MITER: Modeling, Composing and Testing of Security Concerns

MITER is a project funded by the FNR, through the CORE program.

Project Number: C10/IS/783852

From: 01/05/2011

To: 30/04/2014

Budget: 320,000.00€

Project Abstract:

Security is not only a keyword, it is currently a critical issue that has to be embraced by modern software engineering (SE) techniques. From this SE point of view, ensuring confidence in the implemented security mechanisms is the key objective when deploying a security concern. This objective can be reached by improving the design and implementation process via modeling and automation, such as security code generation from models, and by systematic testing and verification.

As stated in the FNR programme description, “Information Security and Trust Management” is one of the cornerstones of the Information Society, a “transversal” research domain of central and ever-growing importance not only for the banking industry, but for nearly all other ICT applications and e-services. Thus, security concerns impact many ICT domains in many different ways.

Secure programming techniques are now better understood and guidelines teach programmers how to avoid buffer overflows, when to validate inputs and how to apply cryptography. The key problem is that security should not be under the sole responsibility of the programmer (hopefully competent). Dealing with security at a programming level is risky, often not sufficient and is not the most productive. Indeed, to face large classes of attacks, security experts must express the security policy, which is the result of a risks and threats analysis. This security policy cannot be deployed without taking into account the software development lifecycle in a whole. In other words, it is necessary to consider the requirements, analysis and design developments phases and the links between these phases to be able to represent (with models) and analyze (with model analysis security methods) security concerns in order to detect or prevent from attacks. Second, the fact that security concerns impact many ICT domains in many different ways, amplified by the fact that economic pressure reduces development time and increases the frequency modifications are made, constantly imposes more productive and flexible development methods. To sum up, for agile modeling, there is an urgent need for modeling tools which allows composing functional, architectural and – in MITER project – security expert viewpoints into an integrated productive model.

In this context, the MITER project aims at developing new modeling techniques to 1) represent security concerns (e.g. access control and usage control policies), 2) compose them with the business logic model (called target model), and 3) test the security model composition against security requirements. These three objectives converge to an integrated model-driven security process which allows a business model to embed various security concerns, and makes these security properties testable by construction.

More specifically, the objective of the first task of the project, which is the modeling of security concerns, is to propose a portfolio of well-defined security models (specified with both structural and behavioral views) without any consideration of a target model i.e., the model in which the security models will be inserted or composed. Consequently, each security concern will be modeled in isolation leading to a better understanding and modularization of these security concerns.

The second objective of MITER is to automatically compose a subset of selected security models with the target model to obtain a new model of the system augmented of security properties. This model composition will be performed using aspect-oriented modeling approaches or model composers. Once various security models specified, the automation of the composition should allow to adapting more easily the target model to different situations by allowing the automated composition of appropriate security models.

The third objective of the MITER is to exploit the model composition operators to make the final implementation testable by construction. Composing security models/viewpoints into the target model will lead to a more detailed model, which will finally be implemented. The code production is error prone and the conformance of the implementation with the security policy must be tested. The composition operators we propose may offer an elegant way (1) to make the implemented security mechanisms testable, in the sense they can be made observable at runtime, (2) to propose a security fault model to perform mutation analysis on the final code.

These three objectives should allow the trustfully design of a large family of secure systems in an automatic and efficient way

Scientific Contributions:

List of the published papers related to the project:

