Aspect-Oriented Approach for Software Security Hardening
The Meta-Model for Specifying Security Hardening Plans
Specurity Aspects
Name
Description
Specifies plans for security hardening.
Specifies plans for security hardening.
Specification Elements
Name
Description
Represents a security hardening plan.
Denotes a relationship between a plan and a UML package.
Specifies the patterns used in a plan
Represents pre-defined patterns that give the security solutions for well-known application-independent vulnerabilities.
Represents a security hardening pattern.
Represents the security behavior to be integrated into the base model.
Specifies particular points in the base model where the security behavior specified in the Advice should be applied.
Security Aspects
Security Hardening
Specifies plans for security hardening.- Specification Elements:
- Plan
- Plan_Application
- Pattern_Instantiation
- Pattern_Instance
- Threats:
- Spoofing
- Tampering with Data
- Information Disclosure
- Denial of Service
- Elevation of Privileges
Security Hardening Patterns
Specifies plans for security hardening.- Threats:
- Spoofing
- Tampering with Data
- Information Disclosure
- Denial of Service
- Elevation of Privileges
Specification Elements
Plan
Represents a security hardening plan.Plan_Application
Denotes a relationship between a plan and a UML package.Pattern_Instantiation
Specifies the patterns used in a planPattern_Instance
Represents pre-defined patterns that give the security solutions for well-known application-independent vulnerabilities.Pattern
Represents a security hardening pattern.Advice
Represents the security behavior to be integrated into the base model.Pointcut
Specifies particular points in the base model where the security behavior specified in the Advice should be applied.