Abstract. Non-functional requirements such as Security and Dependability (S &D) become more important as well as more difficult to achieve. In fact, the integration of security features requires the availability of both application domain specific knowledge and security expertise at the same time. Hence, capturing and providing this expertise by the way of security patterns can support the integration of S&D features by design to foster reuse during the process of software system development.The solution envisaged here is based on combining metamodeling techniques and formal methods to represent security pattern at two levels of abstraction fostering reuse during the process of pattern development and during the process of pattern-based development. The contribution of this work is twofold: (1) An improvement of our previous pattern modeling language for representing security pattern in the form of a subsystem providing appropriate interfaces and targeting security properties, (2) Formal specification and validation of pattern properties, using the interactive Isabelle/HOL proof assistant. The resulting validation artifacts may mainly complete the definitions, and provide semantics for the interfaces and the properties in the context of S&D. As a result, validated patterns will be used as bricks to build applications through a Model-Driven engineering approach.Keywords: Pattern, Metamodel, Domain, Formalization, Model-Driven engineering, Security.
IntroductionRecent times have seen a paradigm shift in terms of design by combining multiple software engineering paradigms, namely, Model-Driven Engineering (MDE) [20] and formal methods [25]. Such a paradigm shift is changing the way systems are developed nowadays, reducing development time significantly. Embedded systems [26] are a case where a range of development approaches have been proposed. The most popular are those using models as main artifacts to be constructed and maintained. In these approaches, software development consists of model specification and transformations. In addition to MDE, pattern-based development has gained more attention recently in software engineering by addressing new challenges that were not targeted in the past. In fact, they are applied in modern software architecture for distributed systems including middlewares, real-time embedded systems, and recently in security and dependability engineering.Unfortunately, most of security patterns are expressed as informal indications on how to solve some security problems, using template like traditional patterns [1,6]. These patterns do not include sufficient semantic descriptions, including those of security and dependability concepts, for automated processing within a tool-supported development and to extend their use. Furthermore, due to manual pattern implementation, the problem of incorrect implementation (the most important source of security problems) remains unsolved. For that, model driven software engineering can provide a solid basis for formulating design patterns that can incorp...