An Approach to Formalise Security Patterns. Da Silva, L. S., Gu�h�neuc, Y., & Mullins, J. In Abebe, S. L., Arnaoudova, V., Eshkevari, L. M., Saban�, A., & Wu, W., editors, Proceedings of the 1<sup>st</sup> International Workshop on Patterns Promotion and Anti-patterns Prevention (PPAP), March, 2013. �PM. 6 pages.![An Approach to Formalise Security Patterns [pdf]](https://bibbase.org/img/filetypes/pdf.svg "pdf")
Paper abstract bibtex The software engineering literature proposes many methods, techniques and tools to ease software development, among which design patterns. The main goal of design patterns is to ease software development through the reuse of good practices in software design and implementation. Design patterns pertain to various domains, including security. In the context of security, security patterns describe design and implementation solutions intended to protect data from a set of possible threats or at least to reduce the risk of their occurrences. Previous works on security patterns defined these patterns and proposed strategies to find occurrences of these patterns using techniques that detect the relationships between software components. However, to the best of our knowledge, these approaches did not describe the behavioural aspects of the components, such as the internal implementation of methods. Behavioural aspects are necessary to investigate and validate the following characteristics: constraints and scope. It is important to guide developers to the correct use of security patterns and preventing wrong implementation and security holes. This article proposes an approach, using Coloured Petri Nets and a set of API already available in the Ptidej reverse- engineering tool suite, to formalise and analyse the structural and behavioural aspects of security patterns and identify their occurrences in different kinds of software systems.
@INPROCEEDINGS{DaSilvaJr13-PPAP-SecurityPatterns,
AUTHOR = {Da Silva, Luis Sergio and Yann-Ga�l Gu�h�neuc and
John Mullins},
BOOKTITLE = {Proceedings of the 1<sup>st</sup> International Workshop on Patterns Promotion and Anti-patterns Prevention (PPAP)},
TITLE = {An Approach to Formalise Security Patterns},
YEAR = {2013},
OPTADDRESS = {},
OPTCROSSREF = {},
EDITOR = {Surafel Lemma Abebe and Venera Arnaoudova and
Laleh Mousavi Eshkevari and Aminata Saban� and Wei Wu},
MONTH = {March},
NOTE = {6 pages.},
OPTNUMBER = {},
OPTORGANIZATION = {},
OPTPAGES = {},
PUBLISHER = {�PM},
OPTSERIES = {},
OPTVOLUME = {},
KEYWORDS = {Topic: <b>Code and design smells</b>,
Venue: <i>PPAP</i>},
URL = {http://www.ptidej.net/publications/documents/PPAP13b.doc.pdf},
PDF = {http://www.ptidej.net/publications/documents/PPAP13b.ppt.pdf},
ABSTRACT = {The software engineering literature proposes many
methods, techniques and tools to ease software development, among
which design patterns. The main goal of design patterns is to ease
software development through the reuse of good practices in software
design and implementation. Design patterns pertain to various
domains, including security. In the context of security, security
patterns describe design and implementation solutions intended to
protect data from a set of possible threats or at least to reduce the
risk of their occurrences. Previous works on security patterns
defined these patterns and proposed strategies to find occurrences of
these patterns using techniques that detect the relationships between
software components. However, to the best of our knowledge, these
approaches did not describe the behavioural aspects of the
components, such as the internal implementation of methods.
Behavioural aspects are necessary to investigate and validate the
following characteristics: constraints and scope. It is important to
guide developers to the correct use of security patterns and
preventing wrong implementation and security holes. This article
proposes an approach, using Coloured Petri Nets and a set of API
already available in the Ptidej reverse- engineering tool suite, to
formalise and analyse the structural and behavioural aspects of
security patterns and identify their occurrences in different kinds
of software systems.}
}
Downloads: 0
{"_id":"kMEMfvhRJGb6mMSQJ","bibbaseid":"dasilva-guhneuc-mullins-anapproachtoformalisesecuritypatterns-2013","author_short":["Da Silva, L. S.","Gu�h�neuc, Y.","Mullins, J."],"bibdata":{"bibtype":"inproceedings","type":"inproceedings","author":[{"propositions":[],"lastnames":["Da","Silva"],"firstnames":["Luis","Sergio"],"suffixes":[]},{"firstnames":["Yann-Ga�l"],"propositions":[],"lastnames":["Gu�h�neuc"],"suffixes":[]},{"firstnames":["John"],"propositions":[],"lastnames":["Mullins"],"suffixes":[]}],"booktitle":"Proceedings of the 1<sup>st</sup> International Workshop on Patterns Promotion and Anti-patterns Prevention (PPAP)","title":"An Approach to Formalise Security Patterns","year":"2013","optaddress":"","optcrossref":"","editor":[{"firstnames":["Surafel","Lemma"],"propositions":[],"lastnames":["Abebe"],"suffixes":[]},{"firstnames":["Venera"],"propositions":[],"lastnames":["Arnaoudova"],"suffixes":[]},{"firstnames":["Laleh","Mousavi"],"propositions":[],"lastnames":["Eshkevari"],"suffixes":[]},{"firstnames":["Aminata"],"propositions":[],"lastnames":["Saban�"],"suffixes":[]},{"firstnames":["Wei"],"propositions":[],"lastnames":["Wu"],"suffixes":[]}],"month":"March","note":"6 