From security patterns to implementation using petri nets

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

From security patterns to implementation using petri nets

Full text

Pdf (701 KB)

Source

International Conference on Software Engineering archive
Proceedings of the fourth international workshop on Software engineering for secure systems table of contents

Leipzig, Germany

Pages 17-24

Year of Publication: 2008

ISBN:978-1-60558-042-5

Authors

Viktor Horvath	University of Hamburg, Hamburg, Germany
Till Dörges	University of Hamburg, Hamburg, Germany

Sponsors

ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 18, Downloads (12 Months): 166, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1370905.1370908 What is a DOI?

ABSTRACT

Security Patterns - the adaption of Design Patterns by Gamma et al. to security - have not quite met the expectations since Yoder and Barcalow pioneered the field. The two main reasons for this are the lack of formalisation and the fact that security often permeates all parts of a software, which is hard to encapsulate in a single pattern.

This paper investigates and presents our method of using Petri nets to first model security patterns on an abstract level. Gradual and intuitive refinement of the Petri nets then permits the creation of a running Petri net implementation - very much in the sense of model driven software engineering (MDSE) and model driven security (MDS). The Petri nets are modelled and executed using Renew - both IDE and virtual machine.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	C. Alexander. The timeless way of building. Oxford University Press, 1979.
	2	David Basin , Jürgen Doser , Torsten Lodderstedt, Model driven security: From UML models to access control infrastructures, ACM Transactions on Software Engineering and Methodology (TOSEM), v.15 n.1, p.39-91, January 2006 [doi>10.1145/1125808.1125810]
	3	A. M. Braga, C. M. F. Rubira, and R. Dahab. Tropyc: A pattern language for cryptographic software. Technical Report IC--99--03, Institute of Computing, University of Campinas, Jan. 1999.
	4	L. Cabac, D. Moldt, and H. Rölke. A proposal for structuring Petri net--based agent interaction protocols. In W. v. d. Aalst and E. Best, editors, 24th International Conference on Application and Theory of Petri Nets, Eindhoven, Netherlands, June 2003, volume 2679 of LNCS, pages 102--120. Springer, June 2003.
	5	L. Dai and K. Cooper. A survey of modeling and analysis approaches for architecting secure software systems. International Journal of Network Security, 5(2):187--198, Sept. 2007.
	6	M. Duvigneau. Bereitstellung einer Agentenplattform für petrinetzbasierte Agenten. Diploma thesis, Universität Hamburg, Fachbereich Informatik, Vogt--Kölln Str. 30, D--22527 Hamburg, Dec. 2002.
	7	E. B. Fernandez and P. Morrison. Securing the Broker pattern. In Proceedings of the European Conference on Pattern Languages of Programs (EuroPLoP). Department of Computer Science & Engineering, Florida Atlantic University, USA, 2006.
	8	Foundation for Intelligent Physical Agents (FIPA) -- homepage. http://www.fipa.org/. Foundation for Intelligent Physical Agents.
	9	Sebastian Fischmeister , Giovanni Vigna , Richard A. Kemmerer, Evaluating the Security of Three Java-Based Mobile Agent Systems, Proceedings of the 5th International Conference on Mobile Agents, p.31-41, December 02-04, 2001
	10	David Frankel, Model Driven Architecture: Applying MDA to Enterprise Computing, John Wiley & Sons, Inc., New York, NY, 2002
	11	Ariel Fuxman , John Mylopoulos , Marco Pistore , Paolo Traverso, Model Checking Early Requirements Specifications in Tropos, Proceedings of the 5th IEEE International Symposium on Requirements Engineering, p.174-181, August 27-31, 2001
	12	Erich Gamma , Richard Helm , Ralph Johnson , John Vlissides, Design patterns: elements of reusable object-oriented software, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1995
	13	Morrie Gasser, Building a secure computer system, Van Nostrand Reinhold Co., New York, NY, 1988
	14	Claude Girault , Rudiger Valk, Petri Nets for System Engineering: A Guide to Modeling, Verification, and Applications, Springer-Verlag New York, Inc., Secaucus, NJ, 2001
	15	S. T. Halkidis, A. Chatzigeorgiou, and G. Stephanides. A qualitative evaluation of security patterns. In Sixth International Conference on Information and Communications Security (ICICS), LNCS, pages 132--144. Springer, Oct. 2004.
	16	Denis Hatebur , Maritta Heisel , Holger Schmidt, A Security Engineering Process based on Patterns, Proceedings of the 18th International Conference on Database and Expert Systems Applications, p.734-738, September 03-07, 2007 [doi>10.1109/DEXA.2007.23]
	17	V. Horvath. Security patterns for multi-agent systems: Review and implementation in mulan/capa. Diploma thesis, Universität Hamburg, Department Informatik, Vogt-Kölln Str. 30, D--22527 Hamburg, Dec. 2007.
	18	Nicholas R. Jennings, On agent-based software engineering, Artificial Intelligence, v.117 n.2, p.277-296, March 2000 [doi>10.1016/S0004-3702(99)00107-1]
	19	J. Jürjens. Secure Systems Development with UML. Springer, 2004.
	20	O. Kummer. Referenznetze. Logos Verlag, Berlin, 2002.
	21	O. Kummer, F. Wienberg, and M. Duvigneau. Renew -- the Reference Net Workshop. Available at: http://www.renew.de/, May 2006. Release 2.1.
	22	S. Lehtonen and J. Pärssinen. A pattern language for key management. In Eighth Conference on Pattern Languages of Programs (PLoP 2001), Allerton Park, Monticello, Illinois, USA, Sept. 2001.
	23	H. Mouratidis, M. Weiss, and P. Giorgini. Modeling secure systems using an agent--oriented approach and security patterns. International Journal of Software Engineering and Knowledge Engineering, 16(3):471, 2006.
	24	M. Naedele and J. W. Janneck. Design patterns in petri net system modeling. In Proc. 4th IEEE Int. Conf. on Engineering of Complex Computer Systems, 10--14 August 1998, Monterey, CA, pages 47--54, Aug. 1998.
	25	I. Porres and M. C. Valiente. Process definition and project tracking in model driven engineering. In J. Münch and M. Vierimaa, editors, PROFES, volume 4034 of LNCS, pages 127--141. Springer, 2006.
	26	Hassan Reza , Xudong He, Pattern-Based Software Architecture: A Case Study, Proceedings of the International Conference on Information Technology: Computers and Communications, p.592, April 28-30, 2003
	27	Philip Robinson, Extensible Security Patterns, Proceedings of the 18th International Conference on Database and Expert Systems Applications, p.729-733, September 03-07, 2007 [doi>10.1109/DEXA.2007.70]
	28	H. Rölke. Modellierung von Agenten und Multiagentensystemen -- Grundlagen und Anwendungen, volume 2 of Agent Technology -- Theory and Applications. Logos Verlag, Berlin, 2004.
	29	Markus Schumacher, Security Engineering with Patterns: Origins, Theoretical Models, and New Applications, Springer-Verlag New York, Inc., Secaucus, NJ, 2003
	30	Rüdiger Valk, Petri Nets as Token Objects: An Introduction to Elementary Object Nets, Proceedings of the 19th International Conference on Application and Theory of Petri Nets, p.1-25, June 22-26, 1998
	31	J. W. Yoder and J. Barcalow. Architectural patterns for enabling application security. In Fourth Conference on Pattern Languages of Programs (PLoP 1997), Allerton Park, Monticello, Illinois, USA, Sept. 1997.