Modeling of Secure and Dependable Applications Based on a Repository of Patterns: The SEMCO Approach

International audienceThe requirement for higher quality and seamless development of systems is continuously increasing, even in domains traditionally not deeply involved in such issues. Security and Dependability (S&D) requirements are incorporated to an increasing number of systems. These newer restrictions make the development of those systems more complicated than conventional systems. In our work, we promote a new approach called SEMCO (System and software Engineering with Multi-COncerns) combining Model-Driven Engineering (MDE) with a model-based repository of S&D patterns to support the design and the analysis of pattern-based secure and dependable system and software architectures. The modeling framework to support the approach is based on a set of modeling languages, to specify security and dependability patterns, resources and a set of property models, and a set of model transformation rules to specify some of the analysis activities. As part of the assistance for the development of S&D applications, we have implemented a tool-chain based on the Eclipse platform to support the different activities around the repository, including the analysis activities. The proposed approach was evaluated through a case study from the railway domain

Enforcing S&D pattern design in RCES with modeling and formal approaches

The requirement for higher security and dependability of systems is continuously increasing even in domains not traditionally deeply involved in such issues. Yet, evolution of embedded systems towards devices connected via Internet, wireless communication or other interfaces requires a reconsideration of secure and trusted embedded systems engineering processes. In this paper, we propose an approach that associates model driven engineering (MDE) and formal validation to build security and dependability (S&D) patterns for trusted RCES applications. The contribution of this work is twofold. On the one hand, we use model-based techniques to capture a set of artifacts to encode S&D patterns. On the other hand, we introduce a set of artifacts for the formal validation of these patterns in order to guarantee their correctness. The formal validation in turn follows the the MDE process and thus links concrete validation results to the S&D requirements identified at higher level s of abstraction

Engineering secure systems: Models, patterns and empirical validation

Several development approaches have been proposed to handle the growing complexity of software system design. The most popular methods use models as the main artifacts to construct and maintain. The desired role of such models is to facilitate, systematize and standardize the construction of software-based systems. In our work, we propose a model-driven engineering (MDE) methodological approach associated with a pattern-based approach to support the development of secure software systems. We address the idea of using patterns to describe solutions for security as recurring security problems in specific design contexts and present a well-proven generic scheme for their solutions. The proposed approach is based on metamodeling and model transformation techniques to define patterns at different levels of abstraction and generate different representations according to the target domain concerns, respectively. Moreover, we describe an operational architecture for development tools to support the approach. Finally, an empirical evaluation of the proposed approach is presented through a practical application to a use case in the metrology domain with strong security requirements, which is followed by a description of a survey performed among domain experts to better understand their perceptions regarding our approach