SERENITY Aware System Development Process

  • Daniel Serrano
  • Antonio Maña
  • Rafael  Llarena
  • Beatriz Gallego-Nicasio Crespo
  • Keqin Li
Part of the Advances in Information Security book series (ADIS, volume 45)


Traditionally, security patterns have successfully been used to describe security and dependability. In the SERENITY Project the notion of security and dependability (S&D) pattern has been extended to exact specifications of re-usable security mechanisms for Ambient Intelligence (AmI) systems. These S&D Patterns include information on the security properties satisfied by the solution and on the context conditions to be fulfilled. This chapter presents the development of applications supported by SERENITY. In the context of SERENITY we refer to these applications as Serenity-aware applications. Firstly, this chapter presents the Serenity-aware application design using S&D Artefacts. Secondly, it proposes a Java Application Programming Interface (API) to be used in the application development. And, finally, it introduces the development of an example Serenity-aware application.


Application Program Interface Security Requirement Sequence Diagram Ambient Intelligence Type String 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Lodderstedt T, Basin D, Doser J. (2002) Secureuml: A uml-based modeling language for model-driven security. In UML '02: Proceedings of the 5th International Conference on The Unified Modeling Language, pages 426–441, London, UK. Springer-Verlag.Google Scholar
  2. 2.
    Best B, Jurjens J, Nuseibeh B. (2007) Model-based security engineering of distributed information systems using umlsec.In ICSE '07: Proceedings of the 29th International Conference on Software Engineering, pages 581–590, Washington, DC, USA. IEEE Computer Society.Google Scholar
  3. 3.
    Lacoste G. (2000) Semper-Secure Electronic Marketplace for Europe. Springer-Verlag New York, Inc., Secaucus, NJ, USA.Google Scholar
  4. 4.
    Röhm A. W. (1999) Cops: A model and infrastructure for secure and fair electronic markets. In HICSS '99: Proceedings of the Thirty-second Annual Hawaii International Conference on System Sciences-Volume 8, page 8021, Washington, DC, USA. IEEE Computer Society.Google Scholar
  5. 5.
    Aagedal J. O, den Braber F, Dimitrakos T, Gran B, Raptis D, Stölen K. (2002) Model-based risk assessment to improve enterprise security. In EDOC '02: Proceedings of the Sixth International ENTERPRISE DISTRIBUTED OBJECT COMPUTING Conference (EDOC'02), page 51, Washington, DC, USA. IEEE Computer Society.Google Scholar
  6. 6.
    Basin D, Doser J, Lodderstedt T. (2003) Model driven security for process-oriented systems. In em SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies, pages 100–109, New York, NY, USA. ACM.CrossRefGoogle Scholar
  7. 7.
    Schumacher M. (2003) Security Engineering with Patterns: Origins, Theoretical Models, and New Applications. Springer-Verlag New York, Inc., Secaucus, NJ, USA.Google Scholar
  8. 8.
    The Open Group. (2004) Security Design Patterns (SDP) technical guide. The Open Group.Google Scholar
  9. 9.
    Konrad S, Cheng B, Campbell L, Wassermann R. (2003) Using security patterns to model and analyze security requirements. In Proceedings of the Requirements for High Assurance Systems Workshop (RHAS03) as part of the IEEE Joint International Conference on Requirements Engineering (RE03), Monterey Bay, CA, USA.Google Scholar
  10. 10.
    Greenfield J, Short K, Cook S, Kent S, Crupi J. Software Factories: Assembling Applications with Patterns, Models, Frameworks, and Tools. Wiley.Google Scholar
  11. 11.
    Szyperski C. (1998) Component software: beyond object-oriented programming. ACM Press/Addison-Wesley Publishing Co.Google Scholar
  12. 12.
    ISO/IEC. Unified Modeling Language (UML). version 1.4.2. international standard iso/iec 19501.Google Scholar
  13. 13.
    Bresciani P, Giorgini P, Giunchiglia F, Mylopoulos J, Perini A. (2004) Tropos: An agent-oriented software development methodology. journal of autonomous agents and multi-agent systems. Journal of Autonomous Agents and Multi-Agent Systems. 8:203–236.CrossRefGoogle Scholar
  14. 14.
    Fuentes-Fernández L, Vallecillo-Moreno A. (2004) An introduction to uml profiles. The European Journal for the Informatics Professional, 5(2).Google Scholar
  15. 15.
    A. Maña, A. Muñoz, F. Sánchez-Cid, D. Serrano, G. Pujol, S. Torres, S. Gergens, C. Rudolph, A. Saidane, F. Dalpiaz, F. Massacci, and P. Soria Rodriguez. (2007) Security properties specification language. Serenity Public Report A5.D3.1.Google Scholar
  16. 16.
    ISO/IEC. Ebnf notation. international standard iso/iec 14977:1996(e).Google Scholar
  17. 17.
    P. El Khoury, B. Gallego-Nicasio, S. Kumar Sinha, K. Li, A. Maña, A. Muñoz, J.F. Ruiz, A. Saidane, and D. Serrano. (2008) End-user requirements specification language (initial version). Serenity Public Report A5.D4.1.Google Scholar

Copyright information

© Springer-Verlag US 2009

Authors and Affiliations

  • Daniel Serrano
    • 1
  • Antonio Maña
    • 2
  • Rafael  Llarena
    • 3
  • Beatriz Gallego-Nicasio Crespo
    • 4
  • Keqin Li
    • 5
  1. 1.Computer Science DepartmentUniversity of MalagaMalagaMálaga
  2. 2.Computer Science DepartmentUniversity of MalagaMalagaMálaga
  3. 3.Atos OriginMadrid
  4. 4.Atos OriginMadrid
  5. 5.SAP Research SRC Sophia AntipolisMouginsFrance

Personalised recommendations