Formalization of Secure Service Oriented Product Line

Ines Achour, Lamia Labed, Henda Ben Ghezala

2015

Abstract

In this work, we focus on the SOPL approach (Service Oriented Product Line) which can be used in various domains where SOA based applications are needed such as e/m government, e-business, e-learning and so on. This approach is a combination of Service-Oriented Architecture (SOA) and Software Product Line (SPL). Ensure secure services are vital in order to establish trust between users and service providers. In this context, we aim to propose guidelines for using Secure SOPL which process leads to produce secure service-oriented applications. In fact, with the diversity of the means that allow us to perform security activities, the use of Secure SOPL is difficult especially for developers whose lack experience in the security software, SPL and SOA fields which are the basis the Secure SOPL. Thus, we choose the Map formalism which is a decision-oriented model to formalize the two phases of our Secure SOPL.

References

  1. Achour, I., Labed, L., Ben Ghezala, H., 2014. Toward an Extended Tool for Analysis of Extended Feature Models, In: the International Symposium on Network, Computer and Communications ISNCC'14. Hammamet, Tunisia.
  2. Achour, I., Labed, L., Ben Ghezala, H., 2015. Proposition of Secure Service Oriented Product Line, In: the 6th International Conference on Information Systems and Economic IntelligenceSIIE'15. Hammamet, Tunisia.
  3. Benavides, D., Trinidad, P., Ruiz-cortés, A., 2005. Automated Reasoning on Feature Models. LNCS, Advanced Information Systems Engineering. In: 17th International Conference, CAISE.
  4. Berger, T., Gunther, S., 2008. Service-Oriented Product Lines: Towards a Development Process and Feature Management Model for Web Services, In: 12th International Software Product Line Conference (SPLC 2008), Limerick, Ireland.
  5. Common Criteria for Information Technology Security Evaluation Norm ISO 15408 - Part 1: Introduction and general model - version 3.1 2009.
  6. Common Criteria for Information Technology Security Evaluation Norm ISO 15408 - Part 2: Security functional requirements- version 3.1, 2009.
  7. Common Criteria for Information Technology Security Evaluation Norm ISO 15408 - Part 3: Security assurance requirements- version 3.1, 2009.
  8. De Win, B., Scandariato, R., Buyens, K., Grégoire, J., Joosen, W., 2009. On the secure software development process: CLASP, SDL and Touchpoints compared. Information and Software Technology, Vol. 51, No. 7, pp. 1152-1171.
  9. Essafi, M., 2014. Approche multi-démarches avec guidage flexible pour le développement de logiciels sécurisés, Thesis, Manouba University.
  10. Essafi, M., Labed L., Ben Ghezala, H., 2007. S2D-ProM: A Strategy Oriented Process Model for Secure Software Development, In : the second International Conference on Software Engineering Advances (ICSEA 2007), Cap Esterel, French Riviera, France.
  11. Finkelstein, A., Kramer, J., Nuseibeh, B., 1994. Software Process Modelling and Technology, Advanced Software Development Series, Research Studies Press/John Wiley &Sons..
  12. Howard, M., 2008. Microsoft Corporation: Fundamental practices for secure software development, Stacy Simpson, SAFECode.
  13. Kang, K., Cohen, S., Hess, J., Novak, W., Peterson, S., 1990. Feature-Oriented Domain Analysis (FODA) Feasibility Study. Technical report CMU/SEI-90-TR21, Software Engineering Institute, Carnegie Mellon University, Pittsburgh.
  14. Krakowiak, S., Coupaye, T., Quema, V., Seinturier, L., Stefani, J., 2007. Intergiciel et Construction d'Applications Réparties.
  15. Lipner, S., 2004. The Trustworthy Computing Security Development Lifecycle, Computer Security Applications Conference, 20th Annual Publication, ISSN: 1063-9527, ISBN: 0-7695-2252-1, pages 2-13.
  16. McDermott, J., Fox, C., 1999. Using Abuse Case Models for Security Requirements Analysis, In: 15th Annual Computer Security Applications Conference, Phoenix, Arizona.
  17. McGraw, G., 2004. Software Security: Building Security, In. IEEE Computer Society, IEEE Security and Privacy.
  18. Mead, N. R., Hough, E. D., Stehney, T. R., 2005. Security Quality Requirements Engineering (SQUARE) Methodology, Technical report CMU/SEI-2005-TR009, Carnegie Mellon University.
  19. Medeiros, F., Romero, S., Santana, E., 2009. Towards an Approach for Service-Oriented Product Line Architectures. In: 13th International Software Product Line Conference (SPLC 2009), San Fransisco, CA, USA.
  20. Meier, J. D., Mackman, A., Vasireddy, S., Dunner, M., Escamilla, R., Murukan, A., 2003. Improving Web Application Security: Threats and Countermeasures. Microsoft Corporation.
  21. Mellado, D., Fernández-Medina, E., Piattini, M. , 2007. A common criteria based security requirements engineering process for the development of secure information systems, Computer Standards and Interfaces Volume 29 (2), pp 244-253.
  22. Mellado, D., Fernández-Medina, E., Piattini, M., 2008. Towards security requirements management for software product lines: A security domain requirements engineering process, Computer Standards & Interfaces Volume 30, Issue 6, pp 361-371,.
  23. Microsoft Corporation, 2015. The STRIDE Threat Model, http://msdn.microsoft.com/enus/library/ee823878%28v=cs.20%29.aspx.
  24. Open Security Foundation (OSF), 2015. Open Source Vulnerability Database (OSVDB). http://osvdb.org.
  25. OWASP Corporation, 2006. CLASP Comprehensive Lightweight Application Security Process.
  26. Rolland, C., Prakash, N., Benjamen, A., 1999. A MultiModel View of Process Modelling, Requirements Engineering Journal.
  27. Security Innovation Corporation, 2004. Hacker Report: Static Analysis Tools.
  28. Toms, A., 2009. Threats, Challenges and Emerging Standards in Web Services Security. Technical report HS-IKI-TR-04-001, Department of Computer Science, University of Skövde.
Download


Paper Citation


in Harvard Style

Achour I., Labed L. and Ben Ghezala H. (2015). Formalization of Secure Service Oriented Product Line . In Proceedings of the 10th International Conference on Software Engineering and Applications - Volume 1: ICSOFT-EA, (ICSOFT 2015) ISBN 978-989-758-114-4, pages 93-100. DOI: 10.5220/0005559100930100


in Bibtex Style

@conference{icsoft-ea15,
author={Ines Achour and Lamia Labed and Henda Ben Ghezala},
title={Formalization of Secure Service Oriented Product Line},
booktitle={Proceedings of the 10th International Conference on Software Engineering and Applications - Volume 1: ICSOFT-EA, (ICSOFT 2015)},
year={2015},
pages={93-100},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005559100930100},
isbn={978-989-758-114-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Conference on Software Engineering and Applications - Volume 1: ICSOFT-EA, (ICSOFT 2015)
TI - Formalization of Secure Service Oriented Product Line
SN - 978-989-758-114-4
AU - Achour I.
AU - Labed L.
AU - Ben Ghezala H.
PY - 2015
SP - 93
EP - 100
DO - 10.5220/0005559100930100