Abstract
In this paper we show how design-level aspects can be used to develop high integrity systems. In our approach, a system designer must first identify the specific mechanisms required for high integrity systems. To support this activity we have developed an initial tabulation of different kinds of threats and the mechanisms used to prevent, detect, and recover from the related attacks and problems. Each mechanism can be modeled independently as an aspect. After the mechanisms are identified, the corresponding aspects are then woven in the appropriate order into the models of the essential system functionality to produce a model of a high integrity system.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35693-8_16
Chapter PDF
Similar content being viewed by others
Key words
References
G. J. Ahn and M. E. Shin 2001. Role-based authorization constraints specification using object constraint language. Proceedings of the 10th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises: 157–162, Cambridge, MA, June.
H. A. Ali 2001. A new model for monitoring intrusion based on Petri nets. Information Management and Computer Security 9 (4): 175–182.
L. F. Andrade and J. L. Fiadeiro 2001. Coordination technologies for managing information system evolution. Proceedings of the 13` h Conference on Advanced Information Systems Engineering. Interlaken, Switzerland, June.
F. Bergenti and A. Poggi 1999. Promoting reuse in aspect-oriented languages by means of aspect views. Technical Report DII-CE-TR005–99, DII — Universita di Parma, Parma.
L. Bergmans and M. Aksit 2001. Composing crosscutting concerns using composition filters. Communications of the ACM 44(10), October: 51–57.
M. T. Chan and L. F. Kwok 2001. Integrating security design into the software development process for e-commerce systems. Information Management and Computer Security 9 (2–3): 112–122.
S. Clarke and J. Murphy 1998. Developing a tool to support the application of aspect-oriented programming principles to the design phase. Proceedings of the International Conference on Software Engineering, Kyoto, Japan, April.
P. T. Devanbu and S. Stubblebine 2000. Software Engineering for Security: a Roadmap. Future of Software Engineering ICSE 2000 Special Volume.
Z. Diamadi and M. J. Fischer 2001. A simple game for the study of trust in distributed systems. Wuhan University Journal of Natural Sciences 6 (1–2): 72–82.
J. L. Fiadeiro and A. Lopes 1999. Algebraic semantics of co-ordination or what is it in a signature? Proceedings of the 1 h International Conference on Algebraic Methodology and Software Technology, Amazonia, Brasil, January.
R. B. France, D. K. Kim, and E. Song 2002. Patterns as precise characterizatons of designs. Technical Report 02–101, Computer Science Department, Colorado State University.
R. France, D. K. Kim, E. Song, and S. Ghosh 2001. Using roles to characterize model families. Proceedings of the 10` h OOPSLA Workshop on Behavioral Semantics: Back to the Basics, Seattle, WA.
R. France and G. Georg 2002. Modeling fault tolerant concerns using aspects. Technical Report 02–102, Computer Science Department, Colorado State University.
G. Georg, I. Ray, and R. France 2002. Using aspects to design a secure system. Proceedings of the 8th IEEE International Conference on Engineering of Complex Computer Systems. Greenbelt, MD, December.
L. Giuri and P. Iglio 1996. A role-based secure database design tool. Proceedings of the 12 th Annual Computer Security Applications Conference: 203–212.
J. Gray, T. Bapty, S. Neema, and J. Tuck 2001. Handling crosscutting constraints in domain-specific modeling. Communications of the ACM 44(10), October: 87–93.
R. Holbein, S. Teufel, and K. Bauknecht 1996. A formal security design approach for information exchange in organisations. Proceedings of the 9 th Annual IFIP TC11 Working Conference on Database Security: 267–285, Rennselaerville, NY.
J. Jurjens 2001. Towards development of secure systems using UMLsec. Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering: 187–200, Genova, Italy.
J. Jurjens 2001. Modeling audit security for smart-card payment schemes with UMLSEC. Proceedings of the IFIP TC11 16` h International Conference on Information Security: 93–107, Paris, France, June.
G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W. G. Griswold 2001. Getting started with AspectJ. Communications of the ACM 44(10), October: 59–65.
K. Lieberherr, D. Orleans, and J. Ovlinger. 2001. Aspect-oriented programming with adaptive methods. Communications of the ACM 44(10), October: 39–41.
U. Nerurkar 2000. A strategy that’s both practical and generic. Dr. Dobb’s Journal 25(11), November: 50–56.
P. Netinant, T. Elrad, and M. E. Fayad 2001. A layered approach to building open aspect-oriented systems. Communications of the ACM 44(10), October: 83–85.
Object Management Group 2001. Unified Modeling Language Version 1.4. http://www.omg.org, September.
H. Ossher and P. Tarr 2001. Using multidimensional separation of concerns to (re)shape evolving software. Communications of the ACM 44(10), October: 43–50.
J. A. D. Pace and M. R. Campo 2001. Analyzing the role of aspects in software design. Communications of the ACM 44(10), October.
C. P. Pfleegler 1997. Security in Computing, 2“’ Edition. Prentice-Hall.
A. R. Silva 1999. Separation and composition of overlapping and interacting concerns. Proceedings of the is t Workshop on Multi-Dimensional Separation of Concerns in Object-Oriented Systems. Denver, CO, November.
G. T. Sullivan 2001. Aspect-oriented programming using reflection and metaobject protocols. Communications of the ACM 44(10), October: 95–97.
D. Trcek 2000. Security policy conceptual modeling and formalization for networked information systems. Computer Communications 23 (17): 1716–1723.
J. Warmer and A. Kleppe 1999. The Object Constraint Language: Precise Modeling with UML. Addison Wesley.
J. J. Whitmore 2001. A method for designing secure solutions. IBM Systems Journal 40 (3): 747–768.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Georg, G., France, R., Ray, I. (2003). Designing High Integrity Systems Using Aspects. In: Gertz, M. (eds) Integrity and Internal Control in Information Systems V. IICIS 2002. IFIP — The International Federation for Information Processing, vol 124. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35693-8_3
Download citation
DOI: https://doi.org/10.1007/978-0-387-35693-8_3
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5535-0
Online ISBN: 978-0-387-35693-8
eBook Packages: Springer Book Archive