An Approach for Security Patterns Application in Component Based Models

Since applications have become increasingly complex and because the design of secure systems necessitates security expertise, security patterns are now widely used as guidelines proposed by security experts in order to solve a recurring security problem. In order to encourage application designers to take advantage from security solutions proposed by security patterns, we think that it is necessary to provide an appropriate mechanism to implement those patterns. We propose a full security pattern integration methodology from the earliest phases of software development until the generation of the application code. The proposed solution uses the UML component model as an application domain of security patterns and bases on the use of UML profiles and model transformations with the ATL language. For the generation of code and for keeping the separation between the functional code of the component based application and security solution, we use the aspect paradigm. An illustration of the proposed approach is provided using the Role Based Access Control (RBAC) pattern. A case study of GPS system is also provided to demonstrate the application of the proposed approach.