“Sometimes” and “not never” revisited: on branching versus linear time temporal logic
Journal of the ACM (JACM) - The MIT Press scientific computation series
Automatic Verification of Sequential Circuits Using Temporal Logic
IEEE Transactions on Computers
Symbolic model checking: an approach to the state explosion problem
Symbolic model checking: an approach to the state explosion problem
Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Model Checking in Practice: The T9000 Virtual Channel Processor
IEEE Transactions on Software Engineering
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
A case study in model checking software systems
Science of Computer Programming - Special issue: on formal specifications: foundations, methods, tools and applications: selected papers from the FMTA '95 conference (29–31 May 1995, Konstancin n. Warsaw, Poland)
Proceedings of the 20th international conference on Software engineering
Patterns in property specifications for finite-state verification
Proceedings of the 21st international conference on Software engineering
Verifying security protocols with Brutus
ACM Transactions on Software Engineering and Methodology (TOSEM)
Communication and Concurrency
Computer
A Pattern-Based Approach to Structural Design Composition
COMPSAC '99 23rd International Computer Software and Applications Conference
A Formal Approach to Architectural Design Patterns
FME '96 Proceedings of the Third International Symposium of Formal Methods Europe on Industrial Benefit and Advances in Formal Methods
Efficient Model Checking Using Tabled Resolution
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Principles in formal specification of object oriented design and architecture
CASCON '01 Proceedings of the 2001 conference of the Centre for Advanced Studies on Collaborative research
Behavioral specification of GOF design patterns with LOTOS
APSEC '00 Proceedings of the Seventh Asia-Pacific Software Engineering Conference
Analysis of interacting BPEL web services
Proceedings of the 13th international conference on World Wide Web
Responsibilities and Rewards: Specifying Design Patterns
Proceedings of the 26th International Conference on Software Engineering
Security Patterns: A Method for Constructing Secure and Efficient Inter-Company Coordination Systems
EDOC '04 Proceedings of the Enterprise Distributed Object Computing Conference, Eighth IEEE International
Security Patterns: Integrating Security and Systems Engineering
Security Patterns: Integrating Security and Systems Engineering
Automating the analysis of design component contracts: Research Articles
Software—Practice & Experience
A Study of Security Architectural Patterns
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Security Patterns for Voice over IP Networks
ICCGI '07 Proceedings of the International Multi-Conference on Computing in the Global Information Technology
Commutability of Design Pattern Instantiation and Integration
TASE '07 Proceedings of the First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering
Model Checking Security Pattern Compositions
QSIC '07 Proceedings of the Seventh International Conference on Quality Software
A Framework for Model Checking Web Service Compositions Based on BPEL4WS
ICEBE '07 Proceedings of the IEEE International Conference on e-Business Engineering
Secure Systems Development with UML
Secure Systems Development with UML
Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)
ACM Transactions on Software Engineering and Methodology (TOSEM) - In memoriam, fault detection and localization, formal methods, modeling and design
| Hi-index | 0.03 |
Software security becomes a critically important issue for software development when more and more malicious attacks explore the security holes in software systems. To avoid security problems, a large software system design may reuse good security solutions by applying security patterns. Security patterns document expert solutions to common security problems and capture best practices on secure software design and development. Although each security pattern describes a good design guideline, the compositions of these security patterns may be inconsistent and encounter problems and flaws. Therefore, the compositions of security patterns may be even insecure. In this paper, we present an approach to automated verification of the compositions of security patterns by model checking. We formally define the behavioral aspect of security patterns in CCS through their sequence diagrams. We also prove the faithfulness of the transformation from a sequence diagram to its CCS representation. In this way, the properties of the security patterns can be checked by a model checker when they are composed. Composition errors and problems can be discovered early in the design stage. We also use two case studies to illustrate our approach and show its capability to detect composition errors.