Analysis of Secure Mobile Grid Systems: A systematic approach

Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. The Mobile Grid, which is relevant to both Grid and Mobile Computing, is a full inheritor of the Grid with the additional feature that it supports mobile users and resources. A development methodology for Secure Mobile Grid Systems is proposed in which the security aspects are considered from the first stages of the life-cycle and in which the mobile Grid technological environment is always present in each activity. This paper presents the analysis activity, in which the requirements (focusing on the grid, mobile and security requirements) of the system are specified and which is driven by reusable use cases through which the requirements and needs of these systems can be defined. These use cases have been defined through a UML-extension for security use cases and Grid use cases which capture the behaviour of this kind of systems. The analysis activity has been applied to a real case.

[1]  Jan Jürjens,et al.  Model-based security analysis for mobile communications , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[2]  Haralambos Mouratidis,et al.  A security oriented approach in the development of multiagent systems : applied to the management of the health and social care needs of older people in England , 2004 .

[3]  Mario Piattini,et al.  Designing secure databases , 2005, Inf. Softw. Technol..

[4]  Marty Humphrey,et al.  Security for Grids , 2005, Proceedings of the IEEE.

[5]  Jörn Eichler Towards a Security Engineering Process Model for Electronic Business Processes , 2012, ArXiv.

[6]  Vincenzo Grassi,et al.  A UML Profile to Model Mobile Systems , 2004, UML.

[7]  Mario Piattini,et al.  An engineering process for developing Secure Data Warehouses , 2009, Inf. Softw. Technol..

[8]  Jan Jürjens Using UMLsec and goal trees for secure systems development , 2002, SAC '02.

[9]  Joaquín Nicolás,et al.  Requirements Reuse for Improving Information Systems Security: A Practitioner’s Approach , 2002, Requirements Engineering.

[10]  Mario Piattini,et al.  A common criteria based security requirements engineering process for the development of secure information systems , 2007, Comput. Stand. Interfaces.

[11]  Fausto Giunchiglia,et al.  Tropos: An Agent-Oriented Software Development Methodology , 2004, Autonomous Agents and Multi-Agent Systems.

[12]  Wouter Joosen,et al.  On the secure software development process: CLASP, SDL and Touchpoints compared , 2009, Inf. Softw. Technol..

[13]  Mario Piattini,et al.  PSecGCM: Process for the Development of Secure Grid Computing based Systems with Mobile Devices , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[14]  Philippe Kruchten,et al.  The Rational Unified Process: An Introduction, Second Edition , 2000 .

[15]  Steven Tuecke,et al.  The Physiology of the Grid An Open Grid Services Architecture for Distributed Systems Integration , 2002 .

[16]  Manachai Toahchoodee,et al.  An aspect-oriented methodology for designing secure applications , 2009, Inf. Softw. Technol..

[17]  Bashar Nuseibeh,et al.  A framework for security requirements engineering , 2006, SESS '06.

[18]  Vegard Dehlen,et al.  A UML Profile for Modeling Mobile Information Systems , 2007, DAIS.

[19]  P. Krutchen,et al.  The Rational Unified Process: An Introduction , 2000 .

[20]  Ian T. Foster,et al.  The Anatomy of the Grid: Enabling Scalable Virtual Organizations , 2001, Int. J. High Perform. Comput. Appl..

[21]  Lillian. Rostad An extended misuse case notation: Including vulnerabilities and the insider threat , 2006 .

[22]  Srikanth Pullela Security Issues in Mobile Computing , 2002 .

[23]  Haralambos Mouratidis,et al.  Integrating Security and Software Engineering: Advances and Future Visions , 2006 .

[24]  Mario Piattini,et al.  Security Requirements Engineering Process for Software Product Lines: A Case Study , 2008, 2008 The Third International Conference on Software Engineering Advances.

[25]  Theodora Varvarigou,et al.  MOBILE GRID COMPUTING: CHANGES AND CHALLENGES OF RESOURCE MANAGEMENT IN A ΜOBILE GRID ENVIRONMENT , 2003 .

[26]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[27]  David De Roure,et al.  A Grid Service Infrastructure for Mobile Devices , 2005, 2005 First International Conference on Semantics, Knowledge and Grid.

[28]  A Min Tjoa,et al.  First International Conference on Availability, Reliability and Security (ARES´06) , 2006 .

[29]  Eduardo Fernández-Medina,et al.  Reusable security use cases for mobile grid environments , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.

[30]  Mario Piattini,et al.  Security Requirements for Web Services based on SIREN , 2005 .

[31]  Mario Piattini,et al.  Engineering Process Based on Grid Use Cases for Mobile Grid Systems , 2008, ICSOFT.

[32]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[33]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[34]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[35]  Jack Dongarra,et al.  Scheduling in the Grid application development software project , 2004 .

[36]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[37]  Andrea D'Ambrogio,et al.  A UML profile for modeling software applications based on grid services , 2008, ICSE 2008.

[38]  Ruth Breu,et al.  Security-critical system development with extended use cases , 2003, Tenth Asia-Pacific Software Engineering Conference, 2003..

[39]  Mario Piattini,et al.  Obtaining Security Requirements for a Mobile Grid System , 2009, Int. J. Grid High Perform. Comput..

[40]  Mario Marchisio European Grid Conference (EGC) 2005 , 2005 .

[41]  Andreas L. Opdahl,et al.  Capturing Security Requirements through Misuse Cases , 2001 .

[42]  Ruth Breu,et al.  Key Issues of a Formally Based Process Model for Security Engineer-ing , 2003 .

[43]  Jan Jürjens,et al.  Towards Development of Secure Systems Using UMLsec , 2001, FASE.

[44]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[45]  Sushil Jajodia,et al.  Model-Driven Development for secure information systems , 2009, Inf. Softw. Technol..

[46]  Ivar Jacobson,et al.  The Unified Software Development Process , 1999 .

[47]  Eduardo Fernández-Medina,et al.  Applying a UML Extension to Build Use Cases Diagrams in a Secure Mobile Grid Application , 2009, ER Workshops.

[48]  Nicolas Sklavos,et al.  State-of-the-Art Security in Grid Computing , 2007 .

[49]  David A. Basin,et al.  Model driven security for process-oriented systems , 2003, SACMAT '03.

[50]  Asoke Talukder,et al.  Mobile Computing , 2006 .

[51]  Sungyoung Lee,et al.  Mobile-to-Grid Middleware: Bridging the Gap Between Mobile and Grid Environments , 2005, EGC.

[52]  R. M. Kolonay Grid interactive service-oriented programming environment , 2004 .

[53]  Felix Bachmann,et al.  Security and Survivability Reasoning Frameworks and Architectural Design Tactics , 2004 .

[54]  Nancy R. Mead Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method , 2007 .

[55]  Janet Truitt Jenkins,et al.  Pragmatic Security for Constrained Wireless Networks , 2007 .

[56]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.