Logo PTI Logo FedCSIS

Proceedings of the 19th Conference on Computer Science and Intelligence Systems (FedCSIS)

Annals of Computer Science and Information Systems, Volume 39

MBSPI - A Model-Based Security Pattern Integration Approach for software architectures

,

DOI: http://dx.doi.org/10.15439/2024F1796

Citation: Proceedings of the 19th Conference on Computer Science and Intelligence Systems (FedCSIS), M. Bolanowski, M. Ganzha, L. Maciaszek, M. Paprzycki, D. Ślęzak (eds). ACSIS, Vol. 39, pages 443452 ()

Full text

Abstract. Incorporating security patterns into software architecture is essential for robust system design. Model Driven Engineering (MDE) offers a structured approach to software development, emphasizing modeling and automation. This paper explores the integration of security patterns into software architecture using MDE techniques. We highlight the benefits of this approach, including improved level of security and enhanced maintainability. Challenges such as modeling complexity and tool support are also discussed. Through a SCADA system case study, we demonstrate the effectiveness of integrating security patterns into software architecture using MDE.

References

  1. E. Fernandez-Buglioni, Security patterns in practice: designing secure architectures using software patterns. John Wiley & Sons, 2013.
  2. H. Washizaki, T. Xia, N. Kamata, Y. Fukazawa, H. Kanuka, T. Kato, M. Yoshino, T. Okubo, S. Ogata, H. Kaiya, et al., “Systematic literature review of security pattern research.,” Information, vol. 12, no. 1, pp. 2078–2489, 2021.
  3. D. Manolescu, W. Kozaczynski, A. Miller, and J. Hogg, “The Growing Divide in the Patterns World,” IEEE Software, vol. 24, pp. 61–67, July 2007.
  4. D. Serrano, A. Mana, and A.-D. Sotirious, “Towards Precise and Certified Security Patterns,” in Proceedings of 2nd International Workshop on Secure systems methodologies using patterns (Spattern 2008), pp. 287–291, IEEE Computer Society, September 2008.
  5. J. F. Ruíz, M. Arjona, A. Maña, and N. Carstens, “Secure engineering and modelling of a metering devices system,” in 2013 International Conference on Availability, Reliability and Security, SecSE’13, pp. 418–427, IEEE, 2013.
  6. A. Maña, E. Damiani, S. Gürgens, and G. Spanoudakis, “Extensions to Pattern Formats for Cyber Physical Systems,” in Proceedings of the 31st Conference on Pattern Languages of Programs, no. 15 in PLoP’14, pp. 15:1–15:8, ACM, 2014.
  7. P. H. Nguyen, K. Yskout, T. Heyman, J. Klein, R. Scandariato, and Y. L. Traon, “SoSPa: A system of Security design Patterns for systematically engineering secure systems,” in 2015 ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS), pp. 246–255, Sept. 2015.
  8. D. Mouheb, C. Talhi, M. Nouh, V. Lima, M. Debbabi, L. Wang, and M. Pourzandi, “Aspect-Oriented Modeling for Representing and Integrating Security Concerns in UML,” in Software Engineering Research, Management and Applications, no. 296 in Studies in Computational Intelligence, pp. 197–213, Springer Berlin Heidelberg, 2010.
  9. J. M. Horcas, M. Pinto, and L. Fuentes, “An Aspect-Oriented Model transformation to weave security using CVL,” in 2014 2nd International Conference on Model-Driven Engineering and Software Development (MODELSWARD), pp. 138–150, Jan. 2014.
  10. G. Georg, I. Ray, K. Anastasakis, B. Bordbar, M. Toahchoodee, and S. H. Houmb, “An aspect-oriented methodology for designing secure applications,” Information and Software Technology, vol. 51, pp. 846–864, May 2009.
  11. S. Peldszus, “Model-driven development of evolving secure software systems,” in Combined Proceedings of the Workshops at Software Engineering 2020 Co-located with the German Software Engineering Conference 2020 (SE 2020) (R. Hebig and R. Heinrich, eds.).
  12. X. Zheng, D. Liu, H. Zhu, and I. Bayley, “Pattern-based approach to modelling and verifying system security,” in 15th IEEE International Conference on Service Oriented Systems Engineering (SOSE), pp. 92–102, 2020.
  13. H. A. Alhamad and M. M. Hassan, “Aspect-oriented models-based framework to secure intelligent systems,” in Proceedings of the 8th International Conference on Computer Technology Applications (ICCTA), pp. 249–262, 2022.
  14. A. Armoush, “Towards the integration of security and safety patterns in the design of safety-critical embedded systems,” in 4th International Conference on Applied Automation and Industrial Diagnostics (ICAAID), vol. 1, pp. 1–6, 2022.
  15. B. Hamid, C. Percebois, and D. Gouteux, “A Methodology for Integration of Patterns with Validation Purpose,” in Proceedings of the 17th European Conference on Pattern Languages of Programs (EuroPLoP), pp. 1–14, ACM, 2012.
  16. R. Abdallah, A. Motii, N. Yakymets, and A. Lanusse, “Using model driven engineering to support multi-paradigms security analysis,” in Model-Driven Engineering and Software Development: Third International Conference, MODELSWARD 2015, Angers, France, February 9-11, 2015, Revised Selected Papers 3, pp. 278–292, Springer, 2015.
  17. A. Motii, B. Hamid, A. Lanusse, and J.-M. Bruel, “Towards the integration of security patterns in UML component-based applications,” in Joint Proceedings of the Second International Workshop on Patterns in Model Engineering and the Fifth International Workshop on the Verification of Model Transformation, vol. 1693 of PAME ’16, pp. 2–6, CEUR-WS.org, 2016.
  18. A. Motii, “Mbta: A model-based threat analysis approach for software architectures,” in 42nd International Conference on Computer Safety, Reliability, and Security (SafeComp), pp. 121–134, 2023.
  19. A. Motii, B. Hamid, A. Lanusse, and J. M. Bruel, “Guiding the selection of security patterns for real-time systems,” in 21st International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 155–164, 2016.