  1. [pdf] Levi Lucio, Qin Zhang, Phu H. Nguyen, Moussa Amrani, Jacques Klein, Hans Vangheluwe, Yves Le Traon, Advances in Model-Driven Security, Advances in Computers, in Atif Memon (Ed.), Volume 93, pages 103-152, 2014.
  2. [pdf] Phu Nguyen, Gregory Nain, Jacques Klein, Tejeddine Mouelhi, Yves Le Traon, Modularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management, Transactions on Aspect-Oriented Software Development (TAOSD), Springer, LNCS 8400, 2014, pages 109-144.
  3. [pdf] Phu H. Nguyen, Jacques Klein, Yves Le Traon, Model-Driven Security with A System of Aspect-Oriented Security Design Patterns, 2nd Workshop on View-Based, Aspect-Oriented and Orthographic Software Modelling, July 2014, York, United Kingdom.
  4. [pdf] Phu Nguyen, Jacques Klein, Max Kramer, Yves Le Traon, A Systematic Review of Model-Driven Security, 20th Asia-Pacific Software Engineering Conference Proceedings (APSEC), IEEE, Dec. 2013, pages 432-441, Bangkok, Thailand.
  5. [pdf] Christopher Henard, Mike Papadakis, Gilles Perrouin, Jacques Klein, Yves Le Traon, Multi-objective Test Generation for Software Product Lines, 17th International Software Product Line Conference (SPLC), ACM, August 2013, pages 62-71, Tokyo, Japan, (acceptance rate: 33%, 18/55).
  6. [pdf] Christopher Henard, Mike Papadakis, Gilles Perrouin, Jacques Klein, Patrick Heymans, Yves Le Traon, Bypassing the Combinatorial Explosion: Using Similarity to Generate and Prioritize T-wise Test Configurations for Software Product Lines, IEEE Transactions on Software Engineering (TSE), IEEE, Volume 40, Issue 7, July 2014, pages 650 - 670.
  7. Phu Nguyen, Gregory Nain, Jacques Klein, Tejeddine Mouelhi and Yves Le Traon, Model-Driven Adaptive Delegation, 12th International Conference on Aspect Oriented Software Development - AOSD 2013, ACM, March 2013, pages 61-72, Fukuoka, Japan, (acceptance rate: 27%, 17/62).
  8. [pdf] M. E. Kramer, J. Klein, J. R. H. Steel, B. Morin, J. Kienzle, O. Barais, and J.-M. Jézéquel, Achieving Practical Genericity in Model Weaving through Extensibility, International Conference on Model Transformation (ICMT), Springer, LNCS 7909, June 2013, pages 108-124, Budapest, Hungary, (acceptance rate: 21%, 12/58).
  9. [pdf] Christopher Henard, Mike Papadakis, Gilles Perrouin, Jacques Klein, Yves Le Traon, Towards Automated Testing and Fixing of Re-engineered Feature Models, International Conference of Software Engineering, New Ideas & Emerging Results Track (NIER@ICSE), IEEE Press, May 2013, pages 1245-1248, San Francisco, USA, (acceptance rate: 22%, 31/143).
  10. Phu H. Nguyen, Mike Papadakis, and Iram Rubab, “Testing delegation policy enforcement via mutation analysis”, In the Mutation workshop @ ICST, March 2013. Luxembourg
  11. [pdf] Gilles Perrouin, Brice Morin, Franck Chauvel, Franck Fleurey, Jacques Klein, Yves Le Traon, Olivier Barais, Jean-Marc Jézéquel, Towards Flexible Evolution of Dynamically Adaptive Systems, International Conference of Software Engineering, New Ideas & Emerging Results Track (NIER@ICSE), June 2012, pages 1353-1356, Zurich, Switzerland, (acceptance rate: 18%, 26/147).
  12. [pdf] Max Kramer, Jacques Klein, Jim Steel, Building Specifications as a Domain-Specific Aspect Language, Seventh Workshop on Domain-Specific Aspect Languages, DSAL’12@AOSD, March 2012, Postdam, Germany.
  13. [pdf] Mauricio Alferez, Nuno Amalio, Selim Ciraci, Franck Fleurey, Joerg Kienzle, Jacques Klein, Max Kramer, Sebastien Mosser, Gunter Mussbacher, Ella Roubtsova and Gefei Zhang, Aspect-Oriented Model Development at Different Levels of Abstraction, Seventh European Conference on Modelling Foundations and Applications (ECMFA 2011), June 2011, pages 361-376, Birmingham, UK, (acceptance rate: 36%, 19/53).

List of the papers under-submission related to the project:

  1. [11] Phu H. Nguyen, Max Kramer, Jacques Klein and Yves Le Traon, An Extensive Systematic Review on Model-Driven Development of Secure Systems, UNDER SUBMISSION at Information and Software Technology.
  2. [10] Phu H. Nguyen, Koen Yskout, Thomas Heyman, Jacques Klein, Riccardo Scandariato, and Yves Le Traon, Model-Driven Security based on A Unified System of Security Design Patterns, UNDER SUBMISSION at ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS 2014), Oct. 2015, Ottawa, Canada.

Tools:

Link to the GeKo tool.