Contract-based design patterns: a design by contract approach to specify security patterns

Abstract

With the ever growing digitization of activities, software systems are getting more and more complex. They must comply with new usages, varied needs, and are permanently exposed to new security vulnerabilities. Security concerns must be addressed throughout the entire development process and in particular through appropriate architectural choices. The security patterns are the founding principles to provide the architectural and design guidelines. Nevertheless, researchers have pointed out the need for further research investigations to improve quality and effectiveness of security patterns. In this paper, we focus on enhancing security patterns specification to improve the security of the systems using them. Thus, to reach this goal, we present a formal Design by Contract approach to improve the behavioral definition of the security patterns. This approach seeks to define both functional behavior and implicit parts of security design patterns. Our approach includes the contract formalization of security patterns and a comparative implementation on two Java annotation frameworks. The application of the proposal in a proof of concept case highlights the security enforcement at design time or on a legacy source code.