Abstract
Since applications have become increasingly complex and because the design of secure systems necessitates security expertise, security patterns are now widely used as guidelines proposed by security experts in order to solve a recurring security problem. In order to encourage application designers to take advantage from security solutions proposed by security patterns, we think that it is necessary to provide an appropriate mechanism to implement those patterns. We propose a full security pattern integration methodology from the earliest phases of software development until the generation of the application code. The proposed solution uses the UML component model as an application domain of security patterns and bases on the use of UML profiles and model transformations with the ATL language. For the generation of code and for keeping the separation between the functional code of the component based application and security solution, we use the aspect paradigm. An illustration of the proposed approach is provided using the Role Based Access Control (RBAC) pattern. A case study of GPS system is also provided to demonstrate the application of the proposed approach.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Devanbu, P.T., Stubblebine, S.: Software Engineering for Security: a Roadmap. In: Proceedings of the Conference of the Future of Software Engineering (2000)
Yoder, J., Barcalow, J.: Architectural patterns for enabling application security. In: Fourth Conference on Patterns Languages of Programs (1997)
Diego, S., Advisors, R., Maña, A., Yagüe, M.I.: Integration of Security Patterns in Software Models based on Semantic Descriptions
Szyperski, C.: Component Software: Beyond Object-Oriented Programming. Addison-Wesley Longman Publishing Co., Boston (2002)
Sentilles, S.: Towards efficient component based software development of distributed embedded systems (2009)
OMG: Omg unified modeling language specification, http://www.omg.org/spec/UML/2.0/
Halkidis, S.T., Tsantalis, N., Chatzigeorgiou, A., Stephanides, G.: Architectural Risk Analysis of Software Systems Based on Security Patterns. IEEE Transactions on Dependable and Secure Computing 5, 129–142 (2008)
Schumacher, M.: Security Engineering with Patterns. LNCS, vol. 2754. Springer, Heidelberg (2003)
Haralambos Mouratidis, P.G.: Security Patterns for Agent Systems
Rudolph, A.F., Gurgens, S., Rudolph, C.: Towards a Generic Process for Security Pattern Integration (Info). In: 20th International Workshop on Database and Expert Systems Application, pp. 171–175 (2009)
Horvath, V., Dörges, T.: From security patterns to implementation using petri nets. In: Proceedings of the Fourth International Workshop on Software Engineering for Secure Systems, SESS 2008, pp. 17–24. ACM Press, New York (2008)
Diego Ray, A.M., Integration, M.I.Y.: of Security Patterns in Software Models based on Semantic Descriptions. Presented at the
Bouaziz, R., Hamid, B., Desnos, N.: Towards a better integration of patterns in secure component-based systems design. In: Murgante, B., Gervasi, O., Iglesias, A., Taniar, D., Apduhan, B.O. (eds.) ICCSA 2011, Part V. LNCS, vol. 6786, pp. 607–621. Springer, Heidelberg (2011)
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley Series in Software Design Patterns. Wiley (2006)
Papyrus UML, http://www.papyrusuml.org/scripts/home/publigen/content/templates/show.asp?L=EN&P=55&vTicker=alleza&ITEMID=3
OCL 2.3.1, http://www.omg.org/spec/OCL/2.3.1/
Aspect-oriented software development website, http://aosd.net
IBM: rational rose website, http://www-01.ibm.com/software/awdtools/developer/rose/
Entreprise Architect website, http://www.sparxsystems.com/
OMG: MDA Specifications, http://www.omg.org/mda/specs.htm
Jürjens, J.: UMLsec: Extending UML for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Yau, S.S.: Integration in component-based software development using design patterns. In: Proceedings 24th Annual International Computer Software and Applications Conference, pp. 369–374. IEEE Comput. Soc. (2000)
El Boussaidi, G., Mili, H.: A model-driven framework for representing and applying design patterns. In: 31st Annual International Computer Software and Applications Conference, COMPSAC 2007, vol. 1, pp. 97–100. IEEE (2007)
Wang, X.-B., Wu, Q.-Y., Wang, H.-M., Shi, D.-X.: Research and Implementation of Design Pattern-Oriented Model Transformation. In: 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI 2007), pp. 24–24. IEEE (2007)
Cinnéide, Ó., Nixon, M., Automated, P.: software evolution towards design patterns. In: Proceedings of the 4th International Workshop on Principles of Software Evolution, IWPSE 2001, p. 162. ACM Press, New York (2002)
Kajsa, P., Majtás, L.: Design patterns instantiation based on semantics and model transformations. In: van Leeuwen, J., Muscholl, A., Peleg, D., Pokorný, J., Rumpe, B. (eds.) SOFSEM 2010. LNCS, vol. 5901, pp. 540–551. Springer, Heidelberg (2010)
Ortiz, R., Moral-García, S., Moral-Rubio, S., Vela, B., Garzás, J., Fernández-Medina, E.: Applicability of security patterns. In: Meersman, R., Dillon, T.S., Herrero, P. (eds.) OTM 2010, Part I. LNCS, vol. 6426, pp. 672–684. Springer, Heidelberg (2010)
Yu, Y., Kaiya, H., Washizaki, H., Xiong, Y., Hu, Z., Yoshioka, N.: Enforcing a security pattern in stakeholder goal models. In: Proceedings of the 4th ACM Workshop on Quality of Protection, QoP 2008, p. 9. ACM Press, New York (2008)
Fernandez, E.B., Larrondo-Petrie, M.M., Sorgente, T., Vanhilst, M.: A Methodology to Develop Secure Systems Using Patterns. Integrating Security and Software Engineering 5, 107–126 (2006)
Georg, G., Ray, I., France, R.: Using Aspects to Design a Secure System. In: Proc. of the Eighth IEEE International Conference on Engineering of Complex Computer Systems (ICECCS 2002), pp. 117–126. ACM Press, Greenbelt (2002)
Indrakshi Ray, R.F.: An aspect-based approach to modeling access control concerns
Bouaziz, R., Coulette, B.: Secure Component Based Applications Through Security Patterns. In: International Conference on Computational Science and Engineering, CSE 2012 (2012)
Khoury, P.E., Mokhtari, A., Coquery, E., Hacid, M.-S.: An Ontological Interface for Software Developers to Select Security Patterns. In: DEXA Workshops, pp. 297–301 (2008)
Asnar, Y., Massacci, F., Saïdane, A., Riccucci, C., Felici, M., Tedeschi, A., El Khoury, P., Li, K., Seguran, M., Zannone, N.: Organizational Patterns for Security and Dependability: From Design to Application. IJSSE 2(3), 1–22 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Bouaziz, R., Kallel, S., Coulette, B. (2014). An Approach for Security Patterns Application in Component Based Models. In: Murgante, B., et al. Computational Science and Its Applications – ICCSA 2014. ICCSA 2014. Lecture Notes in Computer Science, vol 8583. Springer, Cham. https://doi.org/10.1007/978-3-319-09156-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-09156-3_21
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09155-6
Online ISBN: 978-3-319-09156-3
eBook Packages: Computer ScienceComputer Science (R0)