Authors:
Sylvain Guérin
1
;
Joel Champeau
1
;
Salvador Martínez
2
and
Raul Mazo
1
Affiliations:
1
Lab-STICC, ENSTA Bretagne, Brest, France
;
2
Lab-STICC, IMT Atlantique, Brest, France
Keyword(s):
Design by Contract, Security Patterns, Security Contracts, Runtime Monitoring.
Abstract:
Security patterns represent reusable solutions and best practices intended to avoid security-related flaws in software and system designs. Unfortunately, the implementation and enforcement of these patterns remains a complex and error-prone task. As a consequence, and besides implementing a given security pattern, applications often remain insecure w.r.t. the security risk they intended to tackle. This is so for two main reasons: 1) patterns are rarely re-usable without adaptation, and thus concrete implementations may fail to deal with a number of (often implicit) properties, which must hold in order for the pattern to be effective; 2) patterns are deployed in environments with uncertainties that can only be known at runtime. In order to deal with this problem, we propose here Security Contracts, a framework that permits the specification and runtime monitoring of security patterns and related properties (including temporal ones) in both new and existing applications. It is based on
an extension of the Design-by-Contract paradigm to enable the specification of security patterns and the runtime adaptation of applications. We demonstrate the feasibility of our approach with an implementation and its evaluation on a framework used worldwide in web technologies, Spring.
(More)