Modeling of Secure and Dependable Applications Based on a Repository of Patterns: The SEMCO Approach

International audienceThe requirement for higher quality and seamless development of systems is continuously increasing, even in domains traditionally not deeply involved in such issues. Security and Dependability (S&D) requirements are incorporated to an increasing number of systems. These newer restrictions make the development of those systems more complicated than conventional systems. In our work, we promote a new approach called SEMCO (System and software Engineering with Multi-COncerns) combining Model-Driven Engineering (MDE) with a model-based repository of S&D patterns to support the design and the analysis of pattern-based secure and dependable system and software architectures. The modeling framework to support the approach is based on a set of modeling languages, to specify security and dependability patterns, resources and a set of property models, and a set of model transformation rules to specify some of the analysis activities. As part of the assistance for the development of S&D applications, we have implemented a tool-chain based on the Eclipse platform to support the different activities around the repository, including the analysis activities. The proposed approach was evaluated through a case study from the railway domain

Interplay of Security&Dependability and Resource using Model-driven and Pattern-based Development

International audienceSeveral frameworks have been proposed to help designers of embedded system applications. However, we currently lack methodological tool support to take into account the interplay between security&;dependability and resource properties. In this work, we propose a modeling environment which associates model-driven paradigms with security and dependability patterns to ensure that the combination of security and dependability solutions fit on the targeted hardware platform. The resulted framework will serve as a tool to estimate the resources consumed by the security and dependability solutions at early stages of design to help the designer to avoid resource conflicts at run-time. In addition, we provide an architecture for development tools to support the design and the analysis of pattern-based secure and dependable applications. Finally, we apply it in practice to a use case from railway domain with strong security and dependability requirements

A Modeling and Formal Approach for the Precise Specification of Security Patterns

International audienceNon-functional requirements such as Security and Dependability (S &D) become more important as well as more difficult to achieve. In fact, the integration of security features requires the availability of both application domain specific knowledge and security expertise at the same time. Hence, capturing and providing this expertise by the way of security patterns can support the integration of S&D features by design to foster reuse during the process of software system development.The solution envisaged here is based on combining metamodeling techniques and formal methods to represent security pattern at two levels of abstraction fostering reuse during the process of pattern development and during the process of pattern-based development. The contribution of this work is twofold: (1) An improvement of our previous pattern modeling language for representing security pattern in the form of a subsystem providing appropriate interfaces and targeting security properties, (2) Formal specification and validation of pattern properties, using the interactive Isabelle/HOL proof assistant. The resulting validation artifacts may mainly complete the definitions, and provide semantics for the interfaces and the properties in the context of S&D. As a result, validated patterns will be used as bricks to build applications through a Model-Driven engineering approach

Engineering secure systems: Models, patterns and empirical validation

Several development approaches have been proposed to handle the growing complexity of software system design. The most popular methods use models as the main artifacts to construct and maintain. The desired role of such models is to facilitate, systematize and standardize the construction of software-based systems. In our work, we propose a model-driven engineering (MDE) methodological approach associated with a pattern-based approach to support the development of secure software systems. We address the idea of using patterns to describe solutions for security as recurring security problems in specific design contexts and present a well-proven generic scheme for their solutions. The proposed approach is based on metamodeling and model transformation techniques to define patterns at different levels of abstraction and generate different representations according to the target domain concerns, respectively. Moreover, we describe an operational architecture for development tools to support the approach. Finally, an empirical evaluation of the proposed approach is presented through a practical application to a use case in the metrology domain with strong security requirements, which is followed by a description of a survey performed among domain experts to better understand their perceptions regarding our approach

Comparison of CrAlN layers obtained with one (CrAl) or two targets (Cr and Al) by magnetron sputtering

The authors would like to thank the Regional Council of Burgundy, France for its funding and Michael Walock for his help in English revisionsThe aim of this study is to compare the properties of CrAlN coatings obtained by magnetron sputtering with one (CrAl) or two targets (Cr and Al). The influence of parameters such as the target bias voltage, the working pressure, the deposition time and the bias voltage applied on the Cr or Al targets on the properties of the layers was studied. We characterized the films by X-ray Diffraction, Scanning Electron Microscopy, coupled with Energy Dispersive Spectroscopy, nanoindentation and their residual stresses were also determined. The optimal films obtained with both methods are well crystallized, well-adherent to the substrate, and contained similar amounts of Al (20–30 at.%). The optimal coatings synthesized with one target presented properties not as good as those realized with two targets. Nevertheless, films made with one target showed a lower frictional coefficient probably due to composition control. The lack of compositional control with the use of one target limits the optimization process. With two targets, we have greater control over the film composition. This leads to higher hardness, lower stresses, and improved Young's modulus over films produced with a single CrAl target. Additionally, the morphologies are different (columnar with CrAl and dense with Cr and Al). To conclude, it seems more justified to work if possible with two independent targets.Regional Council of Burgund

How to Analyze Modeling Approach Comparison Criteria

National audienceOne possible final goal of defining a set of criteria to define modeling approaches [1] is to help people, especially from industry, picking up the good approaches or artifacts according to their own purpose. The authors of the comparison criteria have managed to get several different assessments made by defenders of particular modeling approaches. From our point of view the experiment is mature enough to support a factorial analysis of the criteria themselves. The goal of this paper is to present how such an analysis could be conducted and illustrate its usefulness. We have identified several key modeling concepts but we only focus in this document on the assessment of modeling approaches

Security Concepts as Add-On for Process Models

International audienceDevelopment processes for software construction are common knowledge and widely used in most development organizations. Unfortunately, these processes often offer only little or no support in order to meet security requirements. In our work, we propose a methodology to enhance these process models with security concepts, backed by a security-oriented process model specification language. The methodology supports existing process models, which will be extended by established security approaches, as well as information security risk management standards, to fulfill the demand for secure software engineering. The methodology and the process modeling language we propose, have been successfully evaluated by the TERESA project for specifying development processes for trusted applications and integrating security concepts into existing process models

Split of Composite Components for Distributed Applications

International audienceComposite structures as in UML are a way to ease the development of complex applications. Composite classes contain sub-components that are instantiated, interconnected and configured along with the composite. Composites may also contain operations and further attributes. Their deployment on distributed platforms is not trivial, since their sub-components might be allocated to different computing nodes. In this case, the deployment implies a split of the composite. In this paper, we will motivate why composites need to be allocated to different nodes in some cases by examining the particular case of interaction components. We will also discuss several options to achieve the separation and their advantages and disadvantages including modeling restrictions for the classes