Security solution frames and security patterns for authorization in distributed, collaborative systems

The design of an authorization infrastructure is one of the most important aspects of engineering a secure software system. Unlike other system types, distributed systems - and especially distributed collaborative systems - can require custom, fine-grained authorization models and enforcement approaches that are able to take into account a range of semantic subtleties. In this paper we present a comprehensive, pattern-oriented software engineering approach to authorization for general distributed systems - with particular applicability to distributed collaborative systems - that allows developers to build custom, application-specific conceptual authorization models in a simple yet extensible manner, and to make informed decisions regarding their enforcement in software, as well as how their supporting rule/policy infrastructure should be designed. Our authorization approach is embodied in two instances of a new pattern-based security engineering construct called a security solution frame, which groups together related patterns - both security "product" and micro-process patterns - in different sub-structures, horizontally and vertically, for a single high-level security policy (in our case authorization and policy management). By applying specific micro-process patterns in each solution frame, developers are guided in using relevant "product" patterns to progressively construct a distributed authorization infrastructure - from abstract concepts toward concrete designs, via a number of levels of abstraction implying solution refinement and corresponding to stages of the development life-cycle. The summary-form "product" patterns encapsulated in each frame also help developers to form a holistic, "global" view when analyzing existing infrastructures. We illustrate and evaluate the proposal in the context of greenfield system development by applying our solution frames to design the authorization infrastructure of a (new) distributed system for secure file sharing and collaborative editing; and also use our solution frames to briefly analyze and capture the design decisions underlying two existing distributed authorization infrastructures: one based on UCON for collaborative Grid systems and another based on ZBAC for SOA-based systems.

[1]  W. Keith Edwards,et al.  Putting computing in context: An infrastructure to support extensible context-enhanced collaborative applications , 2005, TCHI.

[2]  Eduardo B. Fernandez,et al.  A Comprehensive Pattern-Driven Security Methodology for Distributed Systems , 2014, 2014 23rd Australian Software Engineering Conference.

[3]  Robert O. Briggs,et al.  Modifiers: Increasing Richness and Nuance of Design Pattern Languages , 2008, EuroPLoP.

[4]  Jiang Liu,et al.  Conflicts analysis and resolution for access control policies , 2010, 2010 IEEE International Conference on Information Theory and Information Security.

[5]  Eduardo B. Fernandez,et al.  Patterns for session-based access control , 2006, PLoP '06.

[6]  Jie Wu,et al.  Patterns for access control in distributed systems , 2007, PLOP '07.

[7]  W. Keith Edwards,et al.  Policies and roles in collaborative applications , 1996, CSCW '96.

[8]  Mario Piattini,et al.  Security patterns and requirements for internet-based applications , 2006, Internet Res..

[9]  Jean Bacon,et al.  Access Control in Distributed Systems , 2004 .

[10]  Wouter Joosen,et al.  A system of security patterns , 2006 .

[11]  Svein J. Knapskog,et al.  Proceedings of the 1st International Workshop on Security and Communication Networks (IWSCN 2009) , 2010 .

[12]  Lingyu Wang,et al.  Aspect-Oriented Modeling for Representing and Integrating Security Concerns in UML , 2010, SERA.

[13]  Douglas R. Stinson,et al.  On the Construction of Practical Key Predistribution Schemes for Distributed Sensor Networks Using Combinatorial Designs , 2008, TSEC.

[14]  Anne-Marie Kermarrec,et al.  XL peer-to-peer pub/sub systems , 2013, ACM Comput. Surv..

[15]  Wolfgang Nejdl,et al.  Rule-based Policy Specification , 2007, Secure Data Management in Decentralized Systems.

[16]  Frank Buschmann,et al.  Pattern-Oriented Software Architecture, a Pattern Language for Distributed Computing , 2007 .

[17]  William J Buchanan Distributed Systems and Networks , 2000 .

[18]  Simon S. Lam,et al.  A framework for distributed authorization , 1993, Conference on Computer and Communications Security.

[19]  Sushil Jajodia,et al.  Access Control Policies and Languages in Open Environments , 2007, Secure Data Management in Decentralized Systems.

[20]  Jacques Klein,et al.  Advances in Model-Driven Security , 2014, Adv. Comput..

[21]  Min Xu,et al.  A trusted decentralized access control framework for the client/server architecture , 2010, J. Netw. Comput. Appl..

