Abstract
Security has become an important challenge in current software and system development. Most of designers are experts in software development but not experts in security. It is important to guide them to decide how and where to apply security mechanisms in the early phases of software development to reduce time and cost of development. To reach this objective, we propose to apply security expertise as security patterns at software design phase. Our methodology is based on the use of a component metamodel to capture the domain concepts and security patterns to encode solutions to security problem. The expected result is a model as design solution for specific domain. Here, we promote a modeling technique based on UML profiles to facilitate the integration of patterns solutions into model driven engineering approach (MDE). As a proof of concept, we illustrate the methodology to produce an UML profile associated with RBAC security pattern. A case study of GPS system is also provided to demonstrate the application of generated profile.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alexander, C.: A Pattern Language: Towns, Buildings, Construction.. Oxford University Press, USA (1977)
Blakley, B., Heath, C.: Security design patterns technical guide - version 1 (2004)
El Boussaidi, G., Mili, H.: A model-driven framework for representing and applying design patterns. Annual International Computer Software and Applications Conference 1, 97–100 (2007)
Bézivin, J.: Towards a precise definition of omg/mda framework. In: Proceedings of ASE 2001, pp. 273–280. IEEE Computer Society, Los Alamitos (2001)
Cinnéide, M.Ó., Nixon, P.: Automated software evolution towards design patterns. In: Proceedings of the 4th International Workshop on Principles of Software Evolution, IWPSE 2001, pp. 162–165. ACM, New York (2001)
Fuentes-Fernández, L., Vallecillo-Moreno, A.: An Introduction to UML Profiles. UPGRADE, European Journal for the Informatics Professional 5(2), 5–13 (2004)
Helm, R., Ralph, E., Johnson, R., Vlissides, J., Gamma, E.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley Professional Computing Series (1995)
Jürjens, J.: Umlsec: Extending uml for secure systems development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security (2002)
OMG. Uml profile for marte. In OMG document ptc/07-08-04 (2007)
OMG. Omg metaobject facility (mof) specification, version 2 (2010)
OMG. Omg model driven architecture specification: Mda guide version 1.0.1 (2010)
OMG. Omg unified modeling language specification version 2.3 (May 2010)
Kajsa, P., Majtás, L.: Design patterns instantiation based on semantics and model transformations. In: van Leeuwen, J., Muscholl, A., Peleg, D., Pokorný, J., Rumpe, B. (eds.) SOFSEM 2010. LNCS, vol. 5901, pp. 540–551. Springer, Heidelberg (2010)
Priebe, T., Fernández, B., Ingo Mehlau, J., Pernul, G.: A pattern system for access control, pp. 235–249. Kluwer, Dordrecht (2004)
Schmidt, C.: Guest editor’s introduction: Model-driven engineering. Computer 39, 25–31 (2006)
Schumacher, M.: Security Engineering with Patterns - Origins, Theoretical Models, and New Applications. LNCS, vol. 2754. Springer, Heidelberg (2003)
Stephen, S., Dong, N.: Integration in component-based software development using design patterns. In: Annual International of Computer Software and Applications Conference, p. 369 (2000)
Szyperski, C., Gruntz, D., Murer, S.: Component Software Beyond Object-Oriented Programming. Addison-Wesley/ACM Press (2002)
Viega, J., Mcgraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley Professional Computing Series. Addison-Wesley Professional, Reading (2001)
Wang, X., Yuan Wu, Q., Min Wang, H., Xi Shi, D.: Research and implementation of design pattern-oriented model transformation. In: International Multi-Conference on Computing in the Global Information Technology, p. 24 (2007)
Yoder, J., Barcalow, J.: Architectural patterns for enabling application security. In: PLoP (1997)
Yoshioka, N., Washizaki, H., Maruyama, K.: A survey of security patterns. Progress in Informatics (5), 35–47 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bouaziz, R., Hamid, B., Desnos, N. (2011). Towards a Better Integration of Patterns in Secure Component-Based Systems Design. In: Murgante, B., Gervasi, O., Iglesias, A., Taniar, D., Apduhan, B.O. (eds) Computational Science and Its Applications - ICCSA 2011. ICCSA 2011. Lecture Notes in Computer Science, vol 6786. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21934-4_49
Download citation
DOI: https://doi.org/10.1007/978-3-642-21934-4_49
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21933-7
Online ISBN: 978-3-642-21934-4
eBook Packages: Computer ScienceComputer Science (R0)