References of "Nguyen, Phu Hong 50002753"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailSoSPa: A System of Security Design Patterns for Systematically Engineering Secure Systems
Nguyen, Phu Hong UL; Yskout, Koen; Heyman, Thomas et al

in Proceedings ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (2015, October)

Model-Driven Security (MDS) for secure systems development still has limitations to be more applicable in practice. A recent systematic review of MDS shows that current MDS approaches have not dealt with ... [more ▼]

Model-Driven Security (MDS) for secure systems development still has limitations to be more applicable in practice. A recent systematic review of MDS shows that current MDS approaches have not dealt with multiple security concerns systematically. Besides, catalogs of security patterns which can address multiple security concerns have not been applied efficiently. This paper presents an MDS approach based on a unified System of Security design Patterns (SoSPa). In SoSPa, security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically addressing multiple security concerns. SoSPa consists of not only interrelated security design patterns but also a refinement process towards their application. We applied SoSPa to design the security of crisis management systems. The result shows that multiple security concerns in the case study have been addressed by systematically integrating different security solutions. [less ▲]

Detailed reference viewed: 139 (5 UL)
Full Text
See detailModel-Driven Security With Modularity and Reusability For Engineering Secure Software Systems
Nguyen, Phu Hong UL

Doctoral thesis (2015)

Context: The more human beings depend on software systems, the more important role that software security engineering must play to build secure software systems. Model-Driven Security (MDS) emerged more ... [more ▼]

Context: The more human beings depend on software systems, the more important role that software security engineering must play to build secure software systems. Model-Driven Security (MDS) emerged more than a decade ago as a specialised Model-Driven Engineering (MDE) research area for engineering secure software systems. MDS is promising but not mature yet. Our recent systematic literature review (SLR) has revealed several current limitations and open issues in the state of the art of MDS research. Objectives: This PhD work aims at addressing three of the main open issues in the current state of the art of MDS research that are pointed out by the SLR. First, our SLR shows that multiple security concerns need to be handled together more systematically. Second, true Aspect-Oriented Modelling techniques for better ensuring the separation- of-concern in MDS approaches could have been leveraged more extensively. Third, complete tool chains based on integrated MDE techniques covering all the main stages of the development cycle are emerging, but still very rare. Methods: On one hand, we develop a full MDS framework with modularity based on domain-specific modelling, model transformations, and model-based security testing. This MDS framework can help us to deal with complex delegation mechanisms in access control administration, from modelling till testing. On the other hand, we propose a highly modular, reusable MDS solution based on a System of Security design Patterns (SoSPa) and reusable aspect models to tackle multiple security concerns systematically. Results: First, an extensive SLR has been conducted for revealing and analysing the current state of the art of MDS research. Second, a full MDS framework focusing on modularity has been proposed that integrates domain-specific modelling, model transformations, and model-based security testing to support all the main stages of an MDS development cycle. Third, we have developed a highly reusable, modular MDS approach based on a System of Security design Patterns for handling multiple security concerns together systematically. Finally, we have showed how our MDS approaches can be integrated in a full MDS framework, called MDS-MoRe, which could be the basis of a complete tool chain for MDS development of secure systems. Conclusion: In this thesis, integrated MDS methodologies with modularity and reusability have been proposed for engineering secure software systems. This work has tackled three main current open issues in MDS research revealed from an extensive SLR. [less ▲]

Detailed reference viewed: 340 (12 UL)
Full Text
Peer Reviewed
See detailAn Extensive Systematic Review on the Model-Driven Development of Secure Systems
Nguyen, Phu Hong UL; Kramer, Max; Klein, Jacques UL et al

in Information & Software Technology (2015), 68(December 2015), 62-81

Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large ... [more ▼]

Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large number of publications. Objective: To provide a detailed analysis of the state of the art in MDS, a systematic literature review (SLR) is essential. Method: We conducted an extensive SLR on MDS. Derived from our research questions, we designed a rigorous, extensive search and selection process to identify a set of primary MDS studies that is as complete as possible. Our three-pronged search process consists of automatic searching, manual searching, and snowballing. After discovering and considering more than thousand relevant papers, we identified, strictly selected, and reviewed 108 MDS publications. Results: The results of our SLR show the overall status of the key artefacts of MDS, and the identified primary MDS studies. E.g. regarding security modelling artefact, we found that developing domain-specific languages plays a key role in many MDS approaches. The current limitations in each MDS artefact are pointed out and corresponding potential research directions are suggested. Moreover, we categorise the identified primary MDS studies into 5 significant MDS studies, and other emerging or less common MDS studies. Finally, some trend analyses of MDS research are given. Conclusion: Our results suggest the need for addressing multiple security concerns more systematically and simultaneously, for tool chains supporting the MDS development cycle, and for more empirical studies on the application of MDS methodologies. To the best of our knowledge, this SLR is the first in the field of Software Engineering that combines a snowballing strategy with database searching. This combination has delivered an extensive literature study on MDS. [less ▲]

Detailed reference viewed: 133 (11 UL)
Full Text
See detailModel-Driven Security based on A Unified System of Security Design Patterns
Nguyen, Phu Hong UL

Report (2015)

Model-Driven Security (MDS) for secure systems development still has limitations to be more applicable in practice. A recent systematic review of MDS shows that current MDS approaches have not dealt with ... [more ▼]

Model-Driven Security (MDS) for secure systems development still has limitations to be more applicable in practice. A recent systematic review of MDS shows that current MDS approaches have not dealt with multiple security concerns system- atically. Besides, catalogs of security patterns which can address multiple security concerns have not been applied efficiently. This paper presents an MDS approach based on a unified System of Security design Patterns (SoSPa). In SoSPa, security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically addressing multiple security concerns. SoSPa consists of not only interrelated security design patterns but also a refinement process towards their application. We applied SoSPa to design the security of crisis management systems. The result shows that multiple security concerns in the case study have been addressed by systematically integrating different security solutions. [less ▲]

Detailed reference viewed: 179 (14 UL)
Full Text
See detailAn Extensive Systematic Review on Model-Driven Development of Secure Systems
Nguyen, Phu Hong UL

Report (2015)

Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large ... [more ▼]

Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large number of publications. Objective: To provide a detailed analysis of the state of the art in MDS, a systematic literature review (SLR) is essential. Method: We conducted an extensive SLR on MDS. Derived from our research questions, we designed a rigorous, extensive search and selection process to identify a set of primary MDS studies that is as complete as possible. Our three-pronged search process consists of automatic searching, manual searching, and snowballing. After discovering and considering more than thousand relevant papers, we identified, strictly selected, and reviewed 108 MDS publications. Results: The results of our SLR show the overall status of the key artefacts of MDS, and the identified primary MDS studies. E.g. regarding security modelling artefact, we found that developing domain-specific languages plays a key role in many MDS approaches. The current limitations in each MDS artefact are pointed out and corresponding potential research directions are suggested. Moreover, we categorise the identified primary MDS studies into 5 principal MDS studies, and other emerging or less common MDS studies. Finally, some trend analyses of MDS research are given. Conclusion: Our results suggest the need for addressing multiple security concerns more systematically and simultaneously, for tool chains supporting the MDS development cycle, and for more empirical studies on the application of MDS methodologies. To the best of our knowledge, this SLR is the first in the field of Software Engineering that combines a snowballing strategy with database searching. This combination has delivered an extensive literature study on MDS. [less ▲]

Detailed reference viewed: 101 (7 UL)
Full Text
Peer Reviewed
See detailModel-Driven Security with A System of Aspect-Oriented Security Design Patterns
Nguyen, Phu Hong UL; Klein, Jacques UL; Le Traon, Yves UL

in 2nd Workshop on View-Based, Aspect-Oriented and Orthographic Software Modelling (2014, July 22)

Model-Driven Security (MDS) has emerged for more than a decade, as a specialization of Model-Driven Engineering (MDE), to propose sound MD methodologies for supporting secure systems development. Yet ... [more ▼]

