论文信息 - Development of Applications Based on Security Patterns

Development of Applications Based on Security Patterns

Current approaches for software development fail in the integration of security aspects. Usually, this is because of the software complexity and the speci¿c expertise needed for the integration of modern security solutions. In this paper we present the SERENITY Project which proposes a framework addressing this issue. SERENITY is based on the separation of the development of security solutions from the development of secure software supported by these security solutions. Both developments, security solutions and secure applications, are centered on the use of libraries of precise descriptions of reusable security solutions stored in the form of security patterns. This approach ¿ts very well with new emerging scenarios such as ambient intelligence, ubiquitous computing, grids, etc. In this paper we present the development of a secure application based on these ideas, in order to do that, we introduce an Application Programming Interface (API) specially designed for use SERENITY advantages.

[1] Daniel Serrano,et al. Towards Precise and Certified Security Patterns , 2007 .

[2] Luís Moniz Pereira,et al. Towards a Model of Evolving Agents for Ambient Intelligence , 2007 .

[3] Ernesto Damiani,et al. Web Service Security , 2011, Encyclopedia of Cryptography and Security.

[4] Ralph Johnson,et al. design patterns elements of reusable object oriented software , 2019 .

[5] Charles Terence Clegg Wall,et al. Patterns of application , 1999 .

[6] Ramesh Nagappan,et al. Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[7] Carsten Rudolph,et al. Security Engineering for Ambient Intelligence: A Manifesto , 2006 .

[8] Tsvi Kuflik,et al. Agent Patterns for Ambient Intelligence , 2004, ER.

[9] Max Jacobson,et al. A Pattern Language: Towns, Buildings, Construction , 1981 .

[10] J. Hogg. Web service security : scenarios, patterns, and implementation guidance for Web services enhancements (WSE) 3.0 , 2005 .

[11] Sergio A. Velastin,et al. PRISMATICA: toward ambient intelligence in public transport environments , 2005, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.