Applying Security Patterns for Component Based Applications Using UML Profile

Today's systems require a higher consideration for the non functional requirement as security and dependability. Developers have to handle these requirements during software development lifecycle. To provide developers with security guidelines, security patterns were proposed. These patterns are a collection of expert's security knowledge and a good solution to convey security concepts. In order to encourage developers to take advantage from security solutions proposed by security patterns, we think that it is necessary to provide an appropriate mechanism to implement those patterns using UML profiles. In this paper, we propose structured UML profiles construction process based on security patterns. An illustration of the proposed profile construction process is provided using the active replication pattern. A case study of GPS system is also provided to demonstrate the application of generated UML profile using the proposed process.

[1]  Max Jacobson,et al.  A Pattern Language: Towns, Buildings, Construction , 1981 .

[2]  Alan W. Brown,et al.  The Current State , 2016 .

[3]  Clemens A. Szyperski,et al.  Component software - beyond object-oriented programming , 2002 .

[4]  Jing Dong,et al.  Visualizing design patterns with a UML profile , 2003, IEEE Symposium on Human Centric Computing Languages and Environments, 2003. Proceedings. 2003.

[5]  A Min Tjoa,et al.  Access Controls by Object-Oriented Concepts , 1997, DBSec.

[6]  Brahim Hamid,et al.  Towards a Better Integration of Patterns in Secure Component-Based Systems Design , 2011, ICCSA.

[7]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[8]  Peter Kajsa,et al.  Design Patterns Instantiation Based on Semantics and Model Transformations , 2009, SOFSEM.

[9]  Paddy Nixon,et al.  Automated software evolution towards design patterns , 2001, IWPSE '01.

[10]  Yann-Gaël Guéhéneuc,et al.  Meta-modeling Design Patterns: application to pattern detection and code synthesis , 2001 .

[11]  Bran Selic,et al.  The Pragmatics of Model-Driven Development , 2003, IEEE Softw..

[12]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[13]  Stephen S. Yau,et al.  Integration in component-based software development using design patterns , 2000, Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000.

[14]  Hafedh Mili,et al.  A model-driven framework for representing and applying design patterns , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[15]  Sudipto Ghosh,et al.  A UML-Based Metamodeling Language to Specify Design Patterns , 2003 .

[16]  Wang Huai-Min,et al.  Research and Implementation of Design Pattern-Oriented Model Transformation , 2007, 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI'07).

[17]  Jean Bézivin,et al.  Towards a precise definition of the OMG/MDA framework , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[18]  Martin Glinz,et al.  On Non-Functional Requirements , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[19]  John Grundy,et al.  Design pattern modelling and instantiation using DPML , 2002 .