Contract-based design patterns: a design by contract approach to specify security patterns - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année :

Contract-based design patterns: a design by contract approach to specify security patterns

(1) , (2) , (2, 3) , (2)
1
2
3

Résumé

With the ever growing digitization of activities, software systems are getting more and more complex. They must comply with new usages, varied needs, and are permanently exposed to new security vulnerabilities. Security concerns must be addressed throughout the entire development process and in particular through appropriate architectural choices. The security patterns are the founding principles to provide the architectural and design guidelines. Nevertheless, researchers have pointed out the need for further research investigations to improve quality and effectiveness of security patterns. In this paper, we focus on enhancing security patterns specification to improve the security of the systems using them. Thus, to reach this goal, we present a formal Design by Contract approach to improve the behavioral definition of the security patterns. This approach seeks to define both functional behavior and implicit parts of security design patterns. Our approach includes the contract formalization of security patterns and a comparative implementation on two Java annotation frameworks. The application of the proposal in a proof of concept case highlights the security enforcement at design time or on a legacy source code.
Fichier non déposé

Dates et versions

hal-02958111 , version 1 (05-10-2020)

Identifiants

Citer

Caine Silva, Sylvain Guérin, Raul Mazo, Joël Champeau. Contract-based design patterns: a design by contract approach to specify security patterns. 15th International Conference on Availibitlity, Reliability ans Security, ARES 2020, Association for Computing Machinery (ACM), Aug 2020, Virtual Event, Ireland. pp.1-9, ⟨10.1145/3407023.3409185⟩. ⟨hal-02958111⟩
43 Consultations
2 Téléchargements

Altmetric

Partager

Gmail Facebook Twitter LinkedIn More