[22]  Joan Feigenbaum,et al.  The Role of Trust Management in Distributed Systems Security , 2001, Secure Internet Programming.

[23]  Hossein Saiedian,et al.  Secure Software Engineering: Learning from the Past to Address Future Challenges , 2009, Inf. Secur. J. A Glob. Perspect..

[24]  Markus Schumacher,et al.  Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.

[25]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[26]  Gustavo Alonso,et al.  Understanding replication in databases and distributed systems , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[27]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[28]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[29]  Hannah K. Lee Unraveling decentralized authorization for multi-domain collaborations , 2007, 2007 International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2007).

[30]  Hernán Astudillo,et al.  Should we use tactics or patterns to build secure systems , 2012 .

[31]  Bernard Pavard,et al.  Design of cooperative systems in complex dynamic environments , 1995 .

[32]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture Volume 1: A System of Patterns , 1996 .

[33]  B. F. Castro Buschmann, Frank; Meunier, Regine; Rohnert, Hans; Sommerlad, Peter; Stal, Michael. Pattern-oriented software architecture: a system of patterns, John Wiley & Sons Ltd, 1996 , 1997 .

[34]  Michiharu Kudo,et al.  Access Control Policy Languages in XML , 2008, Handbook of Database Security.

[35]  Paul Ashley,et al.  Practical Intranet Security: Overview of the State of the Art and Available Technologies , 1999 .

[36]  D. M. Hutton,et al.  Process Patterns: Building Large‐Scale Systems Using Object Technology , 1999 .

[37]  Eduardo Fernandez-Buglioni,et al.  Security Patterns in Practice: Designing Secure Architectures Using Software Patterns , 2013 .

[38]  James C. Browne,et al.  On classifying access control implementations for distributed systems , 2006, SACMAT '06.

[39]  Christian Damsgaard Jensen,et al.  A unified security framework for networked applications , 2003, SAC '03.

[40]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[41]  Paulo S. C. Alencar,et al.  A uniform approach for access control and business models with explicit rule realization , 2015, International Journal of Information Security.

[42]  Jan Jürjens,et al.  Rubacon: automated support for model-based compliance engineering , 2008, ICSE '08.

[43]  Vijay Varadharajan,et al.  Authorization in enterprise-wide distributed system: a practical design and application , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[44]  Brian Henderson-Sellers,et al.  Situational Method Engineering: State-of-the-Art Review , 2010, J. Univers. Comput. Sci..

[45]  Ravi S. Sandhu,et al.  Engineering authority and trust in cyberspace: the OM-AM and RBAC way , 2000, RBAC '00.

[46]  David M. Eyers,et al.  Access Control in Decentralised Publish/Subscribe Systems , 2007, J. Networks.

[47]  Alan H. Karp,et al.  Solving the Transitive Access Problem for the Services Oriented Architecture , 2010, 2010 International Conference on Availability, Reliability and Security.

[48]  Rick Kazman,et al.  A Methodology for Mining Security Tactics from Security Patterns , 2010, 2010 43rd Hawaii International Conference on System Sciences.

[49]  Samuel Marchal,et al.  Know Your Phish: Novel Techniques for Detecting Phishing Sites and Their Targets , 2015, 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS).

[50]  Eduardo B. Fernández,et al.  A comprehensive pattern-oriented approach to engineering security methodologies , 2015, Inf. Softw. Technol..

[51]  Mourad Debbabi,et al.  Security Design Patterns: Survey and Evaluation , 2006, 2006 Canadian Conference on Electrical and Computer Engineering.

[52]  Raphael C.-W. Phan Review of Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd Edition by Ross J. Anderson , 2009, Cryptologia.

[53]  Luis A. Guerrero,et al.  A pattern system for the development of collaborative applications , 2001, Inf. Softw. Technol..

[54]  Vipin Chaudhary,et al.  History-based access control for mobile code , 1998, CCS '98.

[55]  Steve Barker,et al.  GPF: A General Policy Framework , 2011, 2011 IEEE International Symposium on Policies for Distributed Systems and Networks.

[56]  Klaas Sikkel,et al.  User-Oriented Authorization in Collaborative Environments , 1998 .

[57]  Claudia-Lavinia Ignat,et al.  A Contract-Extended Push-Pull-Clone Model for Multi-Synchronous Collaboration , 2012, Int. J. Cooperative Inf. Syst..

