Aspect-Oriented Risk Driven Development of Secure Applications

  • Geri Georg
  • Siv Hilde Houmb
  • Indrakshi Ray
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4127)


Security breaches seldom occur because of faulty security mechanisms. Often times, security mechanisms are incorrectly incorporated in an application which allows them to be bypassed resulting in a security breach. Methodologies are needed for incorporating security mechanisms in an application and assessing whether the resulting system is indeed secure. We propose one such methodology for designing secure applications. We begin by identifying the assets in the application that need protection. We then find the kinds of attacks that are typical for such applications. We show how to evaluate the application against such attacks. If the results are unacceptable, that is, they pose a high security risk, then some security mechanism must be incorporated into the application. We illustrate how this can be done and show how the resulting system can be evaluated to give assurance that it is resilient to the given attack.


Primary Model Sequence Diagram Security Mechanism Signed Message Secure Application 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Australian/New Zealand Standards. AS/NZS 4360:2004 Risk Management (2004)Google Scholar
  2. 2.
    Australian/New Zealand Standards. HB 436:2004 Risk Management Guidelines – Companion to AS/NZS 4360:2004 (2004)Google Scholar
  3. 3.
    Barber, B., Davey, J.: The Use of the CCTA Risk Analysis and Management Methodology CRAMM in Health Information Systems. In: Lun, K.C., Degoulet, P., Piemme, T.E., Rienhoff, O. (eds.) Proceedings of MEDINFO 1992, pp. 1589–1593. North Holland Publishing Co., Amsterdam (1992)Google Scholar
  4. 4.
    Clarke, S.: Extending standard UML with model composition semantics. Science of Computer Programming 44(1), 71–100 (2002)CrossRefMATHGoogle Scholar
  5. 5.
    Clarke, S., Banaissad, E.: Aspect-oriented analysis and design. Addison-Wesley Professional, Boston (2005)Google Scholar
  6. 6.
    ISO 15408:1999 Common Criteria for Information Technology Security Evaluation. Version 2.1, CCIMB–99–031, CCIMB-99-032, CCIMB-99-033 (August 1999)Google Scholar
  7. 7.
    CORAS. IST-2000-25031 CORAS: A Platform for risk analysis of security critical systems. (2000-2003) (accessed February 18, 2006),
  8. 8.
    France, R., Dim, D.-K., Ghosh, S., Song, E.: A UML-based pattern specification technique. IEEE Transactions on Software Engineering 3(30), 193–206 (2004)CrossRefGoogle Scholar
  9. 9.
    France, R., Ray, I., Georg, G., Ghosh, S.: Aspect–oriented approach to design modeling. IEE Proceedings on Software 4(151), 173–185 (2004)CrossRefGoogle Scholar
  10. 10.
    TLS: Network Working Group. The TLS Protocol Version 1.0, RFC 2246 (January 1999)Google Scholar
  11. 11.
    Houmb, S.H., Georg, G., France, R., Bieman, J., Jürjens, J.: Cost-benefit trade-off analysis using bbn for aspect-oriented risk-driven development. In: Proceedings of Tenth IEEE International Conference on Engineering of Complex Computer Systems (ICECCS 2005), pp. 195–204 (June 2005)Google Scholar
  12. 12.
    Houmb, S.H., Georg, G.: The Aspect-Oriented Risk-Driven Development (AORDD) Framework. In: Benediktsson, O., et al. (eds.) Proceedings of the International Conference on Software Development (SWDC–REX), SWDC–REX Conference Proceedings, Gutenberg, pp. 81–91 (2005)Google Scholar
  13. 13.
    International Organization for Standardization (ISO/IEC). ISO/IEC 17799:2000 Information technology – Code of Practice for information security management (2000)Google Scholar
  14. 14.
    International Organization for Standardization (ISO/IEC). ISO/IEC TR 13335:2001 Information technology – Guidelines for management of IT Security (2001)Google Scholar
  15. 15.
    Jacobson, I.: Case for aspects – Part I. Software Development Magazine, 32–37 (October 2003)Google Scholar
  16. 16.
    Jacobson, I.: Case for aspects – Part II. Software Development Magazine, 42–48 (November 2003)Google Scholar
  17. 17.
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)MATHGoogle Scholar
  18. 18.
    Kasman, R., Asundi, J., Klein, M.: Making architecture design decisions: an economic approachn. Technical report CMU/SEI-2002-TR-035, CMU/SEI (2002),
  19. 19.
    Kazman, R., Klein, M., Clements, P.: Atam: method for architecture evaluation. Technical report CMU/SEI-2000-TR-004, CMU/SEI (2000),
  20. 20.
    Kiczales, G., Hilsdale, E., Hugunin, J., Kersten, M., Palm, J., Griswold, W.: Getting stared with aspectj. Communications of the ACM 10(44), 59–65 (2001)CrossRefMATHGoogle Scholar
  21. 21.
    Stølen, K., den Braber, F., Dimitrakos, T., Fredriksen, R., Gran, B.A., Houmb, S.H., Stamatiou, Y.C., Aagedal, J.Ø.: Model–based risk assessment in a component-based software engineering process: The CORAS approach to identify security risks. In: Barbier, F. (ed.) Business Component-Based Software Engineering, pp. 189–207. Kluwer, Dordrecht (2002)Google Scholar
  22. 22.
    Straw, G., Georg, G., Song, E., Ghosh, S., France, R., Bieman, J.: Model composition directives. In: Baar, T., Strohmeier, A., Moreira, A., Mellor, S.J. (eds.) UML 2004. LNCS, vol. 3273, pp. 84–97. Springer, Heidelberg (2004)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Geri Georg
    • 1
  • Siv Hilde Houmb
    • 2
  • Indrakshi Ray
    • 1
  1. 1.Computer Science DepartmentColorado State UniversityFort CollinsUSA
  2. 2.Computer Science DepartmentNorwegian University of Science and TechnologyTrondheimNorway

Personalised recommendations