Composing patterns to construct secure systems

Authors

Paul Rimba, Liming Zhu, Len Bass, Ihor Kuz and Steve Reeves

NICTA

UNSW

The University of Waikato

Abstract

Building secure applications requires significant expertise. Secure platforms and security patterns have been proposed to alleviate this problem. However, correctly apply- ing patterns to use platform features is still highly expertise- dependent. Patterns are informal and there is a gap between them and platform features. We propose the concept of reusable verified design fragments, which package security patterns and platform features and are verified to provide assurance about their security properties. Design fragments can be composed through four primitive tactics. The verification of the composed design against desired security properties is presented in an assurance case. We demonstrate our approach by securing a Continuous Deployment pipeline and show that the tactics are sufficient to compose design fragments into a secure system. Finally, we formally define composition tactics, which are intended to support the development of systems that are secure by construction.

BibTeX Entry

  @inproceedings{Rimba_ZBKR_15,
    address          = {Paris, France},
    author           = {Rimba, Paul and Zhu, Liming and Bass, Len and Kuz, Ihor and Reeves, Steve},
    booktitle        = {European Dependable Computing Conference},
    keywords         = {security; verification; patterns; composition; assurance},
    month            = sep,
    pages            = {213--224},
    paperurl         = {https://trustworthy.systems/publications/nicta_full_text/8861.pdf},
    title            = {Composing Patterns to Construct Secure Systems},
    year             = {2015}
  }

Download

• Full text
• BibTeX