A Modeling and Formal Approach for the Precise Specification of Security Patterns

Non-functional requirements such as Security and Dependability (S &D) become more important as well as more difficult to achieve. In fact, the integration of security features requires the availability of both application domain specific knowledge and security expertise at the same time. Hence, capturing and providing this expertise by the way of security patterns can support the integration of S&D features by design to foster reuse during the process of software system development. The solution envisaged here is based on combining metamodeling techniques and formal methods to represent security pattern at two levels of abstraction fostering reuse during the process of pattern development and during the process of pattern-based development. The contribution of this work is twofold: (1) An improvement of our previous pattern modeling language for representing security pattern in the form of a subsystem providing appropriate interfaces and targeting security properties, (2) Formal specification and validation of pattern properties, using the interactive Isabelle/HOL proof assistant. The resulting validation artifacts may mainly complete the definitions, and provide semantics for the interfaces and the properties in the context of S&D. As a result, validated patterns will be used as bricks to build applications through a Model-Driven engineering approach.

[1]  Alexander Chatzigeorgiou,et al.  A qualitative analysis of software security patterns , 2006, Comput. Secur..

[2]  Masakatsu Nishigaki,et al.  Trust Management IV - 4th IFIP WG 11.11 International Conference, IFIPTM 2010, Morioka, Japan, June 16-18, 2010. Proceedings , 2010, IFIPTM.

[3]  Markus Schumacher,et al.  Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.

[4]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[5]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[6]  Douglas C. Schmidt,et al.  Guest Editor's Introduction: Model-Driven Engineering , 2006, Computer.

[7]  Richard Zurawski,et al.  Embedded Systems Handbook , 2004 .

[8]  Kazutoshi Sumiya,et al.  An Interval Ranking Method of Multimedia Presentation based on Relative Query Keyword Position , 2007 .

[9]  Markus Schumacher,et al.  Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[10]  Tommi Mikkonen,et al.  Formalizing design patterns , 1998, Proceedings of the 20th International Conference on Software Engineering.

[11]  Carsten Rudolph,et al.  A Formal Notion of Trust - Enabling Reasoning about Security Properties , 2010, IFIPTM.

[12]  Massimo Felici,et al.  Using Security and Dependability Patterns for Reaction Processes , 2008, 2008 19th International Workshop on Database and Expert Systems Applications.

[13]  Stuart Kent,et al.  Model Driven Engineering , 2002, IFM.

[14]  Jacques D. Fleuriot,et al.  Diagrammatically-Driven Formal Verification of Web-Services Composition , 2012, Diagrams.

[15]  Haralambos Mouratidis,et al.  Software Engineering for Secure Systems: Industrial and Research Perspectives , 2010 .

[16]  Tobias Nipkow,et al.  Isabelle/HOL , 2002, Lecture Notes in Computer Science.

[17]  Brahim Hamid,et al.  Enforcing S&D pattern design in RCES with modeling and formal approaches , 2011, MODELS'11.

[18]  Reino Kurki-Suonio,et al.  DisCo specification language: marriage of actions and objects , 1991, [1991] Proceedings. 11th International Conference on Distributed Computing Systems.

[19]  Maritta Heisel,et al.  A Security Engineering Process based on Patterns , 2007, 18th International Workshop on Database and Expert Systems Applications (DEXA 2007).

[20]  Betty H. C. Cheng,et al.  Using Security Patterns to Model and Analyze Security Requirements , 2012 .

[21]  Amnon H. Eden,et al.  LePUS3: An Object-Oriented Design Description Language , 2008, Diagrams.

[22]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[23]  Uwe Zdun,et al.  Modeling architectural patterns using architectural primitives , 2005, OOPSLA '05.

[24]  Garry D. Coleman,et al.  Advancing the Standard , 1999 .

[25]  Raj Kamal Embedded Systems , 2014 .

[26]  Luciano Lavagno,et al.  Embedded Systems , 2005, Embedded Systems Handbook.

[27]  Bruce Powell Douglass,et al.  Real-time UML (2nd ed.): developing efficient objects for embedded systems , 1997 .

[28]  Sudipto Ghosh,et al.  A UML-Based Metamodeling Language to Specify Design Patterns , 2003 .

[29]  Jean-Marc Jézéquel,et al.  Precise Modeling of Design Patterns , 2000, UML.

[30]  Jean Bézivin,et al.  A MDE Based Approach for Bridging Formal Models , 2008, 2008 2nd IFIP/IEEE International Symposium on Theoretical Aspects of Software Engineering.

[31]  Mira Mezini,et al.  Pi: a Pattern Language , 2009, OOPSLA.

[32]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[33]  Jean-Marc Jézéquel,et al.  ≪UML≫ 2002 — The Unified Modeling Language , 2002, Lecture Notes in Computer Science.

[34]  Bruce Powel Douglass Real-time UML - developing efficient objects for embedded systems , 1997, Addison-Wesley object technology series.

[35]  Jan Jürjens,et al.  Using Security Patterns to Develop Secure Systems , 2011 .

[36]  Kevin Lano,et al.  Slicing of UML models using model transformations , 2010, MODELS'10.