An aspect-oriented methodology for designing secure applications

G Georg; I Ray; K Anastasakis; Behzad Bordbar; M Toahchoodee; SH Houmb

doi:10.1016/j.infsof.2008.05.004

An aspect-oriented methodology for designing secure applications

G Georg, I Ray, K Anastasakis, Behzad Bordbar, M Toahchoodee, SH Houmb

Computer Science

Research output: Contribution to journal › Article

51 Citations (Scopus)

Abstract

We propose a methodology, based on aspect-oriented modeling (AOM), for incorporating security mechanisms in an application. The functionality of the application is described using the primary model and the attacks are specified using aspects. The attack aspect is composed with the primary model to obtain the misuse model. The misuse model describes how much the application can be compromised. If the results are unacceptable, then some security mechanism must be incorporated into the application. The security mechanism, modeled as security aspect, is composed with the primary model to obtain the security-treated model. The security-treated model is analyzed to give assurance that it is resilient to the attack. (C) 2008 Elsevier B.V. All rights reserved.

Original language	English
Pages (from-to)	846-864
Number of pages	19
Journal	Information and Software Technology
Volume	51
Issue number	5
DOIs	https://doi.org/10.1016/j.infsof.2008.05.004
Publication status	Published - 1 May 2009

Keywords

Secure systems design
Security analysis
Aspect-oriented modeling
Alloy
UML
Authentication

Access to Document

10.1016/j.infsof.2008.05.004

Cite this

@article{7571d16895524527bca491f11572092a,

title = "An aspect-oriented methodology for designing secure applications",

abstract = "We propose a methodology, based on aspect-oriented modeling (AOM), for incorporating security mechanisms in an application. The functionality of the application is described using the primary model and the attacks are specified using aspects. The attack aspect is composed with the primary model to obtain the misuse model. The misuse model describes how much the application can be compromised. If the results are unacceptable, then some security mechanism must be incorporated into the application. The security mechanism, modeled as security aspect, is composed with the primary model to obtain the security-treated model. The security-treated model is analyzed to give assurance that it is resilient to the attack. (C) 2008 Elsevier B.V. All rights reserved.",

keywords = "Secure systems design, Security analysis, Aspect-oriented modeling, Alloy, UML, Authentication",

author = "G Georg and I Ray and K Anastasakis and Behzad Bordbar and M Toahchoodee and SH Houmb",

year = "2009",

month = may,

day = "1",

doi = "10.1016/j.infsof.2008.05.004",

language = "English",

volume = "51",

pages = "846--864",

journal = "Information and Software Technology",

publisher = "Elsevier",

number = "5",

}

TY - JOUR

T1 - An aspect-oriented methodology for designing secure applications

AU - Georg, G

AU - Ray, I

AU - Anastasakis, K

AU - Bordbar, Behzad

AU - Toahchoodee, M

AU - Houmb, SH

PY - 2009/5/1

Y1 - 2009/5/1

N2 - We propose a methodology, based on aspect-oriented modeling (AOM), for incorporating security mechanisms in an application. The functionality of the application is described using the primary model and the attacks are specified using aspects. The attack aspect is composed with the primary model to obtain the misuse model. The misuse model describes how much the application can be compromised. If the results are unacceptable, then some security mechanism must be incorporated into the application. The security mechanism, modeled as security aspect, is composed with the primary model to obtain the security-treated model. The security-treated model is analyzed to give assurance that it is resilient to the attack. (C) 2008 Elsevier B.V. All rights reserved.

AB - We propose a methodology, based on aspect-oriented modeling (AOM), for incorporating security mechanisms in an application. The functionality of the application is described using the primary model and the attacks are specified using aspects. The attack aspect is composed with the primary model to obtain the misuse model. The misuse model describes how much the application can be compromised. If the results are unacceptable, then some security mechanism must be incorporated into the application. The security mechanism, modeled as security aspect, is composed with the primary model to obtain the security-treated model. The security-treated model is analyzed to give assurance that it is resilient to the attack. (C) 2008 Elsevier B.V. All rights reserved.

KW - Secure systems design

KW - Security analysis

KW - Aspect-oriented modeling

KW - Alloy

KW - UML

KW - Authentication

U2 - 10.1016/j.infsof.2008.05.004

DO - 10.1016/j.infsof.2008.05.004

M3 - Article

VL - 51

SP - 846

EP - 864

JO - Information and Software Technology

JF - Information and Software Technology

IS - 5

ER -