[58]  Mario Piattini,et al.  A UML 2.0 profile to define security requirements for Data Warehouses , 2009, Comput. Stand. Interfaces.

[59]  Shihong Huang,et al.  A set of courses for teaching secure software development , 2006, 19th Conference on Software Engineering Education and Training Workshops (CSEETW'06).

[60]  Prasun Dewan,et al.  Flexible meta access-control for collaborative applications , 1998, CSCW '98.

[61]  Uwe van Heesch,et al.  Combining Architectural Patterns and Software Technologies in one Design Language , 2012 .

[62]  Mario Cannataro,et al.  Protein-to-protein interactions: Technologies, databases, and algorithms , 2010, CSUR.

[63]  Zora Konjovic,et al.  PolicyDSL: Towards generic access control management based on a policy metamodel , 2013, 2013 IEEE 12th International Conference on Intelligent Software Methodologies, Tools and Techniques (SoMeT).

[64]  Fabio Martinelli,et al.  Usage control in computer security: A survey , 2010, Comput. Sci. Rev..

[65]  Patrick D. McDaniel,et al.  On context in authorization policy , 2003, SACMAT '03.

[66]  Simon Edward Parkin,et al.  Architecting Dependable Access Control Systems for Multi-domain Computing Environments , 2008, WADS.

[67]  Mario Piattini,et al.  Systematic design of secure Mobile Grid systems , 2011, J. Netw. Comput. Appl..

[68]  Fabio Massacci,et al.  The Role of Catalogues of Threats and Security Controls in Security Risk Assessment: An Empirical Study with ATM Professionals , 2015, REFSQ.

[69]  Stavros A. Koubias,et al.  A dynamic context-aware access control architecture for e-services , 2006, Comput. Secur..

[70]  Eduardo B. Fernández,et al.  An authorization model for a shared data base , 1975, SIGMOD '75.

[71]  Eduardo B. Fernandez,et al.  The credentials pattern , 2006, PLoP '06.

[72]  Vijay Karamcheti,et al.  dRBAC: distributed role-based access control for dynamic coalition environments , 2002, Proceedings 22nd International Conference on Distributed Computing Systems.

[73]  Ravi S. Sandhu,et al.  The PEI framework for application-centric security , 2009, 2009 Proceedings of the 1st International Workshop on Security and Communication Networks.

[74]  A. Karp,et al.  From ABAC to ZBAC : The Evolution of Access Control Models , 2009 .

[75]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[76]  Simin Hall,et al.  Fundamental features of a unified trust model for distributed systems , 2011, Proceedings of the 2011 IEEE National Aerospace and Electronics Conference (NAECON).

[77]  Feike W. Dillema,et al.  A Decentralized Authorization Architecture , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[78]  Eduardo B. Fernández,et al.  Secure Middleware Patterns , 2012, CSS.

[79]  Ravi S. Sandhu,et al.  Roles in information security - A survey and classification of the research area , 2011, Comput. Secur..

[80]  Uwe Zdun,et al.  Remoting patterns - foundations of enterprise, internet and realtime distributed object middleware , 2004, Wiley series in software design patterns.

[81]  Paul Dourish,et al.  Towards an architectural treatment of software security , 2005 .

[82]  Philippe Lalanda Thomson Shared repository pattern , 1998 .

[83]  Eduardo B. Fernández,et al.  Securing distributed systems using patterns: A survey , 2012, Comput. Secur..

[84]  Yi Pan,et al.  Trust and Security in Collaborative Computing , 2008, Computer and Network Security.

[85]  Pascal Molli,et al.  Building a collaborative peer-to-peer wiki system on a structured overlay , 2010, Comput. Networks.

[86]  Denis Pinkas,et al.  SESAME: The solution to security for open distributed systems , 1994, Comput. Commun..

[87]  Vijayalakshmi Atluri,et al.  The Policy Machine: A novel architecture and framework for access control policy specification and enforcement , 2011, J. Syst. Archit..

[88]  Xiaoyang Sean Wang,et al.  Authorization in trust management: Features and foundations , 2008, CSUR.

[89]  Alan H. Karp,et al.  Access control for the services oriented architecture , 2007, SWS '07.

[90]  Claudio Gutierrez,et al.  Survey of graph database models , 2008, CSUR.

[91]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[92]  Jia-Guang Sun,et al.  Task-activity based access control for process collaboration environments , 2009, Comput. Ind..

