Secure Design using Security Patterns
Secure Design using Security Patterns is one activity of the Security Architecture project.
Aim: To build high assurance secure applications through composition of security patterns for capability-based systems and provide assurance about the security properties of the applications.
Overview: Building complex secure applications with high assurance is difficult and requires experts. Security patterns and best practices have been proposed to assist architects in designing secure applications. However, these are usually written independently of the specific details of underlying platforms. This leads to a gap between patterns and the platforms, and does not directly support the design-level analysis and verification of systems to be built on those platforms. We propose an approach to incrementally build an application design using design fragments, which are specializations of patterns for target platforms. Design fragments can be composed and reused during design, and directly support design-level security analyses. There are 3 key main components of this research activity:
- Capability-specific Design Fragments - Instantiation of security patterns for capability-based systems, allowing design-level verification
- Security Property Analysis - Provide assurance about the security properties of the design by means of verification
- Composition of Design Fragments - Compose design fragments to not only harden the security of an application against specific threats, but also achieve security requirements. We aim to provide composition tactics that guides the composition.
Technical research challenges:
- Specialising Secuirty Patterns for Capability-based systems
- Reuse design fragments verification for application verification
- Composing security-pattern design fragments together, avoiding clash between selected patterns and achieving security goals
Contact: Paul Rimba, paul.rimbanicta.com.au
Building high assurance secure applications using security patterns for capability-based platforms
International Conference on Software Engineering, pp. 4, San Francisco, USA, May, 2013