A Novel Approach for the Development and Deployment of Security Patterns

In this paper, we address the problems related to the applicability and useability of security patterns. In this context, we propose a new approach based on aspect-oriented programming (AOP) for security patterns development, specification and deployment. Our approach allows the security experts to deliver their security patterns that describe the steps and actions required for security solutions, including detailed information on how and where to integrate each one of them. It also provides the pattern users with the capabilities to deploy well defined security solutions. The pattern users are required to have knowledge in AOP with minimal expertise in the corresponding security solution domain. Moreover, we design and implement the RBAC (Role Based Access Control) model for a Library Circulation system called RBAC-LB. The elaborated RBACLB model illustrates all the procedures and mechanisms of the approach phases and provides authentication/access control features for the library system.

[1]  Marius Iulian Mihailescu,et al.  Security Design Patterns , 2010 .

[2]  Jaime A. Pavlich-Mariscal,et al.  Enhancing UML to Model Custom Security Aspects [ Position Paper ] , 2007 .

[3]  Mira Mezini,et al.  Pi: a Pattern Language , 2009, OOPSLA.

[4]  Lufeng Zhang,et al.  Toward a Reusable and Generic Security Aspect Library , 2004 .

[5]  William G. Griswold,et al.  An Overview of AspectJ , 2001, ECOOP.

[6]  W. Marsden I and J , 2012 .

[7]  Mourad Debbabi,et al.  A High-level Aspect-oriented-based Framework for Software Security Hardening , 2008, Inf. Secur. J. A Glob. Perspect..

[8]  Lidia Fuentes,et al.  Elaborating UML 2 . 0 Profiles for AO Design ∗ , 2006 .

[9]  Mourad Debbabi,et al.  An aspect-oriented approach for the systematic security hardening of code , 2008, Comput. Secur..

[10]  Elisa Bertino,et al.  An Access-Control Framework for WS-BPEL , 2008, Int. J. Web Serv. Res..

[11]  Ricardo Dahab,et al.  Tropyc: A Pattern Language for Cryptographic Software , 1998 .

[12]  Joerg Evermann,et al.  A meta-level specification and profile for AspectJ in UML , 2007, J. Object Technol..

[13]  Mourad Debbabi,et al.  Towards an Aspect Oriented Approach for the Security Hardening of Code , 2007, 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07).

[14]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[15]  Bart De Win,et al.  Engineering application-level security through aspect-oriented software development , 2004 .