[93]  Eduardo B. Fernández,et al.  Decomposing Distributed Software Architectures for the Determination and Incorporation of Security and Other Non-functional Requirements , 2013, 2013 22nd Australian Software Engineering Conference.

[94]  Michaël Rusinowitch,et al.  Practical access control management for distributed collaborative editors , 2014, Pervasive Mob. Comput..

[95]  Vijayalakshmi Atluri,et al.  Symposium on Access Control Models and Technologies - SACMAT 2012 , 2012 .

[96]  Antonio Maña,et al.  Security Patterns, Towards a Further Level , 2009, SECRYPT.

[97]  Ruth Breu,et al.  Security engineering for service-oriented architectures , 2008 .

[98]  Eduardo B. Fernández,et al.  Engineering Security into Distributed Systems: A Survey of Methodologies , 2012, J. Univers. Comput. Sci..

[99]  Klaus Renzel,et al.  A pattern language , 2011 .

[100]  Luis A. Guerrero,et al.  Designing the Communications Infrastructure of Groupware Systems , 2002, CRIWG.

[101]  Holger Schmidt A pattern- and component-based method to develop secure software , 2010 .

[102]  Selim G. Akl,et al.  Adaptive Cryptographic Access Control , 2010, Advances in Information Security.

[103]  Rogério de Lemos,et al.  Architecting Dependable Systems VI , 2009, WADS.

[104]  Sabrina De Capitani di Vimercati,et al.  Access Control Policies, Models, and Mechanisms , 2011, Encyclopedia of Cryptography and Security.

[105]  Marianne Winslett,et al.  Automated Trust Negotiation in Open Systems , 2007, Secure Data Management in Decentralized Systems.

[106]  Bill Whyte,et al.  State of Practice in Secure Software: Experts’ Views on Best Ways Ahead , 2011 .

[107]  Kamel Adi,et al.  UACML: Unified Access Control Modeling Language , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[108]  Duncan A. Grove,et al.  An Overview of the Annex System , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[109]  Eduardo B. Fernández,et al.  ASE: A comprehensive pattern-driven security methodology for distributed systems , 2014, Comput. Stand. Interfaces.

[110]  Emil C. Lupu,et al.  Conflicts in Policy-Based Distributed Systems Management , 1999, IEEE Trans. Software Eng..

[111]  Ralph E. Johnson,et al.  Growing a pattern language (for security) , 2012, Onward! 2012.

[112]  Eduardo B. Fernandez,et al.  Security patterns in practice : designing secure architectures using software patterns , 2013 .

[113]  Vivy Suhendra A Survey on Access Control Deployment , 2011, FGIT-SecTech.

[114]  Dirk Riehle Lessons Learned from Using Design Patterns in Industry Projects , 2011, Trans. Pattern Lang. Program..

[115]  Walter F. Tichy,et al.  Propagator: a family of patterns , 1997, Proceedings of TOOLS USA 97. International Conference on Technology of Object Oriented Systems and Languages.

[116]  Gregory A. Koenig,et al.  Clusters and security: distributed security for distributed systems , 2005, CCGrid 2005. IEEE International Symposium on Cluster Computing and the Grid, 2005..

[117]  Sabrina De Capitani di Vimercati,et al.  Recent Advances in Access Control , 2008, Handbook of Database Security.

[118]  Eduardo B. Fernández,et al.  A Pattern System for Access Control , 2004, DBSec.

[119]  Marianne Winslett,et al.  Traust: a trust negotiation-based authorization service for open systems , 2006, SACMAT '06.

[120]  Daniel Mellado,et al.  A systematic review of security requirements engineering , 2010, Comput. Stand. Interfaces.

[121]  Richard O. Sinnott,et al.  A review of grid authentication and authorization technologies and support for federated access control , 2011, CSUR.

[122]  Olaf Zimmermann,et al.  Extending a Secure System Development Methodology to SOA , 2007 .

[123]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[124]  Gary McGraw,et al.  On Bricks and Walls: Why Building Secure Software is Hard , 2002, Computers & security.

[125]  Marianne Winslett,et al.  Policy-Driven Distributed Authorization: Status and Prospects , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[126]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[127]  Karsten Sohr,et al.  Organizing Security Patterns Related to Security and Pattern Recognition Requirements , 2012 .

[128]  Eduardo B. Fernández,et al.  A Pattern-Driven Security Process for SOA Applications , 2008, ARES.

