A Framework based on Security Patterns for Transformations
Resumo
Security Patterns can be used in systems to protect shared data and information. They use the security specifications for controlling access to resources and prevent security violations. The increasing complexity of systems and the natural growth in the cost required to develop software, make the search for alternatives that can shorten the development effort becomes increasingly important. One of these initiatives is the MDA approach that allows modeling and application of transformations on the models in order to obtain the software in an automated way. Therefore, we propose a framework based on security patterns oriented model, providing guidelines for implementation of the application model, the validation of the correct use of patterns and the automatic generation for a specific platform. Security is implicitly inserted in the system by means of the transformation between models and automatic encoding, ensuring that security will not be violated at any level and will not be susceptible to errors or alterations in the code.
Palavras-chave:
Framework, Security Patterns, Transformations
Referências
Basin, D.; Doser, J. (2005) Model Driven Security: from UML Models to Access Control Infrastructures. In 5th International School on Foundations of Security Analysis and Design, FOSAD.
Brown, A. W. (2004) Model driven architecture: Principles and practice. Software and Systems Modeling, v. 3, n. 4, p. 314–327.
Cunha, Milene Fiorio da. (2007) ArchiMDAs: Um arcabouço de segurança baseado em transformações de modelos em MDA. Rio de Janeiro, 2007. Dissertação (Mestrado em Informática) – Instituto de Matemática - Núcleo de Computação Eletrônica, Universidade Federal do Rio de Janeiro, Rio de Janeiro.
Fernandez, E., Pam, R. (2001) A Pattern Language for Security Models. Dept. of Computer Science & Engineering, Florida Atlantic University.
Fernandez, E., Sorgente, T. (2005) A pattern language for secure operating system architectures. Proceedings of the 5th Latin American Conference on Pattern Languages of Programs, Campos do Jordao, Brazil, August 16-19, 68-88.
Fink, T., Koch, M., Pauls, K. (2006) An MDA approach to Access Control Specifications Using MOF and UML Profiles. In Proceedings 1st International Workshop on Views On Designing Complex Architectures
Hafiz, Munawar; Adamczyk, Paul and Johnson, Ralph E.. (2007) Organizing Security Patterns. IEEE Software, July/August pp. 52 – 60.
Kleppe, A.; Warmer J.; Bast, W. (2003) MDA Explained - The Model Driven Architecture: Practice and Promise. Addison-Wesley.
Kienzle, Darrell M.; Elder, Matthew C.; TYREE, David; HEWITT, James Edwards. (2002) Security Patterns Repository Version 1.0. Disponível em http://www.scrypt.net/~celer/securitypatterns. Acessado em 15 de Maio de 2011.
Larman, C. (2004) Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and the Unified Process. ISBN: 0131489062.
OMG - Object Management Group. (2003) MDA Guide Version 1.0.1. Disponível em: http://www.omg.org/docs/formal/03-06-01.pdf
Open Group. (2007). http://www.opengroup.org/, acesso em junho de 2011.
Rosado, D. G., Gutierrez, C., Fernandez-Medina, E., Piattini, M. (2006) Security patterns related to security requirements. E. Fernandez-Medina e M. Inmaculada (Eds.) Security in Informaiton Systems: Proceedings of the 4th International Workshop on Security in Information Systems. Setúbal, Portugal: INSTICC Press.
Schumacher, M. (2003) Security Engineering With Patterns: Origins, Theoretical Models, and New Applications. Springer Berlin, Heidelber.
Schumacher, Markus; Fernandez, Eduardo B.; Hybertson, Duane; Buschmann, Frank; Sommerlad, Peter. (2005) Security Patterns - Integrating Security and Systems Engineering. ISBN: 0-470-85884-2. John Wiley & Sons.
Selic, B. (2003) The pragmatics of Model-Driven Development. IEEE Software, v. 20, n. 5, p. 19–25. Tariq N. A.; Akhter N. Comparison of Model Driven Architecture (MDA) based tools. 13th Nordic Baltic Conference (NBC).
Weiss, M.; Mouratidis, H. (2008) Selecting Security Patterns that Fulfill Security Requirements. In: 16th IEEE International Requirements Engineering Conference pages 169–172. IEEE Computer Society.
