An aspect-oriented approach for software security hardening: From design to implementation

Proceedings of 8th International Conference on New Trends in Software Methodologies, Tools and Techniques, SoMeT_09

Volumn , Issue , 2009, Pages

  Mouheb, Djedjiga ^a   Talhi, Chamseddine ^a   Mourad, Azzam ^a   Lima, Vitor ^a   Debbabi, Mourad ^a   Wang, Lingyu ^a   Pourzandi, Makan ^b  

^a Dept of Electrical and Computer Engineering   (Canada)

^b Ericsson Canada Inc   (Canada)

Author keywords

Aspect oriented modeling; Aspect oriented programming; Security hardening; Security patterns; Security requirements; UML design

Indexed keywords

ASPECT ORIENTED MODELING; ASPECT-ORIENTED; SECURITY HARDENING; SECURITY PATTERNS; SECURITY REQUIREMENTS; UML DESIGN;

ASPECT ORIENTED PROGRAMMING; HARDENING; SECURITY SYSTEMS; SOFTWARE DESIGN;

SECURITY OF DATA;

EID: 84861670663     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (48)

1. G. J. Ahn and M. E. Shin. UML-Based Representation of Role-Based Access Control. In 9th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, WETICE' 2000, pages 195-200, Gaithersburg, MD, USA. IEEE Computer Society.
2. O. Aldawud, T. Elrad, and A. Bader. UML Profile for Aspect-Oriented Software Development. In Proceedings of the 3rd International Workshop on Aspect-Oriented Modeling with UML (AOM@AOSD'2003), 2003.
3. K. Alghathbar and D.Wijeskera. Consistent and Complete Access Control Policies in Use Cases. In 6th International Conference UML 2003. Model Languages and Applications, pages 373-387, San Francisco, CA, USA, 2003.
4. Aspect-Oriented Modeling Workshop. http://www.aspect-modeling.org/Last visited: September 2008.
5. E. Barra, G. Genova,, and J. Llorens. An Approach to Aspect Modelling with UML 2.0. In Proceedings of the 5th International Workshop on Aspect-Oriented Modeling Workshop, Lisbon, Portugal, 2004.
6. M. Basch and A. Sanchez. Incorporating Aspects into the UML. In Proceedings of the 3rd International Workshop on Aspect-Oriented Modeling, Boston, MA, 2003.
7. D. Bell and L. LaPadula. Secure Computer Systems: Mathematical Foundations Model. M74-244, Mitre Corp., 1975.
8. B. Blakley, C. Heath, and members of The Open Group Security Forum. Security Design Patterns. Technical Report G031, Open Group, 2004.
9. G. Brose, M. Koch, and K. P. Lohr. Integrating Access Control Design into the Software Development Process. In Proceedings of the 6th Biennial World Conference on the Integrated Design and Process Technology (IDPT'2002), Pasadena, CA.
10. C. Chavez and C. Lucena. A Metamodel for Aspect-Oriented Modeling. In Proceedings of the 1st International Workshop on Aspect-Oriented Modeling with UML, Enschede, The Netherlands, 2002.
11. T. Doan, L. D. Michel, and S. A. Demurjian. A Formal Framework for Secure Design and Constraint Checking in UML. In Proceedings of the International Symposium on Secure Software Engineering (ISSSE'06), Washington, DC.
12. P. Epstein and R. S. Sandhu. Towards a UML Based Approach to Role Engineering. In Proceedings of the 4th ACM Workshop on Role-Based Access Control, pages 135-143. ACM Press, 1999.
13. J. Evermann. A Meta-Level Specification and Profile for AspectJ in UML. Journal of Object Technology, 6(7):27-49, 2007.
14. E. B. Ferńandez. A Methodology for Secure Software Design. In Software Engineering Research and Practice, pages 130-136, 2004. (Pubitemid 40120308)
15. E. B. Fernandez and R. Warrier. Remote Authenticator/Authorizer. In Proceedings of the 10th Conference on Pattern Languages of Programs (PLoP'2003), 2003.
16. D. Ferraiolo, R. Sandhu, S. Gavrila, R. Kuhn, and R. Chandramouli. Proposed NIST Standard for Role- Based Access Control. ACM Transactions on Information and Systems Security, 4(3):224-274, 2001.
17. L. Fuentes and P. Sanchez. Elaborating UML 2.0 Profiles for AO Design. In Proceedings of the International Workshop on Aspect-Oriented Modeling, 2006.
18. M. Huth and M. Ryan. Logic in Computer Science: Modelling and Reasoning about Systems. Cambridge University Press, 2004.
19. IBM-Rational Software Architect http://www.ibm.com/software/awdtools/ architect/swarchitect/. Last visited: September 2008.
20. J. J̈urjens. Secure Systems Development with UML. Springer Verlag, 2004.
21. M. Kande, J. Kienzle, and A. Strohmeier. From AOP to UML - a Bottom-Up Approach. In Proceedings of the 1st International Workshop on Aspect-Oriented Modeling with UML, Enschede, The Netherlands, 2002.
22. G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, andW. G. Griswold. An Overview of AspectJ. In Proceedings of the 15th European Conference on Object-Oriented Programming (ECOOP'01), pages 327-353, London, UK, 2001. Springer-Verlag. (Pubitemid 33291302)
23. G. Kiczales, J. Lamping, A. Menhdhekar, C. Maeda, C. Lopes, J-M. Loingtier, and J. Irwin. Aspect- Oriented Programming. In Mehmet Akşit and Satoshi Matsuoka, editors, Proceedings of the 11th European Conference on Object-Oriented Programming (ECOOP'97), volume 1241, pages 220-242. Springer-Verlag, Berlin, Heidelberg, and New York, 1997.
