Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP International Conference on Distributed Applications and Interoperable Systems

DAIS 2012: Distributed Applications and Interoperable Systems pp 73–86Cite as

  1. Home
  2. Distributed Applications and Interoperable Systems
  3. Conference paper
Behavioral Singletons to Consistently Handle Global States of Security Patterns

Behavioral Singletons to Consistently Handle Global States of Security Patterns

  • Linda Ariani Gunawan18,
  • Frank Alexander Kraemer18 &
  • Peter Herrmann18 
  • Conference paper
  • 686 Accesses

Part of the Lecture Notes in Computer Science book series (LNCCN,volume 7272)

Abstract

Secure systems are usually complex since stateful security mechanisms like authentication and authorization have to be integrated into the functional behavior at various places. The security operations are, in general, interdependent such that events at one place may influence the behavior at other places. Thus, the composed specification of a system is neither easy to understand nor to analyze, and a faulty integration of the security mechanisms is often overseen. In this paper, we introduce the concept of singletons into our model-based engineering technique SPACE which facilitates a straightforward integration of security aspects. The behavior of a security protocol is encapsulated in a building block using a two-view interface contract. One view of the contract is quite simple and suffices for the correct integration of the block into a system specification. The other view is more complex but has to be considered only by the block designers to verify that the behavioral model in the block fulfills its interface contract. We exemplify the singletons by means of an authorization mechanism and discuss how to prove that the two views of its interface contract are consistent.

Keywords

  • State Machine
  • Security Protocol
  • Security Aspect
  • Client Feature
  • Transport Layer Security

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download conference paper PDF

References

  1. Mouratidis, H., Giorgini, P.: Integrating Security and Software Engineering: Advances and Future Vision. IGI Global (2006)

    Google Scholar 

  2. Viega, J., Bloch, J.T., Chandra, P.: Applying Aspect-Oriented Programming to Security. Cutter IT Journal 14(2), 31–39 (2001)

    Google Scholar 

  3. Georg, G., Ray, I., Anastasakis, K., Bordbar, B., Toahchoodee, M., Houmb, S.H.: An Aspect-Oriented Methodology for Designing Secure Applications. Information and Software Technology 51(5), 846–864 (2009); Special Issue: Model-Driven Development for Secure Information Systems

    CrossRef  Google Scholar 

  4. Mouheb, D., Talhi, C., Nouh, M., Lima, V., Debbabi, M., Wang, L., Pourzandi, M.: Aspect-Oriented Modeling for Representing and Integrating Security Concerns in UML. In: Lee, R., Ormandjieva, O., Abran, A., Constantinides, C. (eds.) SERA 2010. SCI, vol. 296, pp. 197–213. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  5. Heineman, G.T., Council, W.T.: Component-Based Software Engineering: Putting the Pieces Together. Addison-Wesley, USA (2001)

    Google Scholar 

  6. Stevens, W.P., Myers, G.J., Constantine, L.L.: Structured Design. IBM Systems Journal 13(2), 115–139 (1974)

    CrossRef  Google Scholar 

  7. Kraemer, F.A.: Engineering Reactive Systems: A Compositional and Model-Driven Method Based on Collaborative Building Blocks. PhD thesis, Norwegian University of Science and Technology (August 2008)

    Google Scholar 

  8. Kraemer, F.A., Herrmann, P.: Automated Encapsulation of UML Activities for Incremental Development and Verification. In: Schürr, A., Selic, B. (eds.) MODELS 2009. LNCS, vol. 5795, pp. 571–585. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  9. Kraemer, F.A., Herrmann, P.: Reactive Semantics for Distributed UML Activities. In: Hatcliff, J., Zucca, E. (eds.) FMOODS 2010. LNCS, vol. 6117, pp. 17–31. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  10. Kraemer, F.A., Slåtten, V., Herrmann, P.: Tool Support for the Rapid Composition, Analysis and Implementation of Reactive Services. Journal of Systems and Software 82(12), 2068–2080 (2009)

