An Extended Reference Monitor for Security and Safety

We present here a unified way to handle the combined enforcement of safety and security through the use of patterns, in particular through the concept of Reference Monitor. A Reference Monitor is an abstract mechanism that applies authorization rules to decide access. We first define an Extended Reference Monitor with reified decisions and then apply the idea to a dual monitor that can handle security and safety.

[1]  Haralambos Mouratidis,et al.  Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems , 2003, CAiSE.

[2]  David Cooper,et al.  SafSec: Commonalities Between Safety and Security Assurance , 2005, SSS.

[3]  George Spanoudakis,et al.  Security and Dependability for Ambient Intelligence , 2009, Security and Dependability for Ambient Intelligence.

[4]  Robert L. Nord,et al.  A general model of software architecture design derived from five industrial approaches , 2007, J. Syst. Softw..

[5]  Ivar Jacobson,et al.  The Unified Software Development Process , 1999 .

[6]  Eduardo B. Fernández,et al.  Eliciting Security Requirements through Misuse Activities , 2008, 2008 19th International Workshop on Database and Expert Systems Applications.

[7]  Nancy G. Leveson,et al.  Requirements Specification for Process-Control Systems , 1994, IEEE Trans. Software Eng..

[8]  Eduardo B. Fernández,et al.  Security Patterns for Physical Access Control Systems , 2007, DBSec.

[9]  Robert B. France,et al.  Formal specification of real-time dependable systems , 1995, Proceedings of First IEEE International Conference on Engineering of Complex Computer Systems. ICECCS'95.

[10]  Jan Jürjens,et al.  Towards a Comprehensive Framework for Secure Systems Development , 2006, CAiSE.

[11]  Nancy G. Leveson,et al.  Safeware: System Safety and Computers , 1995 .

[12]  Eduardo B. Fernández Security Patterns and A Methodology to Apply them , 2009, Security and Dependability for Ambient Intelligence.

[13]  Eduardo B. Fernández,et al.  A Pattern-Driven Security Process for SOA Applications , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[14]  Bashar Nuseibeh,et al.  Model-Based Security Engineering of Distributed Information Systems Using UMLsec , 2007, 29th International Conference on Software Engineering (ICSE'07).

[15]  Eduardo B. Fernández,et al.  Coordination of security levels for Internet architectures , 1999, Proceedings. Tenth International Workshop on Database and Expert Systems Applications. DEXA 99.

[16]  Matthias Tichy Pattern-Based Synthesis of Fault-Tolerant Embedded Systems , 2006 .

[17]  Lars Grunske Transformational patterns for the improvement of safety properties in architectural specification , 2003 .

[18]  Yunja Choi,et al.  Early Safety Analysis: from Use Cases to Component-based Software Development , 2007, J. Object Technol..

[19]  Eduardo B. Fernandez,et al.  A Methodology to Develop Secure Systems Using Patterns , 2006 .

[20]  Bev Littlewood,et al.  Redundancy and Diversity in Security , 2004, ESORICS.

[21]  Shihong Huang,et al.  Defining Security Requirements Through Misuse Actions , 2006, IFIP Workshop on Advanced Software Engineering.

[22]  Martin Naedele,et al.  Addressing IT Security for Critical Control Systems , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[23]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture Volume 1: A System of Patterns , 1996 .

[24]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[25]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[26]  Mats Per Erik Heimdahl,et al.  Safety and Software Intensive Systems: Challenges Old and New , 2007, Future of Software Engineering (FOSE '07).