Modeling and verification of authentication threats mitigation in aspect-oriented mal sequence woven model

Abstract

The modeling of security threats is equally important as the modeling of functional requirements at the design stage of software engineering. However, unlike functional requirements modeling, the modeling of security threats is neglected, which consequently introduces software defects during the early stages of software engineering. Hence, there is a need to mitigate these threats at the design stage. Security threats, specifically authentication threats, crosscut other functional and non-functional requirements when modeled using the object-oriented paradigm. This not only makes the design complex but also results in tangling and scattering problems. We therefore model authentication threats using the aspect-oriented modeling (AOM) technique since it separates crosscutting concerns and localizes them as separate units called aspects. Our main research aim is to remove scattering and tangling in security threats modeling using all the core features of the aspect-oriented technique. In this paper, we propose a research approach to model security threats and their mitigation in mal sequence diagram. Using this approach, our contribution makes a clear difference from previous work. Our first contribution is the modeling of authentication threats in the mal sequence diagram using the security profile and AOM profile. Our second contribution is the mathematical verification of the aspect-oriented mal sequence woven model in terms of correctness and completeness. Using the proposed approach, the scattering and tangling from the resultant woven model are successfully removed at the design stage. Thus, the complexity of models and the time and effort required for future modifications of design models are reduced.