Yoshioka, N., Honiden, S. and Finkelstein, A. (2004) Security Patterns: A Method for Constructing Secure and Efficient Inter-Company Coordination Systems. In: 8th IEEE Intl Enterprise Distributed Object Computing Conf (EDOC).
Brown, A. W. (2004) Model driven architecture: Principles and practice. Software and Systems Modeling, v. 3, n. 4, p. 314–327.
Cunha, Milene Fiorio da. (2007) ArchiMDAs: Um arcabouço de segurança baseado em transformações de modelos em MDA. Rio de Janeiro, 2007. Dissertação (Mestrado em Informática) – Instituto de Matemática - Núcleo de Computação Eletrônica, Universidade Federal do Rio de Janeiro, Rio de Janeiro.
Fernandez, E., Pam, R. (2001) A Pattern Language for Security Models. Dept. of Computer Science & Engineering, Florida Atlantic University.
Fernandez, E., Sorgente, T. (2005) A pattern language for secure operating system architectures. Proceedings of the 5th Latin American Conference on Pattern Languages of Programs, Campos do Jordao, Brazil, August 16-19, 68-88.
Fink, T., Koch, M., Pauls, K. (2006) An MDA approach to Access Control Specifications Using MOF and UML Profiles. In Proceedings 1st International Workshop on Views On Designing Complex Architectures
Hafiz, Munawar; Adamczyk, Paul and Johnson, Ralph E.. (2007) Organizing Security Patterns. IEEE Software, July/August pp. 52 – 60.
Kleppe, A.; Warmer J.; Bast, W. (2003) MDA Explained - The Model Driven Architecture: Practice and Promise. Addison-Wesley.
Kienzle, Darrell M.; Elder, Matthew C.; TYREE, David; HEWITT, James Edwards. (2002) Security Patterns Repository Version 1.0. Disponível em http://www.scrypt.net/~celer/securitypatterns. Acessado em 15 de Maio de 2011.
Larman, C. (2004) Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and the Unified Process. ISBN: 0131489062.
OMG - Object Management Group. (2003) MDA Guide Version 1.0.1. Disponível em: http://www.omg.org/docs/formal/03-06-01.pdf
Open Group. (2007). http://www.opengroup.org/, acesso em junho de 2011.
Rosado, D. G., Gutierrez, C., Fernandez-Medina, E., Piattini, M. (2006) Security patterns related to security requirements. E. Fernandez-Medina e M. Inmaculada (Eds.) Security in Informaiton Systems: Proceedings of the 4th International Workshop on Security in Information Systems. Setúbal, Portugal: INSTICC Press.
Schumacher, M. (2003) Security Engineering With Patterns: Origins, Theoretical Models, and New Applications. Springer Berlin, Heidelber.
Schumacher, Markus; Fernandez, Eduardo B.; Hybertson, Duane; Buschmann, Frank; Sommerlad, Peter. (2005) Security Patterns - Integrating Security and Systems Engineering. ISBN: 0-470-85884-2. John Wiley & Sons.
Selic, B. (2003) The pragmatics of Model-Driven Development. IEEE Software, v. 20, n. 5, p. 19–25. Tariq N. A.; Akhter N. Comparison of Model Driven Architecture (MDA) based tools. 13th Nordic Baltic Conference (NBC).
Weiss, M.; Mouratidis, H. (2008) Selecting Security Patterns that Fulfill Security Requirements. In: 16th IEEE International Requirements Engineering Conference pages 169–172. IEEE Computer Society.
Yoshioka, N., Honiden, S. and Finkelstein, A. (2004) Security Patterns: A Method for Constructing Secure and Efficient Inter-Company Coordination Systems. In: 8th IEEE Intl Enterprise Distributed Object Computing Conf (EDOC).
Publicado
11/07/2012
Como Citar
PRASS, Fábio Sarturi; FONTOURA, Lisandra Mazoni; DOS SANTOS, Osmar Marchi.
A Framework based on Security Patterns for Transformations. In: SIMPÓSIO BRASILEIRO DE QUALIDADE DE SOFTWARE (SBQS), 11. , 2012, Fortaleza.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2012
.
p. 319-331.
DOI: https://doi.org/10.5753/sbqs.2012.15325.
