Advertisement

Behavioral Singletons to Consistently Handle Global States of Security Patterns

  • Linda Ariani Gunawan
  • Frank Alexander Kraemer
  • Peter Herrmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7272)

Abstract

Secure systems are usually complex since stateful security mechanisms like authentication and authorization have to be integrated into the functional behavior at various places. The security operations are, in general, interdependent such that events at one place may influence the behavior at other places. Thus, the composed specification of a system is neither easy to understand nor to analyze, and a faulty integration of the security mechanisms is often overseen. In this paper, we introduce the concept of singletons into our model-based engineering technique SPACE which facilitates a straightforward integration of security aspects. The behavior of a security protocol is encapsulated in a building block using a two-view interface contract. One view of the contract is quite simple and suffices for the correct integration of the block into a system specification. The other view is more complex but has to be considered only by the block designers to verify that the behavioral model in the block fulfills its interface contract. We exemplify the singletons by means of an authorization mechanism and discuss how to prove that the two views of its interface contract are consistent.

Keywords

State Machine Security Protocol Security Aspect Client Feature Transport Layer Security 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Mouratidis, H., Giorgini, P.: Integrating Security and Software Engineering: Advances and Future Vision. IGI Global (2006)Google Scholar
  2. 2.
    Viega, J., Bloch, J.T., Chandra, P.: Applying Aspect-Oriented Programming to Security. Cutter IT Journal 14(2), 31–39 (2001)Google Scholar
  3. 3.
    Georg, G., Ray, I., Anastasakis, K., Bordbar, B., Toahchoodee, M., Houmb, S.H.: An Aspect-Oriented Methodology for Designing Secure Applications. Information and Software Technology 51(5), 846–864 (2009); Special Issue: Model-Driven Development for Secure Information SystemsCrossRefGoogle Scholar
  4. 4.
    Mouheb, D., Talhi, C., Nouh, M., Lima, V., Debbabi, M., Wang, L., Pourzandi, M.: Aspect-Oriented Modeling for Representing and Integrating Security Concerns in UML. In: Lee, R., Ormandjieva, O., Abran, A., Constantinides, C. (eds.) SERA 2010. SCI, vol. 296, pp. 197–213. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Heineman, G.T., Council, W.T.: Component-Based Software Engineering: Putting the Pieces Together. Addison-Wesley, USA (2001)Google Scholar
  6. 6.
    Stevens, W.P., Myers, G.J., Constantine, L.L.: Structured Design. IBM Systems Journal 13(2), 115–139 (1974)CrossRefGoogle Scholar
  7. 7.
    Kraemer, F.A.: Engineering Reactive Systems: A Compositional and Model-Driven Method Based on Collaborative Building Blocks. PhD thesis, Norwegian University of Science and Technology (August 2008)Google Scholar
  8. 8.
    Kraemer, F.A., Herrmann, P.: Automated Encapsulation of UML Activities for Incremental Development and Verification. In: Schürr, A., Selic, B. (eds.) MODELS 2009. LNCS, vol. 5795, pp. 571–585. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Kraemer, F.A., Herrmann, P.: Reactive Semantics for Distributed UML Activities. In: Hatcliff, J., Zucca, E. (eds.) FMOODS 2010. LNCS, vol. 6117, pp. 17–31. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  10. 10.
    Kraemer, F.A., Slåtten, V., Herrmann, P.: Tool Support for the Rapid Composition, Analysis and Implementation of Reactive Services. Journal of Systems and Software 82(12), 2068–2080 (2009)CrossRefGoogle Scholar
  11. 11.
    Gamma, E., Helm, R., Johnson, R.E., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading (1995)Google Scholar
  12. 12.
  13. 13.
  14. 14.
    Hammer-Lahav, E., et al.: The OAuth 2.0 Authorization Protocol. Internet-Draft, draft-ietf-oauth-v2-22 (September 2011)Google Scholar
  15. 15.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard) (August 2008)Google Scholar
  16. 16.
    Melnikov, A., Zeilenga, K.: Simple Authentication and Security Layer (SASL). RFC 4422 (Proposed Standard) (June 2006)Google Scholar
  17. 17.
    Cantor, S., et al.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) v2.0 (March 2005)Google Scholar
  18. 18.
    Kraemer, F.A., Herrmann, P.: Transforming Collaborative Service Specifications into Efficiently Executable State Machines. In: Proceedings of the 6th International Workshop on Graph Transformation and Visual Modeling Techniques (GT-VMT 2007). Electronic Communications of the EASST, vol. 7. EASST (2007)Google Scholar
  19. 19.
    Kraemer, F.A., Herrmann, P., Bræk, R.: Aligning UML 2.0 State Machines and Temporal Logic for the Efficient Execution of Services. In: Meersman, R., Tari, Z. (eds.) OTM 2006. LNCS, vol. 4276, pp. 1613–1632. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  20. 20.
    Slåtten, V., Herrmann, P.: Contracts for Multi-instance UML Activities. In: Bruni, R., Dingel, J. (eds.) FORTE 2011 and FMOODS 2011. LNCS, vol. 6722, pp. 304–318. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Abadi, M., Lamport, L.: The Existence of Refinement Mappings. Theoretical Computer Science 82(2), 253–284 (1991)MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Jürjens, J., Houmb, S.H.: Dynamic Secure Aspect Modeling with UML: From Models to Code. In: Briand, L.C., Williams, C. (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 142–155. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Pavlich-Mariscal, J., Michel, L., Demurjian, S.: Enchancing UML to Model Custom Security Aspects. In: AOM 2007: Proceedings of the 11th Workshop on Aspect-Oriented Modeling (2007)Google Scholar
  24. 24.
    Jézéquel, J.M.: Model Driven Design and Aspect Weaving. Software and System Modeling 7(2), 209–218 (2008)CrossRefGoogle Scholar
  25. 25.
    Alexander, R.T., Bieman, J.M.: Challenges of Aspect-oriented Technology. In: 24th Int’l Conf. Software Engineering, Workshop on Software Quality (2002)Google Scholar
  26. 26.
    Jürjens, J.: Secure System Development with UML. Springer (2004)Google Scholar
  27. 27.
    Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: From UML Models to Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)CrossRefGoogle Scholar
  28. 28.
    Doan, T., Demurjian, S., Ting, T.C., Ketterl, A.: MAC and UML for Secure Software Design. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, pp. 75–85. ACM, New York (2004)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Linda Ariani Gunawan
    • 1
  • Frank Alexander Kraemer
    • 1
  • Peter Herrmann
    • 1
  1. 1.Department of TelematicsNorwegian University of Science and Technology (NTNU)TrondheimNorway

Personalised recommendations