Abstract security patterns and the design of secure systems

Fernandez, Eduardo B.; Yoshioka, Nobukazu; Washizaki, Hironori; Yoder, Joseph

doi:10.1186/s42400-022-00109-w

Cybersecurity

Table 1 Summary of ASPs structural formalization in OCL

From: Abstract security patterns and the design of secure systems

The class models of the concrete patterns derived from an ASP must include all the classes of the ASP from which they were derived as well as classes that handle new aspects. If Ci = set of classes in ASPi, Cci = set of classes in a concrete pattern derived from ASPi, and Cnew = new classes in concrete pattern Cci, we have: Cci = Ci ∪ Cnew. In OCL: context Cci Cci:: = Ci- > union(Cnew)
The context of a pattern subsumes the context of its descendants: \({\text{CL}}_{{\text{i}}} \supseteq {\text{CL}}_{{\text{j}}}\), where i precedes (it is higher) j in the hierarchy. A CL defines a domain of application (it includes a set of contextual attributes). However, the pattern context is not shown in the class model and OCL expressions are not applicable
The threats of the concrete patterns are specific realizations of the ASP's threats using the changed context, or are new threats due to the extra elements in the class diagram (classes or attributes); that is, \({\text{T}}_{{\text{j}}} \supseteq {\text{T}}_{{\text{i}}}\), where i precedes j in the hierarchy and Ti is a list of the threats of pattern Pi. Again, OCL constraints are not applicable because the threats are not shown in the class model of the pattern
The forces in concrete patterns include (maybe modified) those of the abstract pattern plus new forces due to their more specific environments. If Fi is the list of forces of pattern Pi we have that: \({\text{F}}_{{\text{j}}} \supseteq {\text{F}}_{{\text{i}}}\), where i precedes j in the hierarchy. This relationship is also valid for the consequences of ASP-based hierarchies.; that is, if CSi is the list of consequences of pattern Pi, we have: \({\text{CS}}_{{\text{j}}} \supseteq {\text{CS}}_{{\text{i}}}\) if Pi precedes Pj in the hierarchy. OCL expressions are not applicable
The related patterns in the derived patterns, RDj, include the related patterns of the ASP and those of the patterns above them in the hierarchy; that is \({\text{RD}}_{{\text{j}}} \supseteq {\text{RD}}_{{\text{i}}}\)
An invariant I in an ASP must be propagated to all its derived patterns, adjusting the variable names in the derived pattern classes. Each ASP has its own invariants (see example above)

Back to article page