Eduardo B. Fernandez

Education:

• Ingeniero Electricista (Electrical Engineer), Univ. F. Santa Maria, Valparaiso, Chile, 1960.
• M.S. in Electrical Engineering, Purdue University, Lafayette, Indiana, 1963.
• Ph.D. in Computer Science, University of California, Los Angeles, California, 1972.

Appointments

• January 1984–present, Professor, Department of Computer Science and Engineering, Florida Atlantic University. Tenured May 1986. Associate Chairman 1987- 1989.
• August 1981–December 1983, Professor of Elect. and Computer Eng., University of Miami, FL.
• January–June 1981, Adjunct Professor, Department of Computer Science, Yale University.
• 1980–81, IBM Corp., Advisory Industry Specialist , New Haven, CT.
• 1973–1979, IBM Corporation, Los Angeles Scientific Center Staff Member.
• 1975, University of California Los Angeles, Department of Computer Science, Adjunct Professor.
• 1973, University of California, Los Angeles, Dept. of Computer Science, Acting Assistant Professor.
• 1970–1972, University of California, Los Angeles, Department of Computer Science. Postgraduate Research Engineer.
• 1966–1973, Universidad de Chile, Department of Electrical Engineering, Associate Professor of Electrical Engineering and Computer Science. Head of the Digital Systems and Control Laboratory.
• 1960–1965, Universidad de Chile, Division NASA. Maintenance and training engineer. Santiago, Chile (On leave October 1961-January 1963).

Related Publications:

1. E. B. Fernandez, R. C. Summers, C. Wood, Database Security and Integrity, Addison-Wesley, Reading, Mass., Systems Programming Series, February 1981, 320 pp., Japanese translation, 1982.
2. M.Schumacher, E.B.Fernandez, F. Buschmann, D. Hybertson, and P. Sommerlad, Security Patterns: Integrating security and systems engineering, Wiley, 2006.
3. E. B. Fernandez, R. Summers, T. Lang and C. Coleman, “Architectural Support for System Protection and Database Security,” IEEE Trans. on Computers, Vol. C-27, No. 8, pp. 767-771, August 1978.
4. C. Wood and E. B. Fernandez, “Authorization in a Decentralized Database System,” Proceedings of the 5th International Conference on Very Large Databases, pp. 352-359, Rio de Janeiro, 1979.
5. E. B. Fernandez, E. Gudes, and H. Song, “A model for evaluation and administration of security in object-oriented databases,” IEEE Trans. on Knowledge and Database Eng., vol. 6, no. 2, April 1994, 275--292.
6. E. B. Fernandez, R. B. France , and D. Wei, “A formal specification of an authorization model for object-oriented databases”, in Database Security IX: Status and Prospectus, D. Spooner,S. Demurjian, and J. Dobson (Eds.), Chapman & Hall, 1996, 95-110.
7. E.B.Fernandez and J.C.Hawkins, “Determining role rights from use cases”, Procs. 2nd ACM Workshop on Role-Based Access Control, November 1997, 121-125.
8. E.B. Fernandez and X. Yuan, “Semantic Analysis patterns”, Procs. of 19th Int. Conf. on Conceptual Modeling, ER2000, 183-195.
9. E B. Fernandez and R.Y. Pan, “A pattern language for security models”, Procs. of Patten Languages of Programs Conf. (PLoP 2001), http://jerry.cs.uiuc.edu/~plop/plop2001/accepted_submissions/accepted-papers.html
10. E.B.Fernandez, “Patterns for operating systems access control”, Procs. of PLoP 2002, http://jerry.cs.uiuc.edu/~plop/plop2002/proceedings.html
11. T. Priebe, E.B.Fernandez, J.I.Mehlau, and G. Pernul, “A pattern system for access control”, Procs. of the 18th. Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sitges, Spain, July 25-28, 2004.
12. E.B.Fernandez, J. Ballesteros, A. C. Desouza-Doucet, and M.M. Larrondo-Petrie, “Security Patterns for Physical Access Control Systems“, in S. Barker and G.J. Ahn (Eds.), Data and Applications Security XXI, LNCS 4602, 259–274, Springer 2007.

A methodology to build secure systems using patterns
Eduardo B. Fernandez, Maria M Larrondo-Petrie, and Michael VanHilst
Dept. of Computer Science and Eng., Florida Atlantic University, Boca Raton, FL 33431

Most of the approaches to produce secure software are based on analyzing code. While this is a reasonable approach, it will not have a strong impact in future systems. We believe that we need to emphasize the modeling aspects of code development and we have proposed a methodology for this purpose. This is an update of the work performed this year. A main idea in the proposed methodology is that security principles should be applied at every stage of the software lifecycle and that each stage can be tested for compliance with security principles [Fer06a]. Another basic idea is the use of patterns to guide security at each stage [Sch06]. Patterns are applied in the different architectural levels of the system to realize security mechanisms. This project proposes guidelines for incorporating security from the requirements stage through analysis, design, implementation, testing, and deployment. We discuss each stage indicating the most recent work. Modeling can include also hardware, which means that a complete secure system can be designed in this way.

Domain analysis stage: A generic conceptual model is defined. Legacy systems are identified and their security implications analyzed. Domain and regulatory constraints are identified. Analysis patterns lead to a domain model. Institution security policies are defined now but specific application policies are added later. The suitability of the development team is assessed, possibly leading to added training. Security issues of the developers, themselves, and their environment may also be considered in some cases. This phase may be performed only once for each new domain or team.

Requirements stage: Use cases define the required interactions with the system. Applying the principle that security must start from the highest levels, it makes sense to relate attacks to use cases. We study each activity within a use case and see which threats are possible [Fer06b]. We then determine which policies would stop these attacks. From the use cases we can also determine the needed rights for each actor and thus apply a need-to-know policy. Note that the set of all use cases defines all the uses of the system and from all the use cases we can determine all the rights for each actor. The security test cases for the complete system are also defined at this stage.

Analysis stage: Analysis patterns can be used to build the conceptual model in a more reliable and efficient way. We build a conceptual model where repeated applications of a security model pattern [Fer07] realize the rights determined from use cases. In fact, analysis patterns can be built with predefined authorizations according to the roles in their use cases [Fer07]. Then we only need to additionally specify the rights for those parts not covered by patterns.

Design stage: Design mechanisms are selected to stop the attacks identified earlier and realize the required policies [Fer05]. User interfaces should correspond to use cases and may be used to enforce the authorizations defined in the analysis stage. Secure interfaces enforce authorizations when users interact with the system. Components can be secured by using authorization rules for Java or .NET components. Distribution provides another dimension where security restrictions can be applied. Deployment diagrams can define secure configurations to be used by security administrators. A multilayer architecture is needed to enforce the security constraints defined at the application level. In each level we use patterns to represent appropriate security mechanisms. Security constraints must be mapped between levels.

Implementation stage: This stage requires reflecting in the code the security rules defined in the design stage. Because these rules are expressed as classes, associations, and constraints, they can be implemented as classes in object-oriented languages. In this stage we can also select specific security packages or COTS, e.g., a firewall product, a cryptographic package. Some of the patterns identified earlier in the cycle can be replaced by COTS (these can be tested to see if they include a similar pattern).