An Aspect-Oriented Approach for Software Security Hardening: from Design to Implementation

Authors:
Djedjiga Mouheb;Chamseddine Talhi;Azzam Mourad;Vitor Lima;Mourad Debbabi;Lingyu Wang;Makan Pourzandi
Affiliations:
Computer Security Laboratory, Concordia University, Montreal, Canada;Computer Security Laboratory, Concordia University, Montreal, Canada;Computer Security Laboratory, Concordia University, Montreal, Canada;Computer Security Laboratory, Concordia University, Montreal, Canada;Computer Security Laboratory, Concordia University, Montreal, Canada;Computer Security Laboratory, Concordia University, Montreal, Canada;Software Research, Ericsson Canada Inc., Montreal, Canada
Venue:
Proceedings of the 2009 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the Eighth SoMeT_09
Year:
2009

Citing 14
Cited 0

Towards a UML based approach to role engineering

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
A UML-based aspect-oriented design notation for AspectJ

AOSD '02 Proceedings of the 1st international conference on Aspect-oriented software development
AspectC++: an aspect-oriented extension to the C++ programming language

CRPIT '02 Proceedings of the Fortieth International Conference on Tools Pacific: Objects for internet, mobile and embedded applications
An Overview of AspectJ

ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
UML-Based Representation of Role-Based Access Control

WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications

Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Logic in Computer Science: Modelling and Reasoning about Systems

Logic in Computer Science: Modelling and Reasoning about Systems
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
A Static Verification Framework for Secure Peer-to-Peer Applications

ICIW '07 Proceedings of the Second International Conference on Internet and Web Applications and Services
Secure Systems Development with UML

Secure Systems Development with UML
Role slices: a notation for RBAC permission assignment and enforcement

DBSec'05 Proceedings of the 19th annual IFIP WG 11.3 working conference on Data and Applications Security
For-LySa: UML for authentication analysis

GC'04 Proceedings of the 2004 IST/FET international conference on Global Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security is a very challenging task in software engineering. Enforcing security policies should be taken care of during the early phases of the software development life cycle to prevent security breaches in the final product. Since security is a crosscutting concern that pervades the entire software, integrating security solutions at the software design level may result in scattering and tangling security features throughout the entire design. To address this issue, we propose in this paper an aspect-oriented approach for specifying and enforcing security hardening solutions. This approach provides software designers with UML-based capabilities to perform security hardening in a clear and organized way, at the UML design level, without the need to be security experts. We also present the SHP profile, a UML-based security hardening language to describe and specify security hardening solutions at the UML design level. Finally, we explore the efficiency and the relevance of our approach by applying it to a real world case study and present the experimental results.