Model-Driven Security (MDS) has emerged for more than a decade, as a specialization of Model-Driven Engineering (MDE), to propose sound MD methodologies for supporting secure systems development. Yet, there is still a big gap before making MDS approaches more easily applicable and adoptable by industry. Most current MDS approaches only deal with a specific security concern, e.g. Authorization, and have not taken into account multiple security concerns. Besides, security patterns which are based on domain-independent, time-proven security knowledge and expertise, can be considered as reusable security bricks upon which sound and secure systems can be built. But they are not applied as much as they could be, because developers have problems in selecting them and applying them in the right places, especially at the design phase. In this position paper, we propose an exploratory MDS approach based on a System of aspect-oriented Security design Patterns (SoSPa) in which security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically selecting the right security design patterns for the job. Our MDS approach allows the selected security design patterns to be automatically composed with the target system model. The woven secure system model can then be used for code generation, including configured security infrastructures. [less ▲]

Detailed reference viewed: 114 (2 UL)
Full Text
Peer Reviewed
See detailModeling, composing, and testing of security concerns in a Model-Driven Security approach
Nguyen, Phu Hong UL; Klein, Jacques UL; Le Traon, Yves UL

in Joosen, Wouter; Martinelli, Fabio; Heyman, Thomas (Eds.) Proceedings of the 2014 ESSoS Doctoral Symposium co-located with the International Symposium on Engineering Secure Software and Systems (ESSoS 2014) (2014, February 26)

Model-Driven Security (MDS) has emerged as a promising sound methodology for supporting the development of secure systems nowadays. Following the advances in MDS, this research work aims at 1) developing ... [more ▼]

Model-Driven Security (MDS) has emerged as a promising sound methodology for supporting the development of secure systems nowadays. Following the advances in MDS, this research work aims at 1) developing new modeling techniques to represent multiple security concerns, 2) (automatically) composing security models with the business logic model (called target model), and 3) testing the security model composition and the resulting secure system against security requirements. These three objectives converge to an integrated MDS framework (and tool chain) which 1) allows a target system model to embed various security concerns, 2) enables the generation of implementation code including configured security infrastructures, and 3) makes these security properties testable by construction. This paper presents the main research modules, the results we have achieved so far, and the main points for future work. [less ▲]

Detailed reference viewed: 150 (13 UL)
Full Text
Peer Reviewed
See detailModularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management
Nguyen, Phu Hong UL; Nain, Grégory UL; Klein, Jacques UL et al

in Transactions on Aspect-Oriented Software Development (2014), 11

Model-Driven Security (Mds) is a specialized Model-Driven Engineering (Mde) approach for supporting the development of secure systems. Model-Driven Security aims at improving the productivity of the ... [more ▼]

Model-Driven Security (Mds) is a specialized Model-Driven Engineering (Mde) approach for supporting the development of secure systems. Model-Driven Security aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. Among the variety of models that have been studied in a Model-Driven Security perspective, one canmention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. Delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper gives a formalization of access control and delegation mechanisms, and analyses the main hard-points for introducing various advanced delegation semantics in Model-Driven Security. Then, we propose a modular model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy.We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different component-based systems running on different adaptive execution platforms, i.e. OSGi and Kevoree. [less ▲]

Detailed reference viewed: 195 (6 UL)
Full Text
Peer Reviewed
See detailModel-Driven Security with Modularity and Reusability for Secure Systems Development
Nguyen, Phu Hong UL

in STAF-DS 2014 (2014)

Model-Driven Security (MDS) has emerged as a promising sound methodology for modern secure systems development. Following the advances in MDS, this paper describes the late-PhD work that has proposed a ... [more ▼]

Model-Driven Security (MDS) has emerged as a promising sound methodology for modern secure systems development. Following the advances in MDS, this paper describes the late-PhD work that has proposed a solution to better support secure systems development, and further strengthens MDS. Our MDS solution focuses on modularity and reusability in secure systems development. On one hand, we have pro- posed a modular approach for modularity and dynamic adaptation of flexibly secure systems. On the other hand, we have been working on MDS based on a library-like System of generic Security design Patterns in which security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically selecting the right security design patterns for the right job. Either way, security (design pattern) models can be automatically woven into the target system model. The woven secure system model can then be used for code generation, including configured security infrastructures. We have been also working on using model-based security testing techniques to validate the resulting secure systems. [less ▲]

Detailed reference viewed: 94 (9 UL)
Full Text
Peer Reviewed
See detailAdvances in Model-Driven Security
Lucio, Levi; Zhang, Qin UL; Nguyen, Phu Hong UL et al

in Memon, Atif (Ed.) Advances in Computers (2014)

