Rahma Bouaziz

Applying Security Patterns for Component Based Applications Using UML Profile

Todays systems require a higher consideration for the non functional requirement as security and dependability. Developers have to handle these requirements during software development lifecycle. To provide developers with security guidelines, security patterns were proposed. These patterns are a collection of experts security knowledge and a good solution to convey security concepts. In order to encourage developers to take advantage from security solutions proposed by security patterns, we think that it is necessary to provide an appropriate mechanism to implement those patterns using UML profiles. In this paper, we propose structured UML profiles construction process based on security patterns. An illustration of the proposed profile construction process is provided using the active replication pattern. A case study of GPS system is also provided to demonstrate the application of generated UML profile using the proposed process.

Towards a better integration of patterns in secure component-based systems design

Security has become an important challenge in current software and system development. Most of designers are experts in software development but not experts in security. It is important to guide them to decide how and where to apply security mechanisms in the early phases of software development to reduce time and cost of development. To reach this objective, we propose to apply security expertise as security patterns at software design phase. Our methodology is based on the use of a component metamodel to capture the domain concepts and security patterns to encode solutions to security problem. The expected result is a model as design solution for specific domain. Here, we promote a modeling technique based on UML profiles to facilitate the integration of patterns solutions into model driven engineering approach (MDE). As a proof of concept, we illustrate the methodology to produce an UML profile associated with RBAC security pattern. A case study of GPS system is also provided to demonstrate the application of generated profile.

Secure Component Based Applications through Security Patterns

Security patterns are widely studied in literature and have recently received a great deal of attention as means to capture practical solutions to meet specific requirements. Many security patterns have been proposed, but generally without guiding developers for their concrete application. In this paper, we propose a technique for integrating them using UML and its profiles. The contribution is an MDE process to build secure component based software applications.

A Decision Support Map for Security Patterns Application

In software engineering, security concerns should be addressed at every phase of the development process. To do that, patterns based security engineering approach has been proposed and investigated becoming a very active area of research. Security patterns capture the experience of experts in order to solve a security problem in a more structured and reusable way. With the proliferation of security patterns, thus it is becoming harder to select which ones should be applied and in each case. In this paper, our main contribution consists in the proposition of a map layered security patterns. This map allows software engineer to select and apply patterns in a systematic manner in order to guide the security decisions.

A Social-Academic Network Analysis of the EURO Working Group on DSS

This paper addresses aspects of the social network analysis SNA performed on the social-academic network implemented for the EURO Working Group on Decision Support Systems EWG-DSS. The EWG-DSS network has more than 105 members and is defined with the objective of analysing and representing the various relationships that academically link the group members, as well as evaluating the groups collaboration dynamics. This paper shows graphical representations and discusses their corresponding interpretation and analytical data. This work is part of the study carried out within the underlying project of the EWG-DSS social-academic network to understanding how the group interacts, as well as encouraging new research and promoting further collaboration among the EWG-DSS group members.

SCRIStUDIO: A security pattern integration tool

Security issues are rarely considered at an early stages of software development. Security patterns are now widely used as guidelines proposed by security expert in order to solve a recurring security problems. SCRIP for SeCurity PatteRn IntegratIon Process was proposed to provide guidelines for integrating security patterns into software and especially component-based models. SCRIP defines full security patterns integration methodology from the earliest phases of software development until the generation of the application code. In this paper we present the SCRIStUDIO for SeCurity PatteRn IntegratIon Studio, an integrated tool which give developers the possibility to integrate security patterns in their application and especially in component based applications based on UML language.

A Collaborative Process for Developing Secure Component Based Applications

Security patterns describe security solutions that can be used in a particular context for recurring problems in order to solve a security problem in a more structured and reusable way. Patterns in general and Security patterns in particular, have become important concepts in software engineering, and their integration is a widely accepted practice. In this paper, we propose a model-driven methodology for security pattern integration. This methodology consists of a collaborative engineering process, called collaborative security pattern Integration process (C-SCRIP), and a tool that supports the full life-cycle of the development of a secure system from modeling to code.

An Approach for Security Patterns Application in Component Based Models

Since applications have become increasingly complex and because the design of secure systems necessitates security expertise, security patterns are now widely used as guidelines proposed by security experts in order to solve a recurring security problem. In order to encourage application designers to take advantage from security solutions proposed by security patterns, we think that it is necessary to provide an appropriate mechanism to implement those patterns. We propose a full security pattern integration methodology from the earliest phases of software development until the generation of the application code. The proposed solution uses the UML component model as an application domain of security patterns and bases on the use of UML profiles and model transformations with the ATL language. For the generation of code and for keeping the separation between the functional code of the component based application and security solution, we use the aspect paradigm. An illustration of the proposed approach is provided using the Role Based Access Control (RBAC) pattern. A case study of GPS system is also provided to demonstrate the application of the proposed approach.

An MDE approach for domain based architectural components modelling

Component Based Software Engineering (CBSE) is a popular and widely adopted software engineering paradigm that has proven his usefulness and success to increase reusability and efficiency in various application domains. In this paper, we propose a common metamodel of a component to support all the requirements of CBSE taking into account the specificities of each domain. The resulting modeling framework serves primarily to capture the basic concepts of concerns related to component systems development based on the clear separation between the development process, interactions and the domain knowledge. As a proof of concept, we are evaluating the feasibility of our approach through the CCM component model applied to an use case for building systems having real-time requirements.

GRIMACE: GeneRIc MetAmodel for Domain Component modElling

Component Based Software Engineering (CBSE) is a popular and widely adopted software engineering paradigm that has proven his usefulness and success to increase reusability and efficiency in various application domains. In this paper, we propose a common metamodel to support CBSE requirements taking into account the specificities of each domain. The resulting modeling framework serves primarily to capture the basic concepts of concerns related to component systems development based on the clear separation between the development process, interactions and the domain knowledge.