VSM: A visual tool for the design and deployment of security requirements

Software security components have become an integral part of large scale projects; and hence they demand greater attention during the development phase. Often security implementations are longer-term processes; this implies that it will become all the more expensive to iterate the software development life cycle along with addressing the needs of security components. This problem is partly addressed in [11] where a rule based active security system to automate policy deployment is proposed. In this paper, we propose the Visual Security Model (VSM) to model security requirements in terms of artifacts at a system level to sandbox critical system components and their development process. VSM uses Model Driven Approach (MDA) to augment reliability into the rule extraction process. The algorithm proposed here for policy extraction takes structural relations of system artifacts and their behavioral features as inputs. A tool based on this approach has been prototyped for two subsystems in Linux kernel and we demonstrate its use to extract policies to sandbox Linux kernel. Using VSM, a user can thus diagrammatically specify the necessary security requirements and obtain policies that can be deployed to sandbox a system.