Student name and surname: Student ID: EXAMINATION

Transcription

1 Student name and surname: Student ID: EXAMINATION The exam is open-book, open-laptop, and open-internet. You are not allowed to share information with anyone during the exam other than the lecturer. You can provide your solutions either on paper or electronically. In case of the electronic solutions, please the file to < > no later than 16:05 with a subject [SSD2017] exam solutions. Scheduler Case (Feather et al, 1997) s are typically arranged in the following way. A meeting initiator asks all potential meeting attendees for the following information based on their personal agenda: a set of dates on which they cannot attend the meeting (hereafter referred as exclusion set); a set of dates on which they would prefer the meeting to take place (hereafter referred as preference set). A meeting date is defined by a pair (calendar date, time period). The exclusion and preference sets are contained in some time interval prescribed by the meeting initiator (hereafter referred as date range). The initiator also asks active participants to provide any special equipment requirements on the meeting location (e.g., overhead-projector, workstation, network connection, telephones, etc.). He/she may also ask important participants to state preferences about the meeting location. The proposed meeting date should belong to the stated date range and to none of the exclusion sets; furthermore it should ideally belong to as many preference sets as possible. A date conflict occurs when no such date can be found. A conflict is strong when no date can be found within the date range and outside all exclusion sets; it is weak when dates can be found within the date range and outside all exclusion sets, but no date can be found at the intersection of all preference sets. Conflicts can be resolved in several ways: the initiator extends the date range; some participants remove some dates from their exclusion set; some participants withdraw from the meeting; some participants add some new dates to their preference set. A meeting room must be available at the selected meeting date. It should meet the equipment requirements; furthermore it should ideally belong to one of the locations preferred by as many important participants as possible. A new round of negotiation may be required when no such room can be found. The meeting initiator can be one of the participants or some representative (e.g., a secretary). The purpose of the meeting scheduler system is to support the organisation of meetings that is, to determine, for each meeting request, a meeting date and location so that most of the intended participants will effectively participate. The meeting date and location should thus be as convenient as possible to all participants. Information about the meeting should also be made available as early as possible to all potential participants. The intended system should considerably reduce the amount 1

2 of overhead usually incurred in organizing meetings where potential attendees are distributed over many different places. On another hand, the system should as closely as possible reflect the way meetings are typically managed. An extract of Scheduler model Scheduler is given in Table 1 and Fig. 1. Table 1. Definition of Schedule meeting use case Use Case ID: 1 Use Case Name: Schedule meeting Created By: Raimundas Last Updated By: Raimundas Date Created: Date Last Updated: Actors: Scheduler Description: The scheduler executes this function when there is a need for the meeting organisation. The meeting is initiated by meeting initiator, and different participants take part in it. Before the meeting can take place it needs to be scheduled. Trigger: The necessity for the meeting emerges. Preconditions: End of the business stage, need for new planning; Unexpected even in the business processes. Postconditions: The meeting is scheduled: the dates are agreed between meeting participants and every participant is informed about them. Normal Flow: 1. Initiator enters the date range (in01) 2. Participant enter their date range (in02, ex01) 3. Scheduler finds agreeable date (in03) Range Alternative Flows: 4. Participant obtain the agreed date (in04) af1. Initiator announces about the meeting dates using other (manual, s, postal letters, etc) means. Exceptions: ex01. Participants are not registered and do not have account in the Scheduler Includes: in01. Enter date range in02. Enter available dates in03. Find agreeable date in04. Obtain date Priority: 1 the highest priority, if the meeting in urgent. 3 the medium priority if the meeting is for the normal occasion. Frequency of 4 times a month Use: Business Rules: The need for the meeting - this might include the emerging event in the business process, or the end of the business stage. Special All potential meeting participants shall have access to Scheduler Requirements: 2

3 Fig. 1. Scheduler example TASKS Task 1 (10 points): Analyse Scheduler example and define what the business assets are and how they are supported by the system assets. What is security objective? To structure your answer, fill in Table 2. Task 2 (10 points): Consider the meeting Scheduler example and solution of Task 1. Define one security risk using Taxonomy of Seven pernicious kingdom (or any other vulnerability database) to determine vulnerabilities of the systems assets; Characteristics of threat agent to characterise capabilities, motivation and expertise of the threat agent; STRIDE and/or taxonomy of threats to (distributed) systems to determine threats and attack methods; Symptoms of malicious software to indicate the harm to the assets. Indicate what could be the possible negation of the security criterion. To structure your answer, fill in Table 3. 3

4 Task 3 (10 points): For the security risk identified in Task 2, what the possible security risk treatment decision could be applied. What security requirements should be introduced, and how do they mitigate the identified risk? What controls do implement these requirements? Defined security requirements must respect guidelines of the good requirements. To structure your answer, fill in Table 4. Task 4 (10 points): Using security risk-oriented misuse cases create a diagram(s) to represent the security risk defined in Table 3. Task 5 (10 points): Define the model transformation guidelines from security risk-oriented misuse cases to security risk-oriented BPMN (business model process and notation). To structure your answer, fill in Table 5. Task 6 (10 points): Illustrate how your transformation rules (see Table 5) should be applied to the Task 4 solution. Discuss if the received diagram is complete; if not, what should be added to complete the received diagram. Task 7 (10 points): Data about the is gathered in Table 6. What result will be retrieved if the k-anonymity method is applied using these parameters: name and initiator are identifiers; date, place and participants are quasi identifiers; Main topic is sensitive date is generalise, as o From to à Early period o From to à Middle period o From to à Late period participants are generalised as o John, Mari, Rosa, Karl à 4 participants o Karl, Peeter à 2 participants o Rick, John, Karl à 3 participants o Rosa, Karl à 2 participants Fill your answer to Table 7. Discuss if the k-anonymity with the following parameters gives a sufficient protection. Task 8 (10 points): Analyse the meeting Scheduler example and define the UMLsec model representing the role-based access control policy regarding the data (see Table 6), which characterise the. 4

5 Table 2: Template to support answer of Task 1 Security context Scheduler example Business asset Security criteria System assets supports Table 3: Template to support answer of Task 2 System asset(s) (select from Table 1) Vulnerability Threat agent Threat and Attack method Impact and its Harm Risk 5

6 Table 4: Template to support answer of Task 3 Risk treatment decision mitigates Security requirements Controls Table 5: Template to support answer of Task 5 Rule ID Transformation rule TR.MUC-BPMN.1 A misuse case actor is translated to 6

7 Table 6. data name initiator date place participants Main topic BBB3 Mari Tallinn John, Mari, Rosa, Karl Fish industry plans AAD Mari Tartu John, Mari, Rosa, Karl Building construction BCD2 Peeter Tallinn Karl, Peeter A-improvements ABC Karl Tallinn Karl, Peeter Fish industry plans BCD Peeter Tallinn Karl, Peeter Fish industry plans A++ Rosa Tartu Rosa, Karl Fish industry plans AAA2 John Tallinn Rick, John, Karl A-improvements ABA Mari Tartu John, Mari, Rosa, Karl Building construction A+ Rosa Tallinn Rosa, Karl Building construction ABC2 Karl Tartu Karl, Peeter A-improvements Table 7. Template to support answer of Task 7 7