Creating Security Mechanism Aspect Models from Abstract Security Aspect Models

Security Aspect Models Geri Georg, Robert France, and Indrakshi Ray Department of Computer Science Colorado State University, Fort Collins, CO 80523 Abstract. Aspect-oriented modeling (AOM) techniques allow system architects to design the most important decompositions of complex systems to create a Aspect-oriented modeling (AOM) techniques allow system architects to design the most important decompositions of complex systems to create a primary system modularization. These techniques can also be used to design additional system concerns that are not part of the primary system modularization. Aspect-oriented modeling techniques can be used to compose different aspect models with the primary decomposition models in order to analyze the complete system design. The results of analyses can be used to compare potential design realizations of multiple competing concerns. Aspect models, composition, and analysis techniques must be available at different levels of abstraction to enable comprehensive trade-off analysis among competing concern realizations. Different levels of abstraction are particularly important when multiple mechanisms are available to realize a concern, such as in the area of security. Architects need to experiment with different security mechanisms in order to choose those that best meet overall system goals while providing minimal interference with other design considerations. Abstract aspect models can be used to develop more detailed mechanism models that are still independent of implementation considerations. These detailed models can be used for mechanism analysis and trade-off experimentation. We have created two detailed authentication mechanism models using an abstract aspect model, and we demonstrate the steps used to create the detailed model for one of these mechanisms in this paper. Although not discussed in this paper, we have composed these different mechanism models with primary decomposition models using the same AOM composition techniques that we use to compose abstract models. The resulting compositions allow system architects to analyze different mechanisms available to realize a particular abstract concern, such as authentication. Architects can use analysis results to make design trade-off decisions and choose the mechanisms that best meet overall system requirements. We are continuing to evolve this work to define a refinement mechanism for our prototype tool.