24. T. Lodderstedt, D. Basin, and J. Doser. SecureUML: A UML-Based Modeling Language for Model- Driven Security. In Proceedings of the International Conference on the Unified Modeling Language, UML'2002, volume 2460 of Lecture Notes in Computer Science, pages 426-441. Springer Verlag, 2002.
25. T. Lodderstedt, D. Basin, and J. Doser. Model-Driven Security: from UML Models to Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology (TOSEM), 15(1):39-91, 2006. (Pubitemid 43947939)
26. C. Montangero, M. Buchholtz, L. Perrone, and S. Semprini. For-LySa: UML for Authentication Analysis. In Global Computing: IST/FET International Workshop (GC'2004), volume 3267 of LNCS, pages 93-106. Springer Verlag, 2005. (Pubitemid 41190441)
27. F. Mostefaoui and J. Vachon. Formalization of an Aspect-Oriented Modeling Approach. In Proceedings of Formal Methods, Hamilton, ON, 2006.
28. D. Mouheb, M. Debbabi, L.Wang, and M. Pourzandi. UML-Based Approaches for the Development of Secure Software and Systems: A Comparative Study. In Proceedings of the 2nd Workshop on Practice and Theory of IT Security (PTITS'2008), pages 15-20, Montreal, Canada, 2008.
29. A. Mourad, M. A. Laverdìere, and M. Debbabi. New Primitives to AOP Weaving Capabilities for Security Hardening Concerns. In Proceedings of the 9th International Conference on Enterprise Information Systems, Security in Information Systems Symposium (ICEIS-WOSIS 2007), Funchal, Madeira, Portugal, June 2007.
30. National Computer Security Center, Department of Defense. A Guide to Understanding Discretionary Access Control in Trusted Systems. NCSC-TG-003.
31. Object Management Group (OMG). MDA Guide, Version 1.0.1, 2003.
32. Object Management Group (OMG). UML 2.0 OCL Specification, Version 2.0, 2006.
33. Object Management Group (OMG). Unified Modeling Language: Superstructure, Version 2.1.2, 2007.
34. Object Management Group (OMG). XML Metadata Interchange, Version 2.1.1, 2007.
35. F. Painchaud, D. Azambre, M. Bergeron, J. Mullins, and R. M. Oarga. SOCLe : Integrated Design of Software Applications and Security. In Proceedings of the 10th International Command and Control Research and Technology Symposium (ICCRTS'2005), McLean, VA, USA, 2005.
36. J. Pavlich-Mariscal, T. Doan, L. Michel, S. Demurjian, and T. Ting. Role Slices: A Notation for RBAC Permission Assignment and Enforcement. In Proceedings of the 19th Annual IFIP WG 11.3, pages 40-53, Connecticut, U.S.A, 2005. (Pubitemid 41436205)
37. J. Pavlich-Mariscal, L. Michel, and S. Demurjian. Enhancing UML to Model Custom Security Aspects. In Proceedings of the 11th International Workshop on Aspect-Oriented Modeling (AOM@AOSD'07), 2007.
38. G. Florin F. Legond-Aubry L. Seinturier R. Pawlak, L. Duchien and L. Martelli. A UML Notation for Aspect-Oriented Software Design. In Proceedings of the 1st InternationalWorkshop on Aspect-Oriented Modeling with UML, Enschede, The Netherlands, 2002.
39. I. Ray, R. France, N. Li, and G. Georg. An Aspect-Based Approach to Modeling Access Control Concerns. Information and Software Technology, 46(9):575-587, 2004.
40. A. Reina, J. Torres, and M. Toro. Towards Developing Generic Solutions with Aspects. In Proceedings of the 5th International Workshop on Aspect Oriented Modeling with UML (AOM@UML'2004), Lisbon, Portugal, 2004.
41. S. Romanosky. Security Design Patterns Part 1. http://www.romanosky.net/ 2001. Last visited: September 2008.
42. A. Schauerhuber, W. Schwinger, E. Kapsammer, W. Retschitzegger, M. Wimmer, and G. Kappel. A Survey on Aspect-Oriented Modeling Approaches. Technical Report, Vienna University of Technology.
43. M. Schumacher. Security Engineering with Patterns. Springer, 2003.
44. O. Spinczyk, A. Gal, and W. Schr̈oder-Preikschat. AspectC++: An Aspect-Oriented Extension to the C++ Programming Language. In Proceedings of the 40th International Conference on Tools Pacific (CRPIT'02), pages 53-60, Darlinghurst, Australia, 2002.
45. D. Stein, S. Hanenberg, and R. Unland. A uml-based aspect-oriented design notation for aspectj. In Proceedings of the 1st International Conference on Aspect-Oriented Software Development (AOSD'02), pages 106-112, New York, NY, USA, 2002. ACM.
46. C. Talhi, D. Mouheb, V. Lima, M. Debbabi, L. Wang, and M. Pourzandi. Usability of Security Specification Approaches for UML Design: A Survey. To appear in the Journal of Object Technology (JOT).
47. H. Yan, G. Kniesel, and A. Cremers. A Meta-Model and Modeling Notation for AspectJ. In Proceedings of 5th the International Workshop on Aspect-Oriented Modeling, Lisbon, Portugal, 2004.
48. A. Zisman. A Static Verification Framework for Secure Peer-to-Peer Applications. In Second International Conference on Internet and Web Applications and Services (ICIW'07), page 8, 2007.