A methodology for integrating access control policies within database development

Abramov, Jenny; Anson, Omer; Dahan, Michal; Shoval, Peretz; Sturm, Arnon

doi:10.1016/j.cose.2012.01.004

Cited by 14 publications

(10 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“… Using security patterns: Many research works such as (Uzunov et al, 2015), (Abramov et al, 2012a) and (Nguyen et al, 2015) focus on integrating security patterns with software development and engineering methodologies to create new approaches or to improve pre-existing methods.  Security pattern application: Another group of research works have focused on the techniques relating to the selection and application of appropriate security patterns using manual or automatic approaches (Guan et al, 2016), (Motii et al, 2016a), (Bouaziz and Kammoun, 2015).…”

Section: The Pattern Usage Categorymentioning

confidence: 99%

“…Our statistics, based on the results of the SMS, indicate that distributed and cloud architectures are respectively responsible for 6% and 8% of research efforts in the usage category. There are also multiple studies which have focused on the usage of security patterns in environments such as embedded systems (Hamid et al, 2013), software defined networking (Petroulakis et al, 2016), web applications (Rosado et al, 2006) and database (Abramov et al, 2012a). The complete list of papers for this analysis, along with the respective collected data, can be found in SupMat→Tables 3.13 and 3.14.…”

Section: Environments For Investigating Pattern Usage (Rq10)mentioning

confidence: 99%

See 1 more Smart Citation

Security patterns: A systematic mapping study

Jafari

Rasoolzadegan

2020

Journal of Computer Languages

View full text Add to dashboard Cite

Security patterns are a means to encapsulate and communicate proven security solutions. They are wellestablished approaches for introducing security into the software development process. Our objective is to explore the research efforts on security patterns and discuss the current state of the art. This study will serve as a guideline for researchers, practitioners, and teachers interested in this field. We have conducted a systematic mapping study of relevant literature from 1997 until the end of 2017 and identified 403 relevant papers, 274 of which were selected for analysis based on quality criteria. This study derives a customized research strategy from established systematic approaches in the literature. We have utilized an exhaustive 3-tier search strategy to ensure a high degree of completeness during the study collection and used a test set to evaluate our search. The first 3 research questions address the demographics of security pattern research such as topic classification, trends, and distribution between academia and industry, along with prominent researchers and venues. The next 9 research questions focus on more indepth analyses such as pattern presentation notations and classification criteria, pattern evaluation techniques, and pattern usage environments. The results and discussions of this study have significant implications for researchers, practitioners, and teachers in software engineering and information security. to the end of 2017 Security pattern related research (Development, Evaluation, Usage)TABLE 1 COMPARISON BETWEEN OUR WORK AND OTHER REVIEWSpattern research and instead, attempted to cover the entire research spectrum in this field. We initially planned to utilize only two search strategies (manual search and backward snowballing), but we found that these two approaches were lacking in a few specific instances. The issue with backward snowballing and manual search is that they rely on the cross-reference relationship between research papers. Papers referenced from multiple other papers, or published in commonly occurring venues are easily discovered, whereas isolated papers in unexpected venues have a chance of never being found. Another issue with backward snowballing stems from its backward nature. The search period for our study was up to the end of 2017, but to find 2017 papers through backward snowballing, we had to analyze papers published after that period (2018 and up) which was out of our scope. Similarly, newer papers with fewer citations are hard to discover through backward snowballing. Adding a database search proved beneficial as we discovered 97 new papers, 64 of which were included.The time period for the study of Uzunov et al. (Uzunov et al., 2012) and Yoshioka et al. (Yoshioka et al., 2008) in Table 1 are not explicitly stated, but are extracted based on the references list. In the work of Bunke et al. (Bunke et al., 2012), the mentioned number of studies consists of other non-primary studies (e.g. tech reports, books, surveys). This work utilizes three search strat...

