Defining Re-usable Composite Aspect Patterns: An FDAF Based Approach

  • Kun Tian
  • Kendra M. L. Cooper
  • Kunwu Feng
  • Yan Tang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5333)


Architecting secure systems is an important and challenging problem. Solutions to model individual, or atomic, security capabilities have been proposed, including security patterns, component based, aspect-oriented, and service-oriented approaches. However, little work is available on how to model reusable compositions of security capabilities, where the security capabilities interact with each other and other parts of the system design. Here, an aspect-oriented approach to modeling composite aspects is presented. The approach is defined as an extension to the Formal Design Analysis Framework (FDAF). The FDAF metamodel is extended to support the static representation of composite aspects and an approach to defining the compositions is introduced. A composite aspect that provides Account Lockout with Selective Event Logging (ALSEL) capabilities is used as an example.


Software Architecture Security Software Design and Analysis Formal Design and Analysis Framework Aspect Reuse Aspect Composition 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dai, L.: Formal Design Analysis Framework: An Aspect-Oriented Architectural Framework. Ph.D. thesis, The University of Texas at Dallas (2005)Google Scholar
  2. 2.
    Security Pattern Repository,
  3. 3.
    Zhang, J., Li, F., Yang: Aspect-Oriented Requirements Modeling. In: Proceedings of the 31st IEEE Software Engineering Workshop, pp. 35–50 (2007)Google Scholar
  4. 4.
    Bass, L., Klein, M., Northrop, L.: Identifying aspects using Architectural Reasoning. In: Proceedings of Early Aspects 2004: Aspect-Oriented Requirements Engineering and Architecture Design Workshop (2004)Google Scholar
  5. 5.
    Kulesza, U., Garcia, A., Lucena, C.: Generating Aspect-Oriented Agent Architectures. In: Proceedings of the 3rd Workshop on Early Aspects, 3rd Int. Conf. on Aspect-Oriented Software Development (2004)Google Scholar
  6. 6.
    Tekinerdogan, B.: ASAAM: Aspectual Software Architecture Analysis Method. In: Proceedings of WICSA 4th Working IEEE/IFIP Conf. on Software Architecture, pp. 5–14 (2004)Google Scholar
  7. 7.
    Sutton, S., Rouvellou, I.: Modeling of Software Concerns in Cosmos. In: Proceedings of First Aspect-Oriented Software Development Conf., pp. 127–134 (2003)Google Scholar
  8. 8.
    de Paula, V., Batista, T.: Revisiting a Formal Framework for Modeling Aspects in the Design Phase. In: Proceedings of the Early Aspects at ICSE: Workshops in Aspect-Oriented Requirements Engineering and Architecture Design (2007)Google Scholar
  9. 9.
    Sun, W., Dai, Z.: AOSAM: A Formal Framework for Aspect-Oriented Software Architecture Specifications. In: Proceedings of the Int. Conf. on Software Engineering and Applications (2004)Google Scholar
  10. 10.
    Georg, G., France, R., Ray, I.: An Aspect-Based Approach to Modeling Security Concerns. In: Proceedings of Workshop on Critical Systems Development with UML, pp. 107–120 (2002)Google Scholar
  11. 11.
    Yu, H., et al.: Secure Software Architectures Design by Aspect Orientation. In: Proceedings of Tenth Int. Conf. on Engineering of Complex Computer Systems, pp. 45–57 (2005)Google Scholar
  12. 12.
    Shah, V., Hill, F.: An Aspect-Oriented Security Framework: Lessons Learned. In: Proceedings of AOSD Techn. for Application-Level Security, AOSDSEC (2004)Google Scholar
  13. 13.
    Bussard, L., Carver, L., Ernst, E., Jung, M., Robillard, M., Speck, A.: Safe Aspect Composition. In: Proceedings of Workshop on Aspects and Dimensions of Concern at ECOOP 2000 (2000)Google Scholar
  14. 14.
    Nagy, I., Bergmans, L., Aksit, M.: Composing Aspects at Shared Join Points. Technical report, NODe/GSEM 2005: 19–38, University of Twente (2005)Google Scholar
  15. 15.
    Griss, M.L.: Implementing Product-line Features by Composing Aspects. In: Proceedings of the first conf. on Software product lines, pp. 271–288 (2000)Google Scholar
  16. 16.
    Constantinides, C.A., Bader, A., Elrad, T.: An Aspect-Oriented Design Framework for Concurrent Systems. In: Guerraoui, R. (ed.) ECOOP 1999. LNCS, vol. 1628, Springer, Heidelberg (1999)Google Scholar
  17. 17.
    Rhoton, J.: Programmer’s Guide to Internet Mail, 1st edn. Digital Press, Boston (2000)Google Scholar
  18. 18.
    Filman, R.E., Elrad, T., Clarke, S., Aksit, M.: Aspect-Oriented Software Development. Addison-Wesley, Reading (2004)Google Scholar
  19. 19.
    OASIS security assertion markup language (SAML) V1.1. Committee specification,
  20. 20.
    Leune, K., Papazoglou, M., van den Heuvel, W.-J.: Specification and querying of security constraints in the EFSOC framework. In: Proceedings of the 2nd int. conf. on Service oriented computing (2004)Google Scholar
  21. 21.
    Kark, K., Stamp, P., Penn, J., Dill, A.: Calculating the Cost of A Security Breach, Technical report, Forrester Research, Inc. (2007)Google Scholar
  22. 22.
    Beck, K.: Implementation Patterns. Addison-Wesley, Reading (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Kun Tian
    • 1
  • Kendra M. L. Cooper
    • 1
  • Kunwu Feng
    • 1
  • Yan Tang
    • 1
  1. 1.Department of Computer ScienceThe University of Texas at DallasRichardsonUSA

Personalised recommendations