Formalization, Selection and Detection of Security Patterns

Abstract

Generally, software requirement analysis and design methodologies based on different UML (Unified Modelling Language) diagrams need to be strengthened by the use of a number of security patterns. Security Patterns provide a way for the software developers to communicate at security level in more comprehensive way. Over the last few years, a number of security patterns has been gradually increased and still increasing. Large number of security patterns has given rise to critical problem of selecting the appropriate security pattern to solve the problem at hand. In this study, an attempt has been made for automated verification of security pattern and an approach is proposed for selection of appropriate security patterns that fulfills security requirements. In order to demonstrate this approach, four security patterns have been selected such as Single Access Point, CheckPoint, Role and Session. A grammar has been developed for the verification of selected security patterns. Goal-Oriented Requirement Language (GRL) has been used for creating the repository of formalized security patterns, this GRL model is used for extracting facts which are then represented as relational instances. Queries have been made to the instances to find appropriate security pattern which fulfils security requirements. This approach clearly identifies the contribution and consequences of a security pattern towards the security related Non Functional Requirements (NFRs). It also checks for the relationships and dependences among the security patterns, which helps in finding the pre-requisite patterns for the selected security patterns. Finally, a method for detection of security patterns using similarity score is presented.