show abstract

Section: The Pattern Usage Categorymentioning

confidence: 99%

Section: Environments For Investigating Pattern Usage (Rq10)mentioning

confidence: 99%

Security patterns: A systematic mapping study

Jafari

Rasoolzadegan

2020

Journal of Computer Languages

View full text Add to dashboard Cite

show abstract

“…UML has been used much to model security concerns. Some approaches use only UML (e.g., [4], MDSE@R [6], AOMSec [11] etc.) and some use UML profiles(e.g., SECTET [5],UMLsec [14], etc.…”

Section: Related Workmentioning

confidence: 99%

Securing Open Source Clouds Using Models

Rauf

Troubitsynå

2018

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

The widespread adoption of cloud computing has resulted in proliferation of open source cloud computing frameworks that give more control to enterprises over their data and networks. Though, the benefits of the open source software are widely recognized, there is a growing concern over their security assurance. Often open source software is a subject of frequent updates. The updates might introduce or remove a variety of features and hence violate security properties of the previous releases. Obviously, a manual inspection of security would be prohibitively slow and inefficient. In this work, we propose an automated approach that can help developers to assure security of open source cloud framework even in the presence of frequent releases. Our methodology consists of creating a (stateful) wrapper that emulates the usage scenarios with explicit representation of security and functional requirements as contracts. We use a model-driven approach to model REST APIs of KeyStone, an identity service in OpenStack. Openstack is an open source cloud computing framework providing IaaS. Our models define structural and behavioral properties of Keystone together with its security requirements. We detail the implementation of these models in Django Web Framework and also show how to use the behavioral interfaces to implement a service monitor for the cloud services. This mechanism facilitates verification and validation of functional behavior and security requirement in an automated manner. Keystone Open StackKeystone is the centralized identity service of OpenStack that offers authentication and authorization [25]. KeyStone authenticates a user by generating a token. A token can either be scoped or unscoped depending on the client's request and the configured policy of KeyStone. An unscoped token authenticates a user without authorising for any project. In contrast, a scoped token provides the authorization information of the user for a particular project or domain.KeyStone offers REST API in compliance with OpenStack policy [3]. REST services expose their functionality as resources and each resource has a unique URI that provides addressability. CRUD (create, retrieve, update and delete) operations can be performed on resources using standard HTTP methods. This means that only HTTP request methods (GET, PUT, POST, DELETE) can be invoked on KeyStone resources. In order to offer scalability, the statelessness feature of REST is ensured by treating every request independently without requiring any session or cookie information from user requests. Each resource, when invoked via its URI and a standard HTTP method, replies with a status code and a resource representation, which contains the data about the resource attributes and links to other resources. The HTTP response code is a numeric code that tells the clients whether the request went successfully. HTTP has a list of status codes that reveal how the request went [7], for example, 200 means the request was successful, 404 means the resource was not found and 403 implies th...

show abstract

“…That is, we excluded from the study those papers that are not published at top-tier venues. In particular, we considered conferences that are rated as "A" or higher and journals that are rated "B" or higher by the Excellence in Research for Australia (ERA) initiative 1 . We assume that most interesting and promising notations wind up being published in top-tier venues eventually.…”

Section: Collection Of the Papersmentioning

confidence: 99%

Design notations for secure software: a systematic literature review

et al. 2015

View full text Add to dashboard Cite

In the past 10 years, the research community has produced a significant number of design notations to represent security properties and concepts in a design artifact. These notations are aimed at documenting and analyzing security in a software design model. The fragmentation of the research space, however, has resulted in a complex tangle of different techniques. Hence, practitioners are confronted with the challenging task of scouting the right approach from a multitude of proposals. Similarly, it is hard for researchers to keep track of the synergies among the existing notations, in order to identify the existing opportunities for original contributions. This paper presents a systematic literature review that inventorizes the existing notations and provides an indepth, comparative analysis for each.

show abstract

A methodology for integrating access control policies within database development

Cited by 14 publications

References 15 publications

Security patterns: A systematic mapping study

Security patterns: A systematic mapping study

Securing Open Source Clouds Using Models

Design notations for secure software: a systematic literature review

Contact Info

Product

Resources

About