path to get to the permission checking call, and a list of tools that agree on this requirement
**In order to record permission requirements, the ''PermissionDescription'' class is used to store the permission type and name
+
****'''PolicyDescription''' - Describes a set of policy
*Traversal
+
*Data Retrieval
**In order to make the structure easy to implement and traverse, all classes that contain policy requirements extend the abstract class ''Result'', which implements the following functionalities:
+
**Search is performed from the AnalysisModel - any CodeBlock can be found this way, as the AnaysisModel contains each CodeBlock
***Provide a name to the item that the policy requirements apply to
+
**Traversal of the call structure is performed from any CodeBlock - each has a list of children and a reference back to its parent (if any)
***Provide lists for each type of policy requirement (Possibly Required, Absolutely Required, Granted, and Denied)
+
**Traversal of the permission structure is performed from any PermissionRequirement (via a CodeBlock) - each PermissionRequirement has a full trace to the origin of the permission it describes
***Provide methods to add permissions to each list
+
**Resultant policy calculation uses a PolicyApplicationStrategy, which starts at any CodeBlock, and is passed through all its children, processing permissions as it goes
**In order to make the structure easier to traverse, all classes that could be Results but also contain child results extend the abstract class ''ResultWithChildren''
+
**Policy optimization can occur if more than one PermissionRequirement exists for a given PermissionDescription
***ResultWithChildren provides a list of child results (of a specific type) and methods to add to the list, search the list, and create new children of the proper type
+
 
  
 
[[Image:AnalysisModel.png|frame|left|Security Analysis Model]]
 
[[Image:AnalysisModel.png|frame|left|Security Analysis Model]]

Revision as of 19:36, 3 September 2008


MQP Navigation
MQP
MQP-Design
MQP-Prototypes
MQP-Research
  Main
  Project Overview

Overview

In order to provide the results of analysis, a data structure was devised to store the results.

Requirements

  • The structure should be easy to search and traverse
  • The structure must contain a representation of each code element analyzed along with the permissions required by each code element
  • Each permission requirement must provide a complete path to where the requirement originated
  • Each permission requirement must provide the names of the methods that determined it
  • The structure must hold "Management Data" - policy information that comes from absolute sources (for example, the security policy of a given server or user input at runtime)
  • There must be a way to calculate the resultant set of policy
  • There should be a way to optimize the resultant set of policy by analyzing overlapping permission requirements

Design

  • Data storage
    • A top level singleton class, AnalysisModel, contains each CodeBlock
      • CodeBlock - Any grouping of code: package, protection domain, class, method, etc.
      • The CodeBlock contains any number of PermissionRequirements and any number of PolicyDescriptions
        • PermissionRequirement - Tells what permission is required (using a PermissionDescription), the path to get to the permission checking call, and a list of tools that agree on this requirement
        • PolicyDescription - Describes a set of policy
  • Data Retrieval
    • Search is performed from the AnalysisModel - any CodeBlock can be found this way, as the AnaysisModel contains each CodeBlock
    • Traversal of the call structure is performed from any CodeBlock - each has a list of children and a reference back to its parent (if any)
    • Traversal of the permission structure is performed from any PermissionRequirement (via a CodeBlock) - each PermissionRequirement has a full trace to the origin of the permission it describes
    • Resultant policy calculation uses a PolicyApplicationStrategy, which starts at any CodeBlock, and is passed through all its children, processing permissions as it goes
    • Policy optimization can occur if more than one PermissionRequirement exists for a given PermissionDescription


Security Analysis Model
Retrieved from "http://jimbodude.net/w/index.php?title=MQP:Security_Analysis_Data_Model&oldid=1921"