A New Extension of Larman's Operation Contracts for Security Properties Injection and Verification during the System's Internal Behavior Elaboration
| Autor: | A. Lasbahani, Oussama Mjihil, Abdelmoumen Tabyaoui, Mostafa Chhiba |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Source code
business.industry Computer science media_common.quotation_subject 020207 software engineering 0102 computer and information sciences 02 engineering and technology Enterprise information security architecture Computer security model Security policy 01 natural sciences Software development process Unified Modeling Language 010201 computation theory & mathematics Application security Data integrity 0202 electrical engineering electronic engineering information engineering Software engineering business computer computer.programming_language media_common |
| Zdroj: | Proceedings of the 2nd International Conference on Computing and Wireless Communication Systems. |
| DOI: | 10.1145/3167486.3167519 |
| Popis: | Lately, there have been many types of study works addressing the model-driven security so that to incorporate the security verification during system's development process or modeling phase basing on Model-Driven Architecture that deploys Unified Modelling Language standard as the meta-model for different system's abstractions. To the best of our knowledge, most of these works have been addressing security rules verification after deployment phase and without taking into account security infrastructure generation, deducing the source code corresponding to the functional and non-functional aspect at the same time. In this current work, we have concentrated our efforts on non-functional components, business logic, and quality of services of the systems so that to reduce design mistakes and generating secure software applications that respect the criteria's of the software engineering qualities. To do that, we have proposed a new meta-model for Java platform allowing to improve the MDA methodology to inject the security architecture description and security properties verification during software development process. Therefore, security properties will be described in the form of secure models represented through Security profile and enriched through the Object Constraint Language designed to add the security constraints to security models. Basing on the new approach, an Intermediate Structural Model (ISM) is obtained from chosen Platform Specific Model (PSM) to enrich the functional code with other improvements instead generating the source code directly.In this context, ISM will be improved with security rules and constraints about confidentiality, availability, non-repudiation, data integrity, and data encryption after its generation from sequence diagram of system internal behavior that respects the proposed meta-model. Finally, the final code will be generated from sequence diagram of system's internal behavior such as application security configuration, methods signatures and their bodies, persistent entities, and the security objects. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|