Aspect Oriented Modeling For Representing And Integrating Security Aspects In Uml Models


Aspect-Oriented Security Hardening of UML Design Models

Author : Djedjiga Mouheb

Publisher : Springer

Page : 247 pages

File Size : 46,73 MB

Release : 2015-04-22

Category : Computers

ISBN : 3319161067

Get eBook

Book Description

This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models. The work is organized as follows: chapter 1 presents an introduction to software security, model-driven engineering, UML and aspect-oriented technologies. Chapters 2 and 3 provide an overview of UML language and the main concepts of aspect-oriented modeling (AOM) respectively. Chapter 4 explores the area of model-driven architecture with a focus on model transformations. The main approaches that are adopted in the literature for security specification and hardening are presented in chapter 5. After these more general presentations, chapter 6 introduces the AOM profile for security aspects specification. Afterwards, chapter 7 details the design and the implementation of the security weaving framework, including several real-life case studies to illustrate its applicability. Chapter 8 elaborates an operational semantics for the matching/weaving processes in activity diagrams, while chapters 9 and 10 present a denotational semantics for aspect matching and weaving in executable models following a continuation-passing style. Finally, a summary and evaluation of the work presented are provided in chapter 11. The book will benefit researchers in academia and industry as well as students interested in learning about recent research advances in the field of software security engineering.



Aspect-Oriented Requirements Engineering

Author : Ana Moreira

Publisher : Springer Science & Business Media

Page : 390 pages

File Size : 12,76 MB

Release : 2013-11-19

Category : Computers

ISBN : 3642386407

Get eBook

Book Description

Broadly-scoped requirements such as security, privacy, and response time are a major source of complexity in modern software systems. This is due to their tangled inter-relationships with and effects on other requirements. Aspect-Oriented Requirements Engineering (AORE) aims to facilitate modularisation of such broadly-scoped requirements, so that software developers are able to reason about them in isolation - one at a time. AORE also captures these inter-relationships and effects in well-defined composition specifications, and, in so doing exposes the causes for potential conflicts, trade-offs, and roots for the key early architectural decisions. Over the last decade, significant work has been carried out in the field of AORE. With this book the editors aim to provide a consolidated overview of these efforts and results. The individual contributions discuss how aspects can be identified, represented, composed and reasoned about, as well as how they are used in specific domains and in industry. Thus, the book does not present one particular AORE approach, but conveys a broad understanding of the aspect-oriented perspective on requirements engineering. The chapters are organized into five sections: concern identification in requirements, concern modelling and composition, domain-specific use of AORE, aspect interactions, and AORE in industry. This book provides readers with the most comprehensive coverage of AORE and the capabilities it offers to those grappling with the complexity arising from broadly-scoped requirements - a phenomenon that is, without doubt, universal across software systems. Software engineers and related professionals in industry, as well as advanced undergraduate and post-graduate students and researchers, will benefit from these comprehensive descriptions and the industrial case studies.







Aspect-oriented Security Engineering

Author : Peter Amthor

Publisher : Cuvillier Verlag

Page : 260 pages

File Size : 41,37 MB

Release : 2019-03-05

Category : Computers

ISBN : 3736989806

Get eBook

Book Description

Engineering secure systems is an error-prone process, where any decision margin potentially favors critical implementation faults. To this end, formal security models serve as an abstract basis for verifying security properties. Unfortunately, the potential for human error in engineering and analyzing such models is still considerable. This work seeks to mitigate this problem. We identified semantic gaps between security requirements, informal security policies, and security models as a major source of error. Our goal is then based on this observation: to support error-minimizing design decisions by bridging such gaps. Due to the broad range of security-critical application domains, no single modeling framework may achieve this. We therefore adopt the idea of aspect-oriented software development to tailor the formal part of a security engineering process towards security requirements of the system. Our method, termed aspect-oriented security engineering, is based on the idea of keeping each step in this process well-defined, small, and monotonic in terms of the degree of formalism. Our practical results focus on two use cases: first, model engineering for operating systems and middleware security policies; second, model analysis of runtime properties related to potential privilege escalation. We eventually combine both use cases to present a model-based reengineering approach for the access control system of Security-Enhanced Linux (SELinux).





Software Engineering Research, Management and Applications 2010

Author : Alain Abran

Publisher : Springer

Page : 259 pages

File Size : 34,7 MB

Release : 2010-05-12

Category : Technology & Engineering

ISBN : 3642132731

Get eBook

Book Description

The purpose of the 8th Conference on Software Engineering, Artificial Intelligence Research, Management and Applications (SERA 2010) held on May 24 – 26, 2010 in Montreal, Canada was to bring together scientists, engineers, computer users, and students to share their experiences and exchange new ideas and research results about all aspects (theory, applications and tools) of computer and information science, and to discuss the practical challenges encountered along the way and the solutions adopted to solve them. The conference organizers selected 15 outstanding papers from SERA 2010, all of which you will find in this volume of Springer's Studies in Computational Intelligence.



Formal Aspects of Component Software

Author : Luis Soares Barbosa

Publisher : Springer Science & Business Media

Page : 314 pages

File Size : 37,75 MB

Release : 2012-03-09

Category : Computers

ISBN : 3642272681

Get eBook

Book Description

This book constitutes revised selected papers of the 7th International Workshop on Formal Aspects of Component Software, FACS 2010, held in Guimarães, Portugal, in October 2010. The 13 full papers and 4 short papers presented together with 1 panel discussion and 2 invited talks were carefully reviewed and selected from 37 submissions. The workshop seeks to develop a better understanding on how formal methods can or should be used for component-based software development to succeed.



Quantitative Assessment of the Modularization of Security Design Patterns with Aspects

Author : Crystal C. Edge

Publisher :

Page : 262 pages

File Size : 24,43 MB

Release : 2010

Category :

ISBN :

Get eBook

Book Description

Following the success of software engineering design patterns, security patterns are a promising approach to aid in the design and development of more secure software systems. At the same time, recent work on aspect-oriented programming (AOP) suggests that the cross-cutting nature of software security concerns makes it a good candidate for AOP techniques. This work uses a set of software metrics to evaluate and compare object-oriented and aspect-oriented implementations of five security patterns---Secure Base Action, Intercepting Validator, Authentication Enforcer, Authorization Enforcer, and Secure Logger. Results show that complete separation of concerns was achieved with the aspect-oriented implementations and the modularity of the base application was improved, but at a cost of increased complexity in the security pattern code. In most cases the cohesion, coupling, and size metrics were improved for the base application but worsened for the security pattern package. Furthermore, a partial aspect-oriented solution, where the pattern code is decoupled from the base application but not completely encapsulated by the aspect, demonstrated better modularity and reusability than a full aspect solution. This study makes several contributions to the fields of aspect-oriented programming and security patterns. It presents quantitative evidence of the effect of aspectization on the modularity of security pattern implementations. It augments four existing security pattern descriptions with aspect-oriented solution strategies, complete with new class and sequence diagrams based on proposed aspect-oriented UML extensions. Finally, it provides a set of role-based refactoring instructions for each security pattern, along with a proposal for three new basic generalization refactorings for aspects.