Scribd
Upload
30 views20 pages

Security Mechanism

This document describes a security mechanism for object-oriented applications. It shows how to implement user login and propagation of secure user sessions. It also demonstrates controlling access to secure objects. The key steps are: 1. Provide necessary class libraries for the security mechanism. 2. Establish main application forms with login forms. 3. Have all secure classes implement the ISecureData interface to control access. The security mechanism allows login validation, creating a secure user context, passing that context between forms, and restricting access to secure objects based on user permissions.

Uploaded by

21020641
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views20 pages

Security Mechanism

This document describes a security mechanism for object-oriented applications. It shows how to implement user login and propagation of secure user sessions. It also demonstrates controlling access to secure objects. The key steps are: 1. Provide necessary class libraries for the security mechanism. 2. Establish main application forms with login forms. 3. Have all secure classes implement the ISecureData interface to control access. The security mechanism allows login validation, creating a secure user context, passing that context between forms, and restricting access to secure objects based on user permissions.

Uploaded by

21020641
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

Object-Oriented Analysis and Design

Appendix: Security Mechanism


Identify Design Mechanisms -
Security Mechanism

Object Oriented Analysis and Design 2


Example: Reuse: Security Mechanism
Implementation Model Design Model

UIFramework
.dll GUI Framework Your GUI

ISecureUser Your
(from Secure Interfaces) Controllers

UserContext <<subsystem>> Your


RemoteObject Security Entities
Manager

Secure.java
Secure
Interfaces

Object Oriented Analysis and Design 3


Example: Reuse: Security Mechanism (contd.)
LoginForm
(from GUI Framework)
MainApplicationForm
(from GUI Framework) open()
enterUserName()
validateUserIDPassword()
start()
enterPassword()
setupSecurityContext() 1 0..1
logInUser()
displayAvailOperations()
setupSecurityContext()
1 getUserContext()
getUserName()
0..1
0..1
UserSecurityContext SecurityAccess
(from Security Manager) <<Interface>> 0..1 (from Secure Interfaces)
ISecureUser
(from Secure Interfaces) isReadable()
setAccess() isWriteable()
getAccess() setAccess() isDeleteable()
getUserId() getAccess() makeReadable()
UserSecurityContext() getUserId() makeWriteable()
checkInternalTables() new() makeDeleteable()
new()
Role to be filled by the designer
applying the mechanism
<<role>> UniqueId
SampleSecureClass <<Interface>> (from Secure Interfaces)
ISecureData
(from Secure Interfaces) generate()
getUniqueID() asString()
getUniqueId() UniqueId()

Object Oriented Analysis and Design 4


Example: Security Mechanism: Secure User Set-Up at Login

Any User : : LoginForm : ISecureUser


MainApplicationForm
1. start( )
1.1. open( )

2. enterUserName( )
We did not expand on
3. enterPassword( ) validation since it was a
reverse engineered
4. logInUser( ) component

4.1. validateUserIDPassword( )

[ login successful ]
4.2. setupSecurityContext( )
4.2.1. new(UserID)

[ login successful ]
The
5. setupSecurityContext( ) MainApplicationForm
retains the secure
user context for later
5.1. getUserContext( ) processing by the
user.

6. close( )

7. displayAvailOperations( )

Display the
operations/functions that
the application provides.

Object Oriented Analysis and Design 5


Example: Security Mechanism: Secure User Propagation

:SampleMain : :
AppForm SampleAppSubForm SampleController
: User
It is assumed that the User has logged in.
Secure user
session was
1: // doSomething( ) set up during
Login
2: open(ISecureUser)

Provide secure user


3: new() session to controller for
any later validation
4: setSession(ISecureUser)

5: // display available operations( )

Object Oriented Analysis and Design 6


Example: Security Mechanism: Secure Object Access

Secure Object : ISecureUser :


Client SecurityAccess

1: getAccess(ISecureData)

2: isReadable( )

AND/OR
3: isWriteable( )

AND/OR
4: isDeleteable( )

Object Oriented Analysis and Design 7


Incorporating the Security Mechanism: Steps
 Provide access to the class libraries needed to
implement the Security mechanism
 New Security package
 Establish main application forms, with associated
login forms
 Package containing forms dependent on
Security GUI Framework package
 Create main application forms Deferred
 Have all secure classes realize the ISecureData
interface
 Package containing core data types dependent
on Security Secure Interfaces package
 Add realization relationships Deferred

Object Oriented Analysis and Design 8


(continued)
Incorporating the Security Mechanism: Steps (cont.)
 Provide secure user session (ISecureUser) access,
where necessary
 Package containing control classes dependent
on Security GUI Framework package Deferred
 Control classes will need secure user session
access
 Add setSession(ISecureIUser) operation
 Create/update interaction diagrams with security
processing
 Secure user set-up (login)
 Secure user propagation (secure user session
availability) Deferred

 Secure data access (checking access


permissions)

Object Oriented Analysis and Design 9


Example: Incorporating the Security Mechanism: Steps (cont.)
<<boundary>>
<<boundary>> LoginForm Sample <<control>>
Sample Application Form Sample
Secure Class Sample Control Class
// login user() Secure Class
// enter username and password()
// validate username and password()

MainApplicationForm LoginForm
(from GUI Framework) (from GUI Framework) <<control>>
SampleSecureClass Sample Control Class
1 0..1
start() open()
setupSecurityContext() enterUserName() getUniqueID() setSession(toUser: ISecureUser)
validateUserIDPassword()
enterPassword()
logInUser()
Sample Main Form setupSecurityContext()
getUserContext()

1
ISecureData
0..1
(from Secure Interfaces)
<<boundary>>
Sample Application Form

Object Oriented Analysis and Design 10


Example: Incorporating the Security Mechanism: Steps (cont.)

