Skip to Main content Skip to Navigation

Validation formelle d'implantation de patrons de sécurité

Abstract : Software-based architectures pose challenges for security experts. Many studieshave aimed to develop theoretical solutions, methodological guides and recommendations to enhance security and protect these systems.One solution proposed is to integrate security patterns as methodological solutions to adapt to the specificities of the considered architectures. Such a solution is considered reliable if it solves a security problem without affecting systemrequirements. Once an architecture model implements the security patterns, it is necessary to formally validate this new model against the expected requirements. Model checking techniques allow this validation by verifying, on one hand, that theproperties of the security patterns are respected and, on the other hand, that the properties of the initial model are preserved.In this thesis work, we study the methods and concepts to generate architectural models that meet specific security requirements. Starting with a software architecture model, a security policy and a library of security patterns, we want to generate a secure architecture. Each security pattern is described by aformal description of its structure and behavior, as well as a formal description of the security properties associated with that pattern.This thesis reports work on the technical exploitation of formal verification of properties, using model-checking.The idea is to be able to generate an architecture model that implements security patterns, and to verify that the security properties, as well as the model requirements, are respected in the resulting architecture.In perspective, the results of our work could be applied to define a methodology for a better validation of the security of industrial systems like SCADA.
Document type :
Complete list of metadata

Cited literature [73 references]  Display  Hide  Download
Contributor : Abes Star :  Contact
Submitted on : Thursday, October 17, 2019 - 5:37:07 PM
Last modification on : Monday, April 19, 2021 - 3:36:04 PM


Version validated by the jury (STAR)


  • HAL Id : tel-02319224, version 1


Fadi Obeid. Validation formelle d'implantation de patrons de sécurité. Génie logiciel [cs.SE]. ENSTA Bretagne - École nationale supérieure de techniques avancées Bretagne, 2018. Français. ⟨NNT : 2018ENTA0002⟩. ⟨tel-02319224⟩



Record views


Files downloads