A Systematic Approach to Assist Designers in Security Pattern Integration

Abstract : The last decade has witnessed significant contributions in software engineering to design more secure systems and applications. Software designers can now leverage specific patterns, called security patterns as reusable solutions to model more secure applications. But, despite the advantages offered by security patterns, these are rarely used in practice, because choosing and employing them for devising less vulnerable applications, is still a difficult and error-prone task. In this work, we propose an original approach to guide designers for checking whether a set of security patterns is correctly integrated into models and if vulnerabilities are yet exposed despite their use. This approach relies upon the analysis of the structural and behavioral properties of security patterns and on formal methods to check if these properties hold in the application model completed with patterns. We also provide a metric computation to assess the integration quality of patterns. Afterwards, we check whether the vulnerabilities, which should be removed by the use of patterns, are not exposed in the model. We illustrate this approach on an example of Web application, the Moodle education platform.
Complete list of metadatas

https://hal-clermont-univ.archives-ouvertes.fr/hal-02019284
Contributor : Sébastien Salva <>
Submitted on : Thursday, February 14, 2019 - 2:25:26 PM
Last modification on : Saturday, February 23, 2019 - 1:17:06 AM
Long-term archiving on : Wednesday, May 15, 2019 - 7:21:01 PM

File

document.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-02019284, version 1

Citation

Loukmen Regainia, Cédric Bouhours, Sébastien Salva. A Systematic Approach to Assist Designers in Security Pattern Integration. The Second International Conference on Advances and Trends in Software Engineering (SOFTENG 2016), Feb 2016, lisbon, Portugal. ⟨hal-02019284⟩

Share

Metrics

Record views

26

Files downloads

19