Security Contracts a Property-Based Approach to Support Security Patterns

Sylvain Guérin; Joel Champeau; Salvador Martínez; Raul Mazo

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Security Contracts a Property-Based Approach to Support Security Patterns

Topics: Identity and Trust Management; Security Architecture and Design Analysis; Security Frameworks, Architectures and Protocols

In Proceedings of the 10th International Conference on Information Systems Security and Privacy ICISSP - Volume 1, 103-111, 2024 , Rome, Italy

Authors: Sylvain Guérin ¹ ; Joel Champeau ¹ ; Salvador Martínez ² and Raul Mazo ¹

Affiliations: ¹ Lab-STICC, ENSTA Bretagne, Brest, France ; ² Lab-STICC, IMT Atlantique, Brest, France

Keyword(s): Design by Contract, Security Patterns, Security Contracts, Runtime Monitoring.

Abstract: Security patterns represent reusable solutions and best practices intended to avoid security-related flaws in software and system designs. Unfortunately, the implementation and enforcement of these patterns remains a complex and error-prone task. As a consequence, and besides implementing a given security pattern, applications often remain insecure w.r.t. the security risk they intended to tackle. This is so for two main reasons: 1) patterns are rarely re-usable without adaptation, and thus concrete implementations may fail to deal with a number of (often implicit) properties, which must hold in order for the pattern to be effective; 2) patterns are deployed in environments with uncertainties that can only be known at runtime. In order to deal with this problem, we propose here Security Contracts, a framework that permits the specification and runtime monitoring of security patterns and related properties (including temporal ones) in both new and existing applications. It is based on an extension of the Design-by-Contract paradigm to enable the specification of security patterns and the runtime adaptation of applications. We demonstrate the feasibility of our approach with an implementation and its evaluation on a framework used worldwide in web technologies, Spring. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.116.239.195

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Guérin, S.; Champeau, J.; Martínez, S. and Mazo, R. (2024). Security Contracts a Property-Based Approach to Support Security Patterns. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-683-5; ISSN 2184-4356, SciTePress, pages 103-111. DOI: 10.5220/0012305600003648

@conference{icissp24,
author={Sylvain Guérin. and Joel Champeau. and Salvador Martínez. and Raul Mazo.},
title={Security Contracts a Property-Based Approach to Support Security Patterns},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP},
year={2024},
pages={103-111},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012305600003648},
isbn={978-989-758-683-5},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - ICISSP
TI - Security Contracts a Property-Based Approach to Support Security Patterns
SN - 978-989-758-683-5
IS - 2184-4356
AU - Guérin, S.
AU - Champeau, J.
AU - Martínez, S.
AU - Mazo, R.
PY - 2024
SP - 103
EP - 111
DO - 10.5220/0012305600003648
PB - SciTePress