Automated verification of security pattern compositions
Information and Software Technology
| Hi-index | 0.00 |
As the Internet, intranets and other wide-area open networks grow, novel techniques for building distributed systems notably mobile agents, are attracting increasing attention. This is particularly the case for inter-company system coordination applications. A key difficulty in constructing such systems is to meet the security requirements while at the same time respecting the requirements for efficient implementation. In this paper, we propose a method that addresses this problem and show an application of the method to a real implemented system, the Environmentally Conscious Product (ECP) design support system. Our approach enables developers to specify several candidate system behaviors that satisfy the security requirements. We use patterns for this purpose. Patterns are abstract templates of system behavior fragments. The patterns include agent migrations, communications between applications and security procedures. We model the performance data associated with each pattern. Developers can then select an efficient implementation using this model to compare the performance data of the candidates. We evaluate our approach with a significant real-world example, the ECP design support system that essentially requires inter-company system coordination.