IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Programming semantics for multiprogrammed computations
Communications of the ACM
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
The Confused Deputy: (or why capabilities might have been invented)
ACM SIGOPS Operating Systems Review
Security Patterns: Integrating Security and Systems Engineering
Security Patterns: Integrating Security and Systems Engineering
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Applicability of security patterns
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
A tactic-centric approach for automating traceability of quality concerns
Proceedings of the 34th International Conference on Software Engineering
Software Architecture in Practice
Software Architecture in Practice
Reusable Formal Models for Secure Software Architectures
WICSA-ECSA '12 Proceedings of the 2012 Joint Working IEEE/IFIP Conference on Software Architecture and European Conference on Software Architecture
An Architectural Approach for Cost Effective Trustworthy Systems
WICSA-ECSA '12 Proceedings of the 2012 Joint Working IEEE/IFIP Conference on Software Architecture and European Conference on Software Architecture
Hi-index | 0.00 |
Building high assurance secure applications requires the proper use of security mechanisms and assurances provided by the underlying secure platform. However, applications are often built using security patterns and best practices that are agnostic with respect to the intricate specifics of the different underlying platforms. This independence from the underlying platform leaves a gap between security patterns and underlying secure platforms. In this PhD research abstract, we propose a novel approach to bridge this gap. Specifically, we propose reusable capability-specific design fragments for security patterns, which are specialization for patterns in a capability-based system. The focus is on systems that adhere to a capability-based security model, which we consider as the underlying platforms, to provide desired application-wide security properties. We also discuss assumptions and levels of assurance for these reusable designs and their use in the verification of application designs.