Model-Driven Security with Modularity and Reusability for Secure Systems Development

Model-Driven Security (Mds) has emerged as a promising sound methodology for modern secure systems development. Following the advances in Mds, our work described in this paper has proposed a solution to better support secure systems development, and further strengthens Mds. Our Mds solution focuses on modularity and reusability in secure systems development. On one hand, we have proposed a modular approach for modularity and dynamic adaptation of flexibly secure systems. On the other hand, we have been working on Mds based on a library-like System of generic Security design Patterns (shortly called SoSPa) in which security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically selecting the right security design patterns for the job. Either way, security (design pattern) models can be automatically woven into the target system model. The woven secure system model can then be used for (partial) code generation, including (configured) security infrastructures. We have also worked on model-based security testing to validate the resulting secure systems.