Abstract
We propose a methodology, based on aspect-oriented modeling (AOM), for incorporating security mechanisms in an application. The functionality of the application is described using the primary model and the attacks are specified using aspects. The attack aspect is composed with the primary model to obtain the misuse model. The misuse model describes how much the application can be compromised. If the results are unacceptable, then some security mechanism must be incorporated into the application. The security mechanism, modeled as security aspect, is composed with the primary model to obtain the security-treated model. The security-treated model is analyzed to give assurance that it is resilient to the attack. (C) 2008 Elsevier B.V. All rights reserved.
Original language | English |
---|---|
Pages (from-to) | 846-864 |
Number of pages | 19 |
Journal | Information and Software Technology |
Volume | 51 |
Issue number | 5 |
DOIs | |
Publication status | Published - 1 May 2009 |
Keywords
- Secure systems design
- Security analysis
- Aspect-oriented modeling
- Alloy
- UML
- Authentication