    CrossRef  Google Scholar 

  11. Gamma, E., Helm, R., Johnson, R.E., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading (1995)

    Google Scholar 

  12. Google Latitude API, http://code.google.com/apis/latitude/

  13. Google Contacts API, http://code.google.com/apis/contacts/

  14. Hammer-Lahav, E., et al.: The OAuth 2.0 Authorization Protocol. Internet-Draft, draft-ietf-oauth-v2-22 (September 2011)

    Google Scholar 

  15. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard) (August 2008)

    Google Scholar 

  16. Melnikov, A., Zeilenga, K.: Simple Authentication and Security Layer (SASL). RFC 4422 (Proposed Standard) (June 2006)

    Google Scholar 

  17. Cantor, S., et al.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) v2.0 (March 2005)

    Google Scholar 

  18. Kraemer, F.A., Herrmann, P.: Transforming Collaborative Service Specifications into Efficiently Executable State Machines. In: Proceedings of the 6th International Workshop on Graph Transformation and Visual Modeling Techniques (GT-VMT 2007). Electronic Communications of the EASST, vol. 7. EASST (2007)

    Google Scholar 

  19. Kraemer, F.A., Herrmann, P., Bræk, R.: Aligning UML 2.0 State Machines and Temporal Logic for the Efficient Execution of Services. In: Meersman, R., Tari, Z. (eds.) OTM 2006. LNCS, vol. 4276, pp. 1613–1632. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  20. Slåtten, V., Herrmann, P.: Contracts for Multi-instance UML Activities. In: Bruni, R., Dingel, J. (eds.) FORTE 2011 and FMOODS 2011. LNCS, vol. 6722, pp. 304–318. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  21. Abadi, M., Lamport, L.: The Existence of Refinement Mappings. Theoretical Computer Science 82(2), 253–284 (1991)

    CrossRef  MathSciNet  MATH  Google Scholar 

  22. Jürjens, J., Houmb, S.H.: Dynamic Secure Aspect Modeling with UML: From Models to Code. In: Briand, L.C., Williams, C. (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 142–155. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  23. Pavlich-Mariscal, J., Michel, L., Demurjian, S.: Enchancing UML to Model Custom Security Aspects. In: AOM 2007: Proceedings of the 11th Workshop on Aspect-Oriented Modeling (2007)

    Google Scholar 

  24. Jézéquel, J.M.: Model Driven Design and Aspect Weaving. Software and System Modeling 7(2), 209–218 (2008)

    CrossRef  Google Scholar 

  25. Alexander, R.T., Bieman, J.M.: Challenges of Aspect-oriented Technology. In: 24th Int’l Conf. Software Engineering, Workshop on Software Quality (2002)

    Google Scholar 

  26. Jürjens, J.: Secure System Development with UML. Springer (2004)

    Google Scholar 

  27. Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: From UML Models to Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)

    CrossRef  Google Scholar 

  28. Doan, T., Demurjian, S., Ting, T.C., Ketterl, A.: MAC and UML for Secure Software Design. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, pp. 75–85. ACM, New York (2004)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Telematics, Norwegian University of Science and Technology (NTNU), Trondheim, Norway

    Linda Ariani Gunawan, Frank Alexander Kraemer & Peter Herrmann

Authors
  1. Linda Ariani Gunawan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Frank Alexander Kraemer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter Herrmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Information Systems, Vienna University of Technology, Argentinierstrasse 8/184-1, 1040, Vienna, Austria

    Karl Michael Göschka

  2. Swedish Institute of Computer Science, Isafjordsgatan 22, 164 29, Kista, Sweden

    Seif Haridi

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Gunawan, L.A., Kraemer, F.A., Herrmann, P. (2012). Behavioral Singletons to Consistently Handle Global States of Security Patterns. In: Göschka, K.M., Haridi, S. (eds) Distributed Applications and Interoperable Systems. DAIS 2012. Lecture Notes in Computer Science, vol 7272. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30823-9_6

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-30823-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-30822-2

  • Online ISBN: 978-3-642-30823-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature