Security architecture metamodel for Model Driven security

Makhlouf Derdour, Adel Alti, Mohamed Gasmi, Philippe Roose
2015 Journal of Innovation in Digital Ecosystems  
SMSA Security connector UML profile ADL OCL Vulnerability point's detection architectures A B S T R A C T A key aspect of the design of any software system is its architecture. One issue for perpetually designing good and robust architectures is the new security concepts. Many new applications are running on powerful platforms that have ample rich architecture models to support multiples security techniques and to explicit several security constraints. The design of an architecture meta-model
more » ... at considers security connectors is required in order to ensure a realistic secure assembly and to address the problems of vulnerability of exchanging data flow. Our research proposes a generic meta-modelling approach called SMSA (Security Meta-model for Software Architecture) for describing a software system as a collection of components that interact through security connectors. SMSA metamodel is modeled as a UML SMSA profile. We exploit UML powerful capacities (meta-models and models) to define security concepts of SMSA (e.g. security connectors, composite and domain). A major benefit of UML profile is to the faithful representation of connectors to support the definition of security connector types explicitly and to support them with the ability to associate semantic properties. We also provide a set of model transformations to fit security requirements of a system. These transformations are detailed and validated with phosphate support system (SAGE) for the company FERPHOS: a case study described in SMSA. The model is tested and validated with the semantic constraints defined by the profile using Eclipse 3.1 plug-in in this case study. (M. Derdour), altiadel2002@yahoo.fr, alti.adel@univ-setif.dz (A. Alti), mohamed_gasmi@yahoo.fr (M. Gasmi), Philippe.Roose@iutbayonne.univ-pau.fr (P. Roose). anytime and anywhere. Development environments that support their implementation are unstable (e.g. develop applications whose heart is independent of volume, users and devices using adaptive technologies to respond to each case) and applications must deal with the volatility of resources http://dx.
doi:10.1016/j.jides.2015.12.001 fatcat:rfpxpyppovgkxdaraow6jdw2gm