[129]  Jan de Muijnck-Hughes,et al.  Security Pattern Evaluation , 2014, 2014 IEEE 8th International Symposium on Service Oriented System Engineering.

[130]  Sabrina De Capitani di Vimercati,et al.  Access control: principles and solutions , 2003, Softw. Pract. Exp..

[131]  Hironori Washizaki,et al.  Abstract security patterns , 2008 .

[132]  Anton V. Uzunov,et al.  The Design and Implementation of Persistence in the Annex System , 2009 .

[133]  Vijay Varadharajan Distributed Authorization: principles and practice , 2002 .

[134]  Ravi S. Sandhu,et al.  Toward a Usage-Based Security Framework for Collaborative Computing Systems , 2008, TSEC.

[135]  Jan Jürjens Sound methods and effective tools for model-based security engineering with UML , 2005, ICSE '05.

[136]  George Spanoudakis,et al.  Security and Dependability for Ambient Intelligence , 2009, Security and Dependability for Ambient Intelligence.

[137]  Wei Zhou Access control model and policies for collaborative environments , 2008 .

[138]  Walter Zimmer,et al.  Relationships between design patterns , 1995 .

[139]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture , 1996 .

[140]  Roshan K. Thomas,et al.  Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments , 1997, RBAC '97.

[141]  Mario Piattini,et al.  Developing a Secure Mobile Grid System through a UML Extension , 2010, J. Univers. Comput. Sci..

[142]  Seng-Phil Hong,et al.  Access control in collaborative systems , 2005, CSUR.

[143]  Klaas Sikkel A Group-based Authorization Model for Cooperative Systems , 1997, ECSCW.

[144]  Elisa Bertino,et al.  Database security - concepts, approaches, and challenges , 2005, IEEE Transactions on Dependable and Secure Computing.

[145]  Manachai Toahchoodee,et al.  An aspect-oriented methodology for designing secure applications , 2009, Inf. Softw. Technol..

[146]  Roger Lee Software Engineering Research, Management and Applications 2010 , 2017 .

[147]  Prasun Dewan,et al.  Access control for collaborative environments , 1992, CSCW '92.

[148]  Peter Tandler,et al.  Architectural patterns for collaborative applications , 2006, Int. J. Comput. Appl. Technol..

[149]  Ranjita Bhagwan,et al.  Baaz: A System for Detecting Access Control Misconfigurations , 2010, USENIX Security Symposium.

[150]  G. Gheorghiu,et al.  Authorization for metacomputing applications , 1998, Proceedings. The Seventh International Symposium on High Performance Distributed Computing (Cat. No.98TB100244).

[151]  Eduardo B. Fernández,et al.  Patterns and Pattern Diagrams for Access Control , 2008, TrustBus.

[152]  Alexander Pretschner,et al.  Distributed usage control , 2006, CACM.

[153]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture: A System of Patterns: John Wiley & Sons , 1987 .

[154]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[155]  Steve Barker The next 700 access control models or a unifying meta-model? , 2009, SACMAT '09.

[156]  Anton V. Uzunov A survey of security solutions for distributed publish/subscribe systems , 2016, Comput. Secur..

[157]  Eduardo B. Fernandez,et al.  Database Security and Integrity , 1981 .

[158]  Luigi Logrippo,et al.  Concrete- and abstract-based access control , 2011, International Journal of Information Security.

[159]  Ravi S. Sandhu,et al.  The authorization leap from rights to attributes: maturation or chaos? , 2012, SACMAT '12.

[160]  Antonio Maña,et al.  Representation of Security and Dependability Solutions , 2009, Security and Dependability for Ambient Intelligence.

[161]  Abhijit Belapurkar,et al.  Distributed Systems Security: Issues, Processes and Solutions , 2009 .

[162]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[163]  Robert Johansen,et al.  Groupware: Computer Support for Business Teams , 1988 .

[164]  J. Hogg Web service security : scenarios, patterns, and implementation guidance for Web services enhancements (WSE) 3.0 , 2005 .

[165]  Jon Whittle,et al.  A Survey of Approaches to Adaptive Application Security , 2007, International Workshop on Software Engineering for Adaptive and Self-Managing Systems (SEAMS '07).

[166]  Achim D. Brucker,et al.  Extending access control models with break-glass , 2009, SACMAT '09.

[167]  Eduardo B. Fernandez,et al.  A pattern language for security models , 2001 .