Sample
Application Package
Security
GUI <<subsystem>>
Framework Security
Manager
Sample
Secure Data
Secure
Interfaces

Object Oriented Analysis and Design 11


Use-Case Design -
Incorporating Security Mechanism

Object Oriented Analysis and Design 12


Review: Incorporating the Security Mechanism: Steps
 Provide access to the class libraries needed to
implement the Security mechanism
  New Security package
 Establish main application forms, with associated
login forms
  Package containing forms dependent on
Security GUI Framework package
  Create main application forms
 Have all secure classes realize the ISecureData
interface
 Package containing core data types dependent
on Security Secure Interfaces package
 Add realization relationships
 - Done
Object Oriented Analysis and Design 13
(continued)
Review: Incorporating the Security Mechanism: Steps (cont.)

 Provide secure user session (ISecureUser) access,


where necessary
  Package containing control classes dependent on
Security GUI Framework package
 Control classes will need secure user session
access
 Add setSession(ISecureIUser) operation
 Create/update interaction diagrams with security
processing
 Secure user set-up (login)
 Secure user propagation (secure user session
availability)
 Secure data access (checking access permissions)

 - Done
Object Oriented Analysis and Design 14
Example: Incorporating the Security Mechanism
<<boundary>>
LoginForm <<entity>> <<control>>
<<boundary>>
Schedule RegistrationController
RegisterForCoursesForm
// login user()
// register for courses() // enter username and password()
// validate username and password()

MainApplicationForm LoginForm
(from GUI Framework) (from GUI Framework) <<control>>
<<entity>> RegistrationController
1 0..1 Schedule
start() open()
setupSecurityContext() enterUserName() setSession(toUser: ISecureUser)
validateUserIDPassword()
enterPassword()
logInUser()
MainStudentForm setupSecurityContext()
getUserContext()

1
ISecureData
0..1
(from Secure Interfaces)
<<boundary>>
RegisterForCoursesForm

// register for courses()


Object Oriented Analysis and Design 15
Example: Incorporating the Security Mechanism (cont.)

<<layer>>
Application

<<layer>>
Application
Registration

<<layer>>
Business
Services
<<layer>>
Business Services

University Artifacts Security


(from Business Services) (from Business Services)

Secure Interfaces GUI Framework


(from Security) (from Security)

Object Oriented Analysis and Design 16


Example: Incorporating the Security Mechanism: Secure User Set-Up

Any User : MainStudentForm : LoginForm StudentSession :


ISecureUser
1. start( )
1.1. open( ) The user name
for students is
the Student ID.
2. enterUserName( )

3. enterPassword( )

4. logInUser( )

4.1. validateUserIDPassword( )

[ login successful ]
4.2. setupSecurityContext( )

4.2.1. new(UserID)

[ login successful ]
5. setupSecurityContext( )
The MainStudentForm
5.1. getUserContext( ) retains the Student's
session for later
processing by the
user.
6. getUserName( )
7. close( )

8. displayAvailOperations( )
Display the
operations/functions that
the application provides.

Object Oriented Analysis and Design 17


Example: Incorporating the Security Mechanism: Secure User Propagation

: : :
MainStudentForm RegisterForCoursesForm RegistrationController
: Student
It is assumed that the Student has logged in.
Secure user
See Basic Flow - Login Interaction diagram.
session was
1: // register for courses( ) set up during
Login
2: open(ISecureUser)

3: // is registration open?( )

[registration is open]
Provide secure user
4: new() session to controller for
any later validation
5: setSession(ISecureUser)
The user may select any
of these operations 6: // display available operations( )

7: // create schedule( )

8: // update schedule( )

9: // delete schedule( )

Object Oriented Analysis and Design 18


Example: Incorporating the Security Mechanism: Secure Data Access

: RegisterForCoursesForm : RegistrationController : : ISecureUser : Schedule : Student


SecurityAccess
: Student

1: // select 4 primary and 2 alternate offerings( )

2: // create schedule with offerings( )

3: // create with offerings( )

4: new( )

5: makeReadable( )
Set the access
permissions to wide open
6: makeWriteable( ) for the Student/owner of the
Schedule
7: makeDeleteable( )

8: setAccess(ISecureData, SecurityAccess)

9: // add schedule(Schedule)

At this, point the Submit Schedule subflow is executed.

Object Oriented Analysis and Design 19


Example: Incorporating the Security Mechanism: VOPC
<<Interface>>
MainApplicationForm
ISecureUser
(from GUI Framework)
(from Secure Interfaces)
1 0..1

MainStudentForm View
(from Registration) (from GUI Framework)

1 open(forUser : ISecureUser) <<Interface>>


ISecureData
(from Secure Interfaces)
0..1
<<control>>
<<boundary>> RegistrationController SecurityAccess
RegisterForCoursesForm (from Registration) (from Secure Interfaces)
(from Registration)
1 1
setSession(forUser : ISecureUser) 0..1
0..1
+currentSchedule
<<entity>>
Schedule
0..1
(from University Artifacts)

0..*
0..1 1
+registrant <<entity>>
Student
(from University Artifacts)

Object Oriented Analysis and Design 20

You might also like