论文信息 - Model-Driven Security Patterns Application Based on Dependences among Patterns

Model-Driven Security Patterns Application Based on Dependences among Patterns

The spread of open-software services through the Internet increases the importance of security. A security pattern is one of the techniques in which developers utilize security experts’ knowledge. Security patterns contain typical solutions about security problems. However there is a possibility that developers may apply security patterns in inappropriate ways due to a lack of consideration on dependencies among patterns. Application techniques of security patterns that consider such dependencies have not been proposed yet. In this paper, we propose an automated application technique of security patterns in model driven software development by defining applications procedures of security patterns to models as model transformation rules with consideration for pattern dependencies. Our technique prevents inappropriate applications such as the application of security patterns to wrong model elements and that in wrong orders. Therefore our technique supports developers apply security patterns to their own models automatically in appropriate ways.

[1] Axel Uhl,et al. Model-Driven Architecture , 2002, OOIS Workshops.

[2] David A. Basin,et al. SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[3] Markus Schumacher,et al. Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.

[4] Markus Schumacher. 8. A Theoretical Model for Security Patterns , 2003 .

[5] Jan Jürjens,et al. Secure systems development with UML , 2004 .

[6] Andreas L. Opdahl,et al. Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[7] Atsuhiro Takasu,et al. Extracting Relations among Embedded Software Design Patterns , 2005, Trans. SDPS.

[8] Ketil Stølen,et al. What is model driven architecture , 2003 .

[9] Till Dörges,et al. From security patterns to implementation using petri nets , 2008, SESS '08.

[10] Hironori Washizaki,et al. A survey on security patterns , 2008 .

[11] Yijun Yu,et al. Enforcing a security pattern in stakeholder goal models , 2008, QoP '08.