Sound methodologies for constructing security-critical systems are extremely important in order to confront the increasingly varied security threats. As a response to this need, Model-Driven Security has ... [more ▼]

Sound methodologies for constructing security-critical systems are extremely important in order to confront the increasingly varied security threats. As a response to this need, Model-Driven Security has emerged in the early 2000s as a specialized Model-Driven Engineering approach for supporting the development of security-critical systems. In this chapter we summarize the most important developments of Model-Driven Security during the past decade. In order to do so we start by building a taxonomy of the most important concepts of this domain. We then use our taxonomy to describe and evaluate a set of representative and influential Model-Driven Security approaches in the literature. In our development of this topic we concentrate on the concepts shared by Model-Driven Engineering and Model-Driven Security. This allows us to identify and debate the advantages, disadvantages and open issues when applying Model-Driven Engineering to the Information Security domain. This chapter provides a broad view of Model-Driven Security and is intended as an introduction to Model-Driven Security for students, researchers and practitioners. [less ▲]

Detailed reference viewed: 318 (24 UL)
Full Text
Peer Reviewed
See detailA Systematic Review of Model-Driven Security
Nguyen, Phu Hong UL; Klein, Jacques UL; Kramer, Max et al

in The 20th Asia-Pacific Software Engineering Conference Proceedings (2013, December)

To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a ... [more ▼]

To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a decade ago as a specialized Model-Driven Engineering approach for supporting the development of secure systems. MDS aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. This paper presents how we systematically examined existing published work in MDS and its results. The systematic review process, which is based on a formally designed review protocol, allowed us to identify, classify, and evaluate different MDS approaches. To be more specific, from thousands of relevant papers found, a final set of the most relevant MDS publications has been identified, strictly selected, and reviewed. We present a taxonomy for MDS, which is used to synthesize data in order to classify and evaluate the selected MDS approaches. The results draw a wide picture of existing MDS research showing the current status of the key aspects in MDS as well as the identified most relevant MDS approaches.We discuss the main limitations of the existing MDS approaches and suggest some potential research directions based on these insights. [less ▲]

Detailed reference viewed: 252 (13 UL)
Full Text
Peer Reviewed
See detailTesting Delegation Policy Enforcement via Mutation Analysis
Nguyen, Phu Hong UL; Papadakis, Mike UL; Rubab, Iram UL

in 7th International Workshop on Mutation Analysis (2013, March)

Delegation is an important dimension of security that plays a crucial role in the administration mechanism of access control policies. Delegation may be viewed as an exception made to an access control ... [more ▼]

Delegation is an important dimension of security that plays a crucial role in the administration mechanism of access control policies. Delegation may be viewed as an exception made to an access control policy in which a user gets right to act on behalf of other users. This meta-level characteristic together with the complexity of delegation itself make it crucial to ensure the correct enforcement and management of delegation policy in a system via testing. To this end, we adopt mutation analysis for delegation policies. In order to achieve this, a set of mutant operators specially designed for introducing mutants into the key components (features) of delegation is proposed. Our approach consists of analyzing the representation of the key components of delegation, based on which we derive the suggested set of mutant operators. These operators can then be used to introduce mutants into delegation policies and thus, enable mutation testing. A demonstration of the proposed approach on a model-driven adaptive delegation implementation of a library management system is also provided. [less ▲]

Detailed reference viewed: 122 (10 UL)
Full Text
Peer Reviewed
See detailModel-Driven Adaptive Delegation
Nguyen, Phu Hong UL; Nain, Grégory UL; Klein, Jacques UL et al

in Masuhara, Hidehiko; Chiba, Sigeru; Ubayashi, Naoyasu (Eds.) Proceedings of the 12th annual international conference companion on Aspect-oriented software development (2013, March)

Model-Driven Security is a specialization of Model-Driven Engineering (MDE) that focuses on making security models productive, i.e., enforceable in the final deployment. Among the variety of models that ... [more ▼]

Model-Driven Security is a specialization of Model-Driven Engineering (MDE) that focuses on making security models productive, i.e., enforceable in the final deployment. Among the variety of models that have been studied in a MDE perspective, one can mention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. User delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper analyses the main hard-points for introducing various delegation semantics in model-driven security and proposes a model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy. We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different systems. [less ▲]

Detailed reference viewed: 162 (15 UL)