Towards a Better Integration of Patterns in Secure Component-Based Systems Design

摘要

Security has become an important challenge in current software and system development. Most of designers are experts in software development but not experts in security. It is important to guide them to decide how and where to apply security mechanisms in the early phases of software development to reduce time and cost of development. To reach this objective, we propose to apply security expertise as security patterns at software design phase. Our methodology is based on the use of a component metamodel to capture the domain concepts and security patterns to encode solutions to security problem. The expected result is a model as design solution for specific domain. Here, we promote a modeling technique based on UML profiles to facilitate the integration of patterns solutions into model driven engineering approach (MDE). As a proof of concept, we illustrate the methodology to produce an UML profile associated with RBAC security pattern. A case study of GPS system is also provided to demonstrate the application of generated profile.