Model-Driven Security; MDS; MDE; Aspect-Oriented Modelling; RAM; DSL; Model Transformations; Model Composition; Systematic Review; Security Design Patterns; Pattern Refinement; Security Testing; Security By Design
Résumé :
[en] Context: The more human beings depend on software systems, the more important role that software security engineering must play to build secure software systems. Model-Driven Security (MDS) emerged more than a decade ago as a specialised Model-Driven Engineering (MDE) research area for engineering secure software systems. MDS is promising but not mature yet. Our recent systematic literature review (SLR) has revealed several current limitations and open issues in the state of the art of MDS research.
Objectives: This PhD work aims at addressing three of the main open issues in the current state of the art of MDS research that are pointed out by the SLR. First, our SLR shows that multiple security concerns need to be handled together more systematically. Second, true Aspect-Oriented Modelling techniques for better ensuring the separation- of-concern in MDS approaches could have been leveraged more extensively. Third, complete tool chains based on integrated MDE techniques covering all the main stages of the development cycle are emerging, but still very rare.
Methods: On one hand, we develop a full MDS framework with modularity based on domain-specific modelling, model transformations, and model-based security testing. This MDS framework can help us to deal with complex delegation mechanisms in access control administration, from modelling till testing. On the other hand, we propose a highly modular, reusable MDS solution based on a System of Security design Patterns (SoSPa) and reusable aspect models to tackle multiple security concerns systematically.
Results: First, an extensive SLR has been conducted for revealing and analysing the current state of the art of MDS research. Second, a full MDS framework focusing on modularity has been proposed that integrates domain-specific modelling, model transformations, and model-based security testing to support all the main stages of an MDS development cycle. Third, we have developed a highly reusable, modular MDS approach based on a System of Security design Patterns for handling multiple security concerns together systematically. Finally, we have showed how our MDS approaches can be integrated in a full MDS framework, called MDS-MoRe, which could be the basis of a complete tool chain for MDS development of secure systems.
Conclusion: In this thesis, integrated MDS methodologies with modularity and reusability have been proposed for engineering secure software systems. This work has tackled three main current open issues in MDS research revealed from an extensive SLR.
Centre de recherche :
SnT
Disciplines :
Sciences informatiques
Auteur, co-auteur :
NGUYEN, Phu Hong ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Langue du document :
Anglais
Titre :
Model-Driven Security With Modularity and Reusability For Engineering Secure Software Systems
Date de soutenance :
10 septembre 2015
Nombre de pages :
213
Institution :
Unilu - University of Luxembourg, Luxembourg, Luxembourg
FNR783852 - Modeling, Composing And Testing Of Security Concerns, 2010 (01/05/2011-30/04/2014) - Jacques Klein
Intitulé du projet de recherche :
MITER
Organisme subsidiant :
FNR - Fonds National de la Recherche
Commentaire :
Copyright 2015 Phu Hong Nguyen. All rights reserved. Reproduction in whole or in part is allowed only with the written consent of the copyright owner. Typeset in LATEX
