Security Concerns in an Aspect-Oriented Modeling Approach

Security concerns are present in many software solutions and products. While the functional requirements most often drive the development of models in Model Driven Development (MDD), the modeling of non-functional concerns is equaling important for a high quality solution. Aspect Oriented Modeling (AOM) is an MDD approach that helps develop higher quality solutions by considering various requirements independently and composing the separate subsolution models into a complete solution. It is possible to express the solutions for different security concerns as Aspects, at both generic and technology specific levels, for use in an AOM-based solution. This paper explores some of the possible patterns for the common security concerns of authentication, authorization and data privacy. Generic aspect models will be developed along with the marks or mapping points for application to the primary functional model. The security concerns within a solution are not homogeneous, parts of the solution need higher levels of security than other parts. The security variations can significantly increase the solution complexity. Just as important as the Aspects are process guidelines that recommend the appropriate order of composition, so that undesirable emergent properties do not occur.