AuthorsP. H. Nguyen, J. Klein and Y. Le Traon
TitleModel-Driven Security with A System of Aspect-Oriented Security Design Patterns
AfilliationSoftware Engineering, Software Engineering
Publication TypeProceedings, refereed
Year of Publication2014
Conference NameThe 2nd Workshop on View-Based, Aspect-Oriented and Orthographic Software Modelling
Date Published07/2014
Place PublishedNew York, NY, USA
ISBN Number978-1-4503-2900-2
Keywordsaspect-oriented modeling, authentication, authorization, Model Composition, Model-Driven Security, security patterns

Model-Driven Security (MDS) has emerged for more than a decade to propose sound MD methodologies for supporting secure systems development. Yet, there is still a big gap before making Mds more easily applicable, and adoptable by industry. Most current MDS approaches have not extensively dealt with multiple security concerns but rather a specific one, e.g. authorization. Besides, security patterns which are based on domain-independent, time-proven security knowl- edge and expertise, can be considered as reusable security bricks upon which sound and secure systems can be built. But security patterns are not applied as much as they could be because developers have problems in selecting them and applying them in the right places, especially at the design phase. In this position paper, we propose an exploratory MDS approach based on a System of aspect-oriented Security design Patterns (shortly called SoSPa) in which security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides de- velopers in systematically selecting the right security design patterns for the job. Our MDS approach allows the selected security design patterns to be automatically composed with the target system model. The woven secure system model can then be used for (partial) code generation, including (configured) security infrastructures.

Citation KeyNguyen:2014:VAO