Model-based development of security-aware applications in Java
keywords SECURITY, MODELS, ANALYSIS TOOLS, SOFTWARE DEVELOPMENT
Reference persons RICCARDO SISTO
Research Groups FORMAL METHODS FOR SOFTWARE ENGINEERING GROUP
Thesis type RESEARCH, INNOVATIVE
Description A security-aware application is one that explicitly incorporates the logic for managing security aspects by means of techniques such as passwords, cryptography and cryptographic protocols.
The management of security is a critical programming aspect. Developing it correctly, i.e. without introducing security vulnerabilities, is a hard task. For this reason, some techniques have been devised to support its development and finally improve the confidence in its correct behavior. Among them, model-based techniques can be used.
They consist of building first an abstract model of the application, focussed only on the aspects most relevant for security. This model is sufficiently simple so that it can be analyzed by automatic tools in order to verify that it actually achieves the
desired security aims.
From the abstract model it is then possible to develop an application implementation in a programming language, using automatic or semi-automatic code generators.
One of the problems with the model-based approach is that modelling languages like UML or other domain-specific languages are often considered difficult and non user friendly for the programmer, in addition to being not widely known.
The aim of the proposed thesis is to experiment a different approach to security-aware application modelling, where the abstract model is formulated in the Java language, also exploiting its annotation system.
This approach makes modelling easier for programmers who already know Java.
The work consists of studying this new approach to modelling, already proposed in a previous thesis, and of using it to develop implementations of standard authentication protocols such as SSH or SSL.
Development will be done up to the realisation of a complete application which will be tested for interoperability with other third-party implementations.
An alternative possibility for the thesis work is to extend the current model-based programming framework with new features.
In both cases, this thesis offers the possibility to improve one's knowledge of Java programming, to learn the system of Java annotations, which is part of the language since version 5, and to learn more about model-based programming techniques, which are more and more used for developing various kinds of software.
Required skills Java programming, security of information systems
Deadline 25/01/2014 PROPONI LA TUA CANDIDATURA