An Aspect-Oriented Approach for Software Security Hardening: from Design to Implementation

摘要

Security is a very challenging task in software engineering. Enforcing security policies should be taken care of during the early phases of the software development life cycle to prevent security breaches in the final product. Since security is a crosscutting concern that pervades the entire software, integrating security solutions at the software design level may result in scattering and tangling security features throughout the entire design. To address this issue, we propose in this paper an aspect-oriented approach for specifying and enforcing security hardening solutions. This approach provides software designers with UML-based capabilities to perform security hardening in a clear and organized way, at the UML design level, without the need to be security experts. We also present the SHP profile, a UML-based security hardening language to describe and specify security hardening solutions at the UML design level. Finally, we explore the efficiency and the relevance of our approach by applying it to a real world case study and present the experimental results.