Towards a Better Integration of Patterns in Secure Component-Based Systems Design

Security has become an important challenge in current software and system development. Most of designers are experts in software development but not experts in security. It is important to guide them to decide how and where to apply security mechanisms in the early phases of software development to reduce time and cost of development. To reach this objective, we propose to apply security expertise as security patterns at software design phase. Our methodology is based on the use of a component metamodel to capture the domain concepts and security patterns to encode solutions to security problem. The expected result is a model as design solution for specific domain. Here, we promote a modeling technique based on UML profiles to facilitate the integration of patterns solutions into model driven engineering approach (MDE). As a proof of concept, we illustrate the methodology to produce an UML profile associated with RBAC security pattern. A case study of GPS system is also provided to demonstrate the application of generated profile.

[1]  Lidia Fuentes-Fernández,et al.  An Introduction to UML Profiles , 2004 .

[2]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[3]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[4]  Clemens A. Szyperski,et al.  Component software - beyond object-oriented programming , 2002 .

[5]  Eduardo B. Fernández,et al.  A Pattern System for Access Control , 2004, DBSec.

[6]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[7]  Hafedh Mili,et al.  A model-driven framework for representing and applying design patterns , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[8]  Jean-Marc Jézéquel,et al.  ≪UML≫ 2002 — The Unified Modeling Language , 2002, Lecture Notes in Computer Science.

[9]  Peter Kajsa,et al.  Design Patterns Instantiation Based on Semantics and Model Transformations , 2009, SOFSEM.

[10]  Douglas C. Schmidt,et al.  Guest Editor's Introduction: Model-Driven Engineering , 2006, Computer.

[11]  Ken Frazer,et al.  Building secure software: how to avoid security problems the right way , 2002, SOEN.

[12]  Wang Huai-Min,et al.  Research and Implementation of Design Pattern-Oriented Model Transformation , 2007, 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI'07).

[13]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[14]  Markus Schumacher,et al.  Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[15]  Bernhard Rumpe,et al.  SOFSEM 2010: Theory and Practice of Computer Science, 36th Conference on Current Trends in Theory and Practice of Computer Science, Spindleruv Mlýn, Czech Republic, January 23-29, 2010. Proceedings , 2010, SOFSEM.

[16]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[17]  Stephen S. Yau,et al.  Integration in component-based software development using design patterns , 2000, Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000.

[18]  Jean Bézivin,et al.  Towards a precise definition of the OMG/MDA framework , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[19]  Paddy Nixon,et al.  Automated software evolution towards design patterns , 2001, IWPSE '01.

[20]  Max Jacobson,et al.  A Pattern Language: Towns, Buildings, Construction , 1981 .