Representation of Security and Dependability Solutions

  • Francisco Sánchez-Cid
  • Antonio Maña
  • George Spanoudakis
  • Christos Kloukinas
  • Daniel Serrano
  • Antonio Muñoz
Part of the Advances in Information Security book series (ADIS, volume 45)


AmI considerations lead us to argue that it is essential for Security and Dependability (S&D) mechanisms to be able to adapt themselves to renewable context conditions in order to be applied to the ever-changing AmI scenarios. The key for this dynamic adaptation relies on the ability to capture the expertise of S&D engineers in such a way that it can be selected, adapted, used and monitored at runtime by automated means. S&D Artefacts proposed in this chapter represent the core of author’s approach to precisely model such expertise in form of semantic descriptions. They adopt an integral methodology covering the complete system life cycle going from S&D Classes, mostly used at development time, to S&D Patterns and S&D Implementations, perfectly suited for deployment and runtime use. This chapter traces the foundations and internals of S&D Artefacts, describing how they are defined and structured, and how they are categorized and grouped to form an exhaustive library of sound S&D Solutions.


Smart Card Design Pattern Trusted Third Party Semantic Description Pattern Language 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Reiter, M. (1996) Distributing trust with the Rampart toolkit, Communications of the ACM, v.39 n.4, p.71–74.CrossRefMathSciNetGoogle Scholar
  2. 2.
    BEA White Paper BEA WebLogic Security Framework Working with Your Security Eco-System. Cited 6 July 2008.
  3. 3.
    Object Management Group. The Common Object Request Broker Architecture and Specification. Cited 6 July 2008.
  4. 4.
    Llewellyn-Jones, D., Merabti, M., Shi, Q., B. Askwith (2004) An Extensible Framework for Practical Secure Component Composition in a Ubiquitous Computing Environment. In Proceedings of International Conference on Information Technology.Google Scholar
  5. 5.
    Fayad, M., Johnson, R., Schmidt, D.C. (1999) Building Application Frameworks Object-Oriented Foundations of Framework Design. Wiley & Sons.Google Scholar
  6. 6.
    Schumacher, M., Mouratidis, H., Giorgini, P. (2003) Security Patterns for Agent Systems. In Proc. of 8th European Conference on Pattern Languages of Programs.Google Scholar
  7. 7.
    Wooldridge, M., Jennings, N.R., Kinny., D. (2000) The Gaia methodology for agent-oriented analysis and design. Journal of Autonomous Agents and Multi-Agent Systems, 3(3), p.285.CrossRefGoogle Scholar
  8. 8.
    Boudaoud, K., McCathieNevile, C. (2002) An Intelligent Agent-based Model for Security Management. In Proc. 7th International Symposium on Computers and Communications.Google Scholar
  9. 9.
    Nobukazu Y., Shinichi H., Anthony F. (2004) Security Patterns A Method for Constructing Secure and Efficient Inter-Company Coordination Systems. Enterprise Distributed Object Computing Conference.Google Scholar
  10. 10.
    Cigital Labs AOP An Aspect-Oriented Security Assurance Solution. Cited 6 July 2008
  11. 11.
    Shah, V., Hill, F. (2003) An Aspect-Oriented Security Framework. DARPA Information Survivability Conference and Exposition - Volume II, p. 143.Google Scholar
  12. 12.
    Llewellyn-Jones, D., Merabti, M., Shi, Q., Askwith, B. (2004) Utilizing Component Composition for Secure ubiquitous Computing. In Proceedings of 2nd UK-UbiNet Workshop.Google Scholar
  13. 13.
    Shi, Q., Zhang, N. (1998) An effective model for composition of secure systems. Journal of Systems and Software. 43(3), pp. 233–244.CrossRefGoogle Scholar
  14. 14.
    Mantel, H. (2002) On the composition of secure systems. In Proc. of IEEE Symposium on Security and Privacy.Google Scholar
  15. 15.
    Canal, C., Fuentes, L., Pimentel, E., Troya, J.M., Vallecillo, A. (2003) Adding Roles to CORBA Objects. IEEE Transactions on Software Engineering 29(3), pp. 242–260.CrossRefGoogle Scholar
  16. 16.
    López, J., Maña, A., Ortega, J.J., Troya, J., Yague, M.I. (2003) Integrating PMI Services in CORBA Applications. In Computer Standards & Interfaces, 25, 4, pp. 391–409. Elsevier.Google Scholar
  17. 17.
    Meling, R. (2000) Storing and Retrieving Software Components A Component Description Manager. In Proc. of the Australian Software Engineering Conference. IEEE.Google Scholar
  18. 18.
    Becker, S. (2006) Coordination and Adaptation Techniques Bridging the Gap between Design and Implementation. Report on the ECOOP’2006 Workshop on Coordination and Adaptation Techniques for Software Entities. Springer.Google Scholar
  19. 19.
    Khan, K., Han, J. (2002) Composing Security-aware Software. IEEE Software, Vol. 19, Issue 1, pp 34–41. IEEE.CrossRefGoogle Scholar
  20. 20.
    Brogi, A., Cmara, J., Canal, C., Cubo, J., Pimentel, E. (2006) Dynamic Contextual Adaptation. Workshop on the Foundations of Coordination Languages and Software Architectures. Electronic Notes in Theoretical Computer Science. Elsevier.Google Scholar
  21. 21.
