Interplay of security and software architecture.

In a recent paper [1], we proposed pattern and properties specification languages to support the pattern-based development of secure software systems. Providing clear, precise, correct and implementable pattern specification is not enough for using a pattern in an automatic way in software engineering development processes. Patterns usually are used in the form of collections of patterns. The pattern of each system and the interaction of patterns within each system are usually well captured and managed. The problem is unpredictable interactions between pattern systems or even between individual patterns. Every system has its particular set of patterns and a much bigger set of unspecified pattern interaction potentials and therefore pattern interaction errors. The interplay between requirements engineering and architecting has been well established but we lack methods and tools to support it. There has been a renewed interest in how to support the Twin Peaks model [2] in a wide range of aspects, such as theoretical frameworks for relating requirements and architecture, tools and techniques such as goal-oriented inference and uncertainty management, problem frames and service composition. There are also approaches for applying the Twin Peaks model in the context of security [3]. There has also been a discussion of the similarities between the problem and solution space and the way of interpreting requirements and design decisions based on the viewpoint of a stakeholder [4].

The goal of this work is to improve this research by investigating more concepts and more semantics to define a new formal modeling paradigm for compositional security within a pattern-based approach as a foundation for novel security engineering practices. We will use concepts such as tactics [5], which have been applied for architectural patterns but not yet to architecture/security composition and integration.

Bibliography.

[1] Hamid, B., Gürgens, S., Fuchs, A., 2016. Security patterns modeling and formalization for pattern-based development of secure software systems. Innovations in Systems and Software Engineering, Springer 12 (2), 109–140.

[2] Avgeriou, P., Grundy, J., Hall, J. G., Lago, P., Mistrík, I. (Eds.), 2011. Relating Software Requirements and Architectures. Springer.

[3] Heyman, T., Yskout, K., Scandariato, R., Schmidt, H., Yu, Y., 2011. The security twin peaks. Proceedings of the International Symposium on Engineering Secure Software and Systems (ESSoS). Vol. LNCS 6542 of Lecture Notes in Computer Science. Springer, pp. 167–180.

[4] Schmidt, H., Jürjens, J., 2011. Connecting Security Requirements Analysis and Secure Design Using Patterns and UMLsec. In: 23rd International Conference on Advanced Information Systems Engineering (CAiSE). Vol. 6741 of LNCS. Springer, pp. 367–382.

[5] Bass, L., Clements, P., Kazman, R., 2013. Software Architecture in Practice (3rd Edition). Addison Wesley.

To apply, please send your CV at: hamid at irit dot fr

Remarques. The internship will be remunerated. It can be extended to a PhD grant on the same project.