Enhancing Model Driven Security through Pattern Refinement Techniques

Katt, Basel; Gander, Matthias; Breu, Ruth; Felderer, Michael

doi:10.1007/978-3-642-35887-6_9

Cited by 5 publications

(6 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, existing approaches using patterns often target one stage of development (architecture, design or implementation) due to the lack of formalisms ensuring (1) the specification of a pattern at different levels of abstraction, (2) relationships that govern their interactions and complementarity and (3) the relationship between patterns and other artifacts manipulated during the development lifecycle and those related to the assessment of critical systems. Several approaches exist in the security design pattern literature ( Cheng et al, 2003;Fernandez et al, 2011;Giacomo et al, 2008;Hatebur et al, 2007;Jürjens et al, 2002;Katt et al, 2013;Schumacher, 2003 ). They allow solutions to very general problems that appear frequently as sub-tasks in the design of systems with security and dependability requirements.…”

Section: Related Workmentioning

confidence: 99%

Engineering secure systems: Models, patterns and empirical validation

Hamid

Weber

2018

Computers & Security

View full text Add to dashboard Cite

Several development approaches have been proposed to handle the growing complexity of software system design. The most popular methods use models as the main artifacts to construct and maintain. The desired role of such models is to facilitate, systematize and standardize the construction of software-based systems. In our work, we propose a model-driven engineering (MDE) methodological approach associated with a pattern-based approach to support the development of secure software systems. We address the idea of using patterns to describe solutions for security as recurring security problems in specific design contexts and present a well-proven generic scheme for their solutions. The proposed approach is based on metamodeling and model transformation techniques to define patterns at different levels of abstraction and generate different representations according to the target domain concerns, respectively. Moreover, we describe an operational architecture for development tools to support the approach. Finally, an empirical evaluation of the proposed approach is presented through a practical application to a use case in the metrology domain with strong security requirements, which is followed by a description of a survey performed among domain experts to better understand their perceptions regarding our approach.

show abstract

Section: Related Workmentioning

confidence: 99%

Engineering secure systems: Models, patterns and empirical validation

Hamid

Weber

2018

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Some research addresses linking the model to the code level within model-based security through modeldriven reverse engineering [34], [35]. Other work addresses the model-based use of security patterns [36], [37]. Further research makes use of aspect-oriented modeling for modelbased security [38].…”

Section: Related Workmentioning

confidence: 99%

From Secure Business Process Modeling to Design-Level Security Verification

Ramadan

Salnitriy

Strüber

et al. 2017

2017 ACM/IEEE 20th International Conference on Model Driven Engineering Languages and Systems (MODELS)

View full text Add to dashboard Cite

Tracing and integrating security requirements throughout the development process is a key challenge in security engineering. In socio-technical systems, security requirements for the organizational and technical aspects of a system are currently dealt with separately, giving rise to substantial misconceptions and errors. In this paper, we present a model-based security engineering framework for supporting the system design on the organizational and technical level. The key idea is to allow the involved experts to specify security requirements in the languages they are familiar with: business analysts use BPMN for procedural system descriptions; system developers use UML to design and implement the system architecture. Security requirements are captured via the language extensions SecBPMN2 and UMLsec. We provide a model transformation to bridge the conceptual gap between SecBPMN2 and UMLsec. Using UMLsec policies, various security properties of the resulting architecture can be verified. In a case study featuring an air traffic management system, we show how our framework can be practically applied.

show abstract

“…Model-driven security (MDS) is often used to adapt security dynamically following different approaches: UMLSec (UML for secure systems) [ 32 ], SecureUML (access control language based on UML) [ 33 ], OpenPMF (Open Policy Management Framework) [ 34 , 35 ], SECTET (framework for model-driven security) [ 36 ], etc . For instance, in [ 37 ], models@runtime is used to keep an architectural model synchronized with a policy, but this approach only supports access control policies and not any kind of security functionality, as does our security adaptation service.…”

Section: Related Workmentioning

confidence: 99%

“…For instance, in [ 37 ], models@runtime is used to keep an architectural model synchronized with a policy, but this approach only supports access control policies and not any kind of security functionality, as does our security adaptation service. This is a general limitation in many security policy-based approaches, because they are primarily focused only on access control or authorization concerns [ 34 , 35 , 38 , 39 ] or they are focused only on a specific domain, such as mobile cloud [ 40 ] or service-oriented architecture (SOA) [ 34 – 36 , 38 ].…”

Section: Related Workmentioning

confidence: 99%

Dynamic Reconfiguration of Security Policies in Wireless Sensor Networks

Pinto¹,

Gámez²,

Fuentes³

et al. 2015

Sensors

View full text Add to dashboard Cite

Providing security and privacy to wireless sensor nodes (WSNs) is very challenging, due to the heterogeneity of sensor nodes and their limited capabilities in terms of energy, processing power and memory. The applications for these systems run in a myriad of sensors with different low-level programming abstractions, limited capabilities and different routing protocols. This means that applications for WSNs need mechanisms for self-adaptation and for self-protection based on the dynamic adaptation of the algorithms used to provide security. Dynamic software product lines (DSPLs) allow managing both variability and dynamic software adaptation, so they can be considered a key technology in successfully developing self-protected WSN applications. In this paper, we propose a self-protection solution for WSNs based on the combination of the INTER-TRUST security framework (a solution for the dynamic negotiation and deployment of security policies) and the FamiWare middleware (a DSPL approach to automatically configure and reconfigure instances of a middleware for WSNs). We evaluate our approach using a case study from the intelligent transportation system domain.

show abstract

Enhancing Model Driven Security through Pattern Refinement Techniques

Cited by 5 publications

References 12 publications

Engineering secure systems: Models, patterns and empirical validation

Engineering secure systems: Models, patterns and empirical validation

From Secure Business Process Modeling to Design-Level Security Verification

Dynamic Reconfiguration of Security Policies in Wireless Sensor Networks

Contact Info

Product

Resources

About