Anton Uzunov’s thesis work has been in the area of pattern-based security methodologies for distributed systems. Final work from thesis has been recently accepted for Computer Standards & Interfaces.
Incorporating security features is one of the most important and challenging tasks in designing distributed systems. Over the last decade, researchers and practitioners have come to recognize that the incorporation of security features should proceed by means of a structured, systematic approach, combining principles from both software and security engineering. Such systematic approaches, particularly those implying some sort of process aligned with the development life-cycle, are termed security methodologies. There are a number of security methodologies in the literature, of which the most flexible and, according to a recent survey, most satisfactory from an industry-adoption viewpoint are methodologies that encapsulate their security solutions in some fashion, especially via the use of security patterns. While the literature does present several mature pattern-driven security methodologies with either a general or a highly specific system applicability, there are currently no (pattern-driven) security methodologies specifically designed for general distributed systems. Going further, there are also currently no methodologies with mixed specific applicability, e.g. for both general and peer-to-peer distributed systems. In this paper we aim to fill these gaps by presenting a comprehensive pattern-driven security methodology – arrived at by applying a previously devised approach to engineering security methodologies – specifically designed for general distributed systems, which is also capable of taking into account the specifics of peer-to- peer systems as needed. Our methodology takes the principle of encapsulation several steps further, by employing patterns not only for the incorporation of security features (via security solution frames), but also for the modeling of threats, and even as part of its process. We illustrate and evaluate the presented methodology in detail via a realistic example – the development of a distributed system for file sharing and collaborative editing. In both the presentation of the methodology and example our focus is on the early life-cycle phases (analysis and design).
A. Uzunov, E. Fernandez and K. Falkner. ASE: A Comprehensive Pattern-Driven Security Methodology for Distributed Systems. Accepted for Computer Standards & Interfaces. (To appear).