Abstract
The requirement for higher Security and Dependability (S&D) of systems is continuously increasing, even in domains traditionally not deeply involved in such issues. In our work, we propose a modeling environment for pattern-based secure and dependable embedded system development by design. Here we study a general scheme for representing security and dependability (S&D) design patterns whose intention specification can be defined using a set of local properties. We propose an approach that associates Model Driven Engineering (MDE) and formal validation to get a common representation to specify patterns for several domains. The contribution of this work is twofold. On the one hand, we use model-based techniques to capture a set of artifacts to specify patterns. On the other hand, we introduce a set of artifacts for the formal validation of these patterns in order to guarantee their correctness. As an illustration of the approach, we study the authorization pattern.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Avizienis, A., Laprie, J.C., Randell, B., Landwehr, C.: Basic concepts and taxonomy of dependable and secure computing. IEEE Trans. Dependable Secure Comput. 1, 11–33 (2004)
Cheng, B., Cheng, B.H.C., Konrad, S., Campbell, L.A., Wassermann, R.: Using security patterns to model and analyze security. In: IEEE Workshop on Requirements for High Assurance Systems, pp. 13–22 (2003)
Douglass, B.P.: Real-time UML: Developing Efficient Objects for Embedded Systems. Addison-Wesley, Reading (1998)
Fernandez, E.B., Yoshioka, N., Washizaki, H., Jürjens, J., VanHilst, M., Pernul, G.: Using security patterns to develop secure systems. In: Mouratidis, H. (ed.) Software Engineering for Secure Systems: Industrial and Research Perspectives, pp. 16–31. IGI Global (2010)
Gamma, E., Helm, R., Johnson, R.E., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading (1995)
Gasparis, E., Nicholson, J., Eden, A.H.: LePUS3: an object-oriented design description language. In: Stapleton, G., Howse, J., Lee, J. (eds.) Diagrams 2008. LNCS (LNAI), vol. 5223, pp. 364–367. Springer, Heidelberg (2008)
Di Giacomo, V., et al.: Using security and dependability patterns for reaction processes. In: Proceedings of the 19th International Conference on Database and Expert Systems Application, pp. 315–319. IEEE Computer Society (2008)
Le Guennec, A., Sunyé, G., Jézéquel, J.-M.: Precise modeling of design patterns. In: Evans, A., Caskurlu, B., Selic, B. (eds.) UML 2000. LNCS, vol. 1939, pp. 482–496. Springer, Heidelberg (2000)
Halkidis, S.T., Chatzigeorgiou, A., Stephanides, G.: A qualitative analysis of software security patterns. Comput. Secur. 25(5), 379–392 (2006)
Hatebur, D., Heisel, M., Schmidt, H.: A security engineering process based on patterns. In: Proceedings of the 18th International Conference on Database and Expert Systems Applications, DEXA ’07, pp. 734–738. IEEE Computer Society, Washington (2007)
Jarvinen, H.M., Kurki-Suonio, R.: Disco specification language: marriage of actions and objects. In: 11th International Conference on Distributed Computing Systems, pp. 142–151. IEEE Press (1991)
Kim, D.K., France, R., Ghosh, S., Song, E.: A UML-based metamodeling language to specify design patterns. In: Patterns, Proceedings Workshop Software Model Engineering (WiSME) with Unified Modeling Language Conference 2004, pp. 1–9 (2004)
Mapelsden, D., Hosking, J., Grundy, J.: Design pattern modelling and instantiation using dpml. In: CRPIT ’02: Proceedings of the Fourteenth International Conference on Tools Pacific, pp. 3–11. Australian Computer Society Inc. (2002)
Mikkonen, T.E.: Formalizing design patterns. In: Proceeding ICSE ’98 Proceedings of the 20th International Conference on Software Engineering. IEEE Press (1998)
Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL – A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002)
OMG. OMG. A UML profile for MARTE: modeling and analysis of real-time embedded systems, beta 2. (June 2008). http://www.omgmarte.org/Documents/Specifications/08-06-09.pdf
Schmidt, D.: Model-driven engineering. IEEE Comput. 39(2), 41–47 (2006)
Schumacher, M.: Security Engineering with Patterns - Origins, Theoretical Models, and New Applications. LNCS, vol. 2754. Springer, Heidelberg (2003)
Schumacher, M., Fernandez, E., Hybertson, D., Buschmann, F.: Security Patterns: Integrating Security and Systems Engineering. Wiley, Chicester (2005)
Steinberg, D., Budinsky, F., Paternostro, M., Merks, E.: EMF: Eclipse Modeling Framework 2.0., 2nd edn. Addison-Wesley Professional, Reading (2009)
Tanenbaum, A.S., Steen, M.: Distributed systems, principles and paradigms, 2/E. Prentice-Hall Inc., Upper Saddle River (2007)
Yoshioka, N., Washizaki, H., Maruyama, K.: A survey of security patterns. Prog. Inform. (5), 35–47 (2008)
Ziani, A., Hamid, B., Trujillo, S.: Towards a unified meta-model for resources-constrained embedded systems. In: 37th EUROMICRO Conference on Software Engineering and Advanced Applications, pp. 485–492. IEEE (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Hamid, B., Percebois, C. (2014). Model-Based Specification and Validation of Security and Dependability Patterns. In: Danger, J., Debbabi, M., Marion, JY., Garcia-Alfaro, J., Zincir Heywood, N. (eds) Foundations and Practice of Security. FPS 2013. Lecture Notes in Computer Science(), vol 8352. Springer, Cham. https://doi.org/10.1007/978-3-319-05302-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-05302-8_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05301-1
Online ISBN: 978-3-319-05302-8
eBook Packages: Computer ScienceComputer Science (R0)