pages.","optnumber":"","optorganization":"","optpages":"","publisher":"�PM","optseries":"","optvolume":"","keywords":"Topic: <b>Code and design smells</b>, Venue: <i>PPAP</i>","url":"http://www.ptidej.net/publications/documents/PPAP13b.doc.pdf","pdf":"http://www.ptidej.net/publications/documents/PPAP13b.ppt.pdf","abstract":"The software engineering literature proposes many methods, techniques and tools to ease software development, among which design patterns. The main goal of design patterns is to ease software development through the reuse of good practices in software design and implementation. Design patterns pertain to various domains, including security. In the context of security, security patterns describe design and implementation solutions intended to protect data from a set of possible threats or at least to reduce the risk of their occurrences. Previous works on security patterns defined these patterns and proposed strategies to find occurrences of these patterns using techniques that detect the relationships between software components. However, to the best of our knowledge, these approaches did not describe the behavioural aspects of the components, such as the internal implementation of methods. Behavioural aspects are necessary to investigate and validate the following characteristics: constraints and scope. It is important to guide developers to the correct use of security patterns and preventing wrong implementation and security holes. This article proposes an approach, using Coloured Petri Nets and a set of API already available in the Ptidej reverse- engineering tool suite, to formalise and analyse the structural and behavioural aspects of security patterns and identify their occurrences in different kinds of software systems.","bibtex":"@INPROCEEDINGS{DaSilvaJr13-PPAP-SecurityPatterns,\r\n AUTHOR = {Da Silva, Luis Sergio and Yann-Ga�l Gu�h�neuc and \r\n John Mullins},\r\n BOOKTITLE = {Proceedings of the 1<sup>st</sup> International Workshop on Patterns Promotion and Anti-patterns Prevention (PPAP)},\r\n TITLE = {An Approach to Formalise Security Patterns},\r\n YEAR = {2013},\r\n OPTADDRESS = {},\r\n OPTCROSSREF = {},\r\n EDITOR = {Surafel Lemma Abebe and Venera Arnaoudova and \r\n Laleh Mousavi Eshkevari and Aminata Saban� and Wei Wu},\r\n MONTH = {March},\r\n NOTE = {6 pages.},\r\n OPTNUMBER = {},\r\n OPTORGANIZATION = {},\r\n OPTPAGES = {},\r\n PUBLISHER = {�PM},\r\n OPTSERIES = {},\r\n OPTVOLUME = {},\r\n KEYWORDS = {Topic: <b>Code and design smells</b>, \r\n Venue: <i>PPAP</i>},\r\n URL = {http://www.ptidej.net/publications/documents/PPAP13b.doc.pdf},\r\n PDF = {http://www.ptidej.net/publications/documents/PPAP13b.ppt.pdf},\r\n ABSTRACT = {The software engineering literature proposes many \r\n methods, techniques and tools to ease software development, among \r\n which design patterns. The main goal of design patterns is to ease \r\n software development through the reuse of good practices in software \r\n design and implementation. Design patterns pertain to various \r\n domains, including security. In the context of security, security \r\n patterns describe design and implementation solutions intended to \r\n protect data from a set of possible threats or at least to reduce the \r\n risk of their occurrences. Previous works on security patterns \r\n defined these patterns and proposed strategies to find occurrences of \r\n these patterns using techniques that detect the relationships between \r\n software components. However, to the best of our knowledge, these \r\n approaches did not describe the behavioural aspects of the \r\n components, such as the internal implementation of methods. \r\n Behavioural aspects are necessary to investigate and validate the \r\n following characteristics: constraints and scope. It is important to \r\n guide developers to the correct use of security patterns and \r\n preventing wrong implementation and security holes. This article \r\n proposes an approach, using Coloured Petri Nets and a set of API \r\n already available in the Ptidej reverse- engineering tool suite, to \r\n formalise and analyse the structural and behavioural aspects of \r\n security patterns and identify their occurrences in different kinds \r\n of software systems.}\r\n}\r\n\r\n","author_short":["Da Silva, L. S.","Gu�h�neuc, Y.","Mullins, J."],"editor_short":["Abebe, S. L.","Arnaoudova, V.","Eshkevari, L. M.","Saban�, A.","Wu, W."],"key":"DaSilvaJr13-PPAP-SecurityPatterns","id":"DaSilvaJr13-PPAP-SecurityPatterns","bibbaseid":"dasilva-guhneuc-mullins-anapproachtoformalisesecuritypatterns-2013","role":"author","urls":{"Paper":"http://www.ptidej.net/publications/documents/PPAP13b.doc.pdf"},"keyword":["Topic: <b>Code and design smells</b>","Venue: <i>PPAP</i>"],"metadata":{"authorlinks":{}}},"bibtype":"inproceedings","biburl":"http://www.yann-gael.gueheneuc.net/Work/Publications/Biblio/complete-bibliography.bib","dataSources":["8vn5MSGYWB4fAx9Z4"],"keywords":["topic: <b>code and design smells</b>","venue: <i>ppap</i>"],"search_terms":["approach","formalise","security","patterns","da silva","gu�h�neuc","mullins"],"title":"An Approach to Formalise Security Patterns","year":2013}