Article thumbnail

A Systematic Approach to Assist Designers in Security Pattern Integration

By Loukmen Regainia, Cédric Bouhours and Sébastien Salva


International audienceThe last decade has witnessed significant contributions in software engineering to design more secure systems and applications. Software designers can now leverage specific patterns, called security patterns as reusable solutions to model more secure applications. But, despite the advantages offered by security patterns, these are rarely used in practice, because choosing and employing them for devising less vulnerable applications, is still a difficult and error-prone task. In this work, we propose an original approach to guide designers for checking whether a set of security patterns is correctly integrated into models and if vulnerabilities are yet exposed despite their use. This approach relies upon the analysis of the structural and behavioral properties of security patterns and on formal methods to check if these properties hold in the application model completed with patterns. We also provide a metric computation to assess the integration quality of patterns. Afterwards, we check whether the vulnerabilities, which should be removed by the use of patterns, are not exposed in the model. We illustrate this approach on an example of Web application, the Moodle education platform

Topics: Model, UML, Security Patterns, Verification, [INFO]Computer Science [cs], [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
Publisher: HAL CCSD
Year: 2016
OAI identifier: oai:HAL:hal-02019284v1
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • (external link)
  • (external link)
  • (external link)
  • Suggested articles

    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.