    McDermid, J.A, Shi, Q. (1992) Secure composition of systems. In Proc. of Eighth Annual Computer Security Applications Conference, pp. 112–122.Google Scholar
  22. 22.
    Jaeger, T. (1998) Security Architecture for component-based Operating System. In ACM Special Interest Group in Operating Systems (SIGOPS) European Workshop.Google Scholar
  23. 23.
    Ghosh, A.K., McGraw, G. An Approach for Certifying Security in Software Components.Google Scholar
  24. 24.
    Kienzle, D.M., Elder, M.C. Final Technical Report Security Patterns for Web Application Development.Google Scholar
  25. 25.
    IBM’s Security Strategy team (2004) Introduction to Business Security Patterns. An IBM White Paper. http // Cited 6 July 2008.
  26. 26.
    Konrad, S., Cheng, B.H.C., Campbell, Laura, A., Wassermann, R. (2003) Using Security Patterns to Model and Analyze Security Requirements. In Proc. Requirements for High Assurance Systems Workshop.Google Scholar
  27. 27.
    Yoder, J., Barcalow, J. (2000) Architectural Patterns for Enabling Application Security. In Pattern Languages of Program Design, pp. 301–336. Addison Wesley.Google Scholar
  28. 28.
    Romanosky, S. (2001) Security Design Patterns, Part 1, 1.4.Google Scholar
  29. 29.
    Gamma, E., Helm, R., Johnson, R., and Vlissides, J. (1994) Design patterns Elements of Reusable Object-Oriented Software. Addison-Wesley.Google Scholar
  30. 30.
    Fernandez, E.B. (2006) Security patterns. In Procs. of the Eighth International Symposium on System and Information Security.Google Scholar
  31. 31.
    Fernandez, E.B., Rouyi, P. (2001) A pattern language for security models. PLoP’01.Google Scholar
  32. 32.
    Fernandez, E.B. (2000) Metadata and authorization patterns. Technical report, Florida Atlantic University.Google Scholar
  33. 33.
    Allenby, K., Kelly, T. (2001) Deriving Safety Requirements Using Scenarios. In Proc. of the 5th IEEE International Symposium on Requirements Engineering.Google Scholar
  34. 34.
    Mikkonen, T. (1998) Formalizing design patterns. In Proc. of 20th ICSE, pp. 115–124. IEEE Computer Society Press.Google Scholar
  35. 35.
    Wassermann, R., Cheng, B.H.C. (2003) Security Patterns. Technical Report MSU-CSE-03-23, Computer Science and Engineering.Google Scholar
  36. 36.
    Hallstrom, J. O., Soundarajan, N., Tyler, B. (2004) Monitoring Design Pattern Contracts. In Proc. of the FSE-12 Workshop on Specification and Verification of Component-Based Systems, pp. 87–94.Google Scholar
  37. 37.
    Hallstrom, J. O., Soundarajan, N. (2006) Pattern-Based System Evolution A Case-Study. In Proc of the 18th International Conference on Software Engineering and Knowledge Engineering.Google Scholar
  38. 38.
    Pernul, G., Essmayr, W., Tjoa, A.M. (1997) Access controls by object oriented concepts. In Proc. of 11th IFIP WG 11.3 Working Conference on Database Security.Google Scholar
  39. 39.
    Fernandez, E. B. (2004) Two patterns for web services security. In Proc. International Symposium on Web Services and Applications.Google Scholar
  40. 40.
    Delessy-Gassant, N., Fernandez. E.B., Rajput. S, Larrondo-Petrie, M.M. (2004) Patterns for Application Firewalls. PLoP’04 Conference.Google Scholar
  41. 41.
    Torsten, P, Fernandez, E.B., Mehlau, J.I., Pernul, G. (2004) A pattern system for access control. 18th IFIP WG 11.3 Conference on Data and Applications Security.Google Scholar
  42. 42.
    Androutsopoulos K, Ballas C, Kloukinas C, Mahbub K, Spanoudakis G (2007) Version 1 of the dynamic validation prototype. Deliverable A4.D3.1, SERENITY EU Research Project 027587, available from http //
  43. 43.
    Shanahan MP (1999) The event calculus explained. In Wooldridge MJ, Veloso M (eds) Artificial Intelligence Today, vol 1600, pp 409–430.Google Scholar
  44. 44.
    Spanoudakis G, Tsigkritis T, Kloukinas C (2008) Second version of diagnosis proto-type. Deliverable A4.D5.2, SERENITY EU Research Project 027587, available from http//
  45. 45.
    Tsigkritis T, Spanoudakis G, Kloukinas C, Lorenzoli D (2009) Security and Dependability for Ambient Intelligence, Springer Verlag, chap Diagnosis and Threat Detection Capabilities of the SERENITY Monitoring Framework. Information Security Series.Google Scholar
  46. 46.
    Barthe G, Grgoire B, Pavlova M. (2008) Preservation of Proof Obligations from Java to the Java Virtual Machine. IJCAR 2008. 83–99.Google Scholar

Copyright information

© Springer-Verlag US 2009

Authors and Affiliations

  • Francisco Sánchez-Cid
    • 1
  • Antonio Maña
    • 2
  • George Spanoudakis
    • 3
  • Christos Kloukinas
    • 4
  • Daniel Serrano
    • 5
  • Antonio Muñoz
    • 6
  1. 1.Computer Science DepartmentUniversity of MalagaMalagaMálaga
  2. 2.Computer Science DepartmentUniversity of MalagaMalagaMálaga
  3. 3.Department of ComputingCity University of LondonLondonUK
  4. 4.Department of ComputingCity University of LondonLondonUK
  5. 5.Computer Science DepartmentUniversity of MalagaMalagaMálaga
  6. 6.Computer Science DepartmentUniversity of MalagaMalagaMálaga

Personalised recommendations