MBSPI - A Model-Based Security Pattern Integration Approach for software architectures

Motii, Anas; Hamlaoui, Mahmoud El

doi:10.15439/2024F1796

Artykuł - szczegóły

Tytuł artykułu

MBSPI - A Model-Based Security Pattern Integration Approach for software architectures

Autorzy

Motii Anas , Hamlaoui Mahmoud El

Wybrane pełne teksty z tego czasopisma

http://annals-csis.org

Identyfikatory

DOI

10.15439/2024F1796

Warianty tytułu

Konferencja

Federated Conference on Computer Science and Information Systems (19 ; 08-11.09.2024 ; Belgrade, Serbia)

Języki publikacji

Abstrakty

Incorporating security patterns into software architecture is essential for robust system design. Model Driven Engineering (MDE) offers a structured approach to software development, emphasizing modeling and automation. This paper explores the integration of security patterns into software architecture using MDE techniques. We highlight the benefits of this approach, including improved level of security and enhanced maintainability. Challenges such as modeling complexity and tool support are also discussed. Through a SCADA system case study, we demonstrate the effectiveness of integrating security patterns into software architecture using MDE.

Słowa kluczowe

pattern security pattern integration software architecture MDE OCL

wzorzec bezpieczeństwa integracja wzorców architektura oprogramowania MDE OCL

Wydawca

Polskie Towarzystwo Informatyczne

Czasopismo

Annals of Computer Science and Information Systems

Rocznik

2024

Tom

Vol. 39

Strony

443--452

Opis fizyczny

Bibliogr. 19 poz., rys., wykr.

Twórcy

autor

Motii Anas

anas.motii@um6p.ma

Mohammad VI Polytechnic University, College of Computing, Benguerir, Morocco

https://orcid.org/0009-0005-4936-0028

autor

Hamlaoui Mahmoud El

mahmoud.elhamlaoui@ensias.um5.ac.ma

Mohammed V University in Rabat, Rabat, Morroco

https://orcid.org/0000-0003-3315-7373

Bibliografia

1. E. Fernandez-Buglioni, Security patterns in practice: designing secure architectures using software patterns. John Wiley & Sons, 2013.
2. H. Washizaki, T. Xia, N. Kamata, Y. Fukazawa, H. Kanuka, T. Kato, M. Yoshino, T. Okubo, S. Ogata, H. Kaiya, et al., “Systematic literature review of security pattern research.,” Information, vol. 12, no. 1, pp. 2078–2489, 2021.
3. D. Manolescu, W. Kozaczynski, A. Miller, and J. Hogg, “The Growing Divide in the Patterns World,” IEEE Software, vol. 24, pp. 61–67, July 2007.
4. D. Serrano, A. Mana, and A.-D. Sotirious, “Towards Precise and Certified Security Patterns,” in Proceedings of 2nd International Workshop on Secure systems methodologies using patterns (Spattern 2008), pp. 287–291, IEEE Computer Society, September 2008.
5. J. F. Ruíz, M. Arjona, A. Maña, and N. Carstens, “Secure engineering and modelling of a metering devices system,” in 2013 International Conference on Availability, Reliability and Security, SecSE’13, pp. 418–427, IEEE, 2013.
6. A. Maña, E. Damiani, S. Gürgens, and G. Spanoudakis, “Extensions to Pattern Formats for Cyber Physical Systems,” in Proceedings of the 31st Conference on Pattern Languages of Programs, no. 15 in PLoP’14, pp. 15:1–15:8, ACM, 2014.
7. P. H. Nguyen, K. Yskout, T. Heyman, J. Klein, R. Scandariato, and Y. L. Traon, “SoSPa: A system of Security design Patterns for systematically engineering secure systems,” in 2015 ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS), pp. 246–255, Sept. 2015.
8. D. Mouheb, C. Talhi, M. Nouh, V. Lima, M. Debbabi, L. Wang, and M. Pourzandi, “Aspect-Oriented Modeling for Representing and Integrating Security Concerns in UML,” in Software Engineering Research, Management and Applications, no. 296 in Studies in Computational Intelligence, pp. 197–213, Springer Berlin Heidelberg, 2010.
9. J. M. Horcas, M. Pinto, and L. Fuentes, “An Aspect-Oriented Model transformation to weave security using CVL,” in 2014 2nd International Conference on Model-Driven Engineering and Software Development (MODELSWARD), pp. 138–150, Jan. 2014.
10. G. Georg, I. Ray, K. Anastasakis, B. Bordbar, M. Toahchoodee, and S. H. Houmb, “An aspect-oriented methodology for designing secure applications,” Information and Software Technology, vol. 51, pp. 846–864, May 2009.
11. S. Peldszus, “Model-driven development of evolving secure software systems,” in Combined Proceedings of the Workshops at Software Engineering 2020 Co-located with the German Software Engineering Conference 2020 (SE 2020) (R. Hebig and R. Heinrich, eds.).
12. X. Zheng, D. Liu, H. Zhu, and I. Bayley, “Pattern-based approach to modelling and verifying system security,” in 15th IEEE International Conference on Service Oriented Systems Engineering (SOSE), pp. 92–102, 2020.
13. H. A. Alhamad and M. M. Hassan, “Aspect-oriented models-based framework to secure intelligent systems,” in Proceedings of the 8th International Conference on Computer Technology Applications (ICCTA), pp. 249–262, 2022.
14. A. Armoush, “Towards the integration of security and safety patterns in the design of safety-critical embedded systems,” in 4th International Conference on Applied Automation and Industrial Diagnostics (ICAAID), vol. 1, pp. 1–6, 2022.
15. B. Hamid, C. Percebois, and D. Gouteux, “A Methodology for Integration of Patterns with Validation Purpose,” in Proceedings of the 17th European Conference on Pattern Languages of Programs (EuroPLoP), pp. 1–14, ACM, 2012.
16. R. Abdallah, A. Motii, N. Yakymets, and A. Lanusse, “Using model driven engineering to support multi-paradigms security analysis,” in Model-Driven Engineering and Software Development: Third International Conference, MODELSWARD 2015, Angers, France, February 9-11, 2015, Revised Selected Papers 3, pp. 278–292, Springer, 2015.
17. A. Motii, B. Hamid, A. Lanusse, and J.-M. Bruel, “Towards the integration of security patterns in UML component-based applications,” in Joint Proceedings of the Second International Workshop on Patterns in Model Engineering and the Fifth International Workshop on the Verification of Model Transformation, vol. 1693 of PAME ’16, pp. 2–6, CEUR-WS.org, 2016.
18. A. Motii, “Mbta: A model-based threat analysis approach for software architectures,” in 42nd International Conference on Computer Safety, Reliability, and Security (SafeComp), pp. 121–134, 2023.
19. A. Motii, B. Hamid, A. Lanusse, and J. M. Bruel, “Guiding the selection of security patterns for real-time systems,” in 21st International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 155–164, 2016.

Uwagi

Thematic Sessions: Regular Papers

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-6077f464-6505-4b17-a46a-9f6a6ca0e102