Tuesday June 27, 2017

Eduardo B. Fernandez

Dept. of Computer Science and Engineering
Florida Atlantic University, 777 Glades Road, Boca Raton, FL 33431
Phone: (561)297-3466, Fax: (561)297-2800
Email: ed@cse.fau.edu


  • Ingeniero Electricista (Electrical Engineer), Univ. F. Santa Maria, Valparaiso, Chile, 1960.
  • M.S. in Electrical Engineering, Purdue University, Lafayette, Indiana, 1963.
  • Ph.D. in Computer Science, University of California, Los Angeles, California, 1972.


  • January 1984–present, Professor, Department of Computer Science and Engineering, Florida Atlantic University. Tenured May 1986. Associate Chairman 1987- 1989.
  • August 1981–December 1983, Professor of Elect. and Computer Eng., University of Miami, FL.
  • January–June 1981, Adjunct Professor, Department of Computer Science, Yale University.
  • 1980–81, IBM Corp., Advisory Industry Specialist , New Haven, CT.
  • 1973–1979, IBM Corporation, Los Angeles Scientific Center Staff Member.
  • 1975, University of California Los Angeles, Department of Computer Science, Adjunct Professor.
  • 1973, University of California, Los Angeles, Dept. of Computer Science, Acting Assistant Professor.
  • 1970–1972, University of California, Los Angeles, Department of Computer Science. Postgraduate Research Engineer.
  • 1966–1973, Universidad de Chile, Department of Electrical Engineering, Associate Professor of Electrical Engineering and Computer Science. Head of the Digital Systems and Control Laboratory.
  • 1960–1965, Universidad de Chile, Division NASA. Maintenance and training engineer. Santiago, Chile (On leave October 1961-January 1963).

Related Publications:

  1. E. B. Fernandez, R. C. Summers, C. Wood, Database Security and Integrity, Addison-Wesley, Reading, Mass., Systems Programming Series, February 1981, 320 pp., Japanese translation, 1982.
  2. M.Schumacher, E.B.Fernandez, F. Buschmann, D. Hybertson, and P. Sommerlad, Security Patterns: Integrating security and systems engineering, Wiley, 2006.
  3. E. B. Fernandez, R. Summers, T. Lang and C. Coleman, “Architectural Support for System Protection and Database Security,” IEEE Trans. on Computers, Vol. C-27, No. 8, pp. 767-771, August 1978.
  4. C. Wood and E. B. Fernandez, “Authorization in a Decentralized Database System,” Proceedings of the 5th International Conference on Very Large Databases, pp. 352-359, Rio de Janeiro, 1979.
  5. E. B. Fernandez, E. Gudes, and H. Song, “A model for evaluation and administration of security in object-oriented databases,” IEEE Trans. on Knowledge and Database Eng., vol. 6, no. 2, April 1994, 275--292.
  6. E. B. Fernandez, R. B. France , and D. Wei, “A formal specification of an authorization model for object-oriented databases”, in Database Security IX: Status and Prospectus, D. Spooner,S. Demurjian, and J. Dobson (Eds.), Chapman & Hall, 1996, 95-110.
  7. E.B.Fernandez and J.C.Hawkins, “Determining role rights from use cases”, Procs. 2nd ACM Workshop on Role-Based Access Control, November 1997, 121-125.
  8. E.B. Fernandez and X. Yuan, “Semantic Analysis patterns”, Procs. of 19th Int. Conf. on Conceptual Modeling, ER2000, 183-195.
  9. E B. Fernandez and R.Y. Pan, “A pattern language for security models”, Procs. of Patten Languages of Programs Conf. (PLoP 2001), http://jerry.cs.uiuc.edu/~plop/plop2001/accepted_submissions/accepted-papers.html
  10. E.B.Fernandez, “Patterns for operating systems access control”, Procs. of PLoP 2002, http://jerry.cs.uiuc.edu/~plop/plop2002/proceedings.html
  11. T. Priebe, E.B.Fernandez, J.I.Mehlau, and G. Pernul, “A pattern system for access control”, Procs. of the 18th. Annual IFIP WG 11.3 Working Conference on Data and Applications Security, Sitges, Spain, July 25-28, 2004.
  12. E.B.Fernandez, J. Ballesteros, A. C. Desouza-Doucet, and M.M. Larrondo-Petrie, “Security Patterns for Physical Access Control Systems“, in S. Barker and G.J. Ahn (Eds.), Data and Applications Security XXI, LNCS 4602, 259–274, Springer 2007.

A methodology to build secure systems using patterns
Eduardo B. Fernandez, Maria M Larrondo-Petrie, and Michael VanHilst
Dept. of Computer Science and Eng., Florida Atlantic University, Boca Raton, FL 33431

Most of the approaches to produce secure software are based on analyzing code. While this is a reasonable approach, it will not have a strong impact in future systems. We believe that we need to emphasize the modeling aspects of code development and we have proposed a methodology for this purpose. This is an update of the work performed this year. A main idea in the proposed methodology is that security principles should be applied at every stage of the software lifecycle and that each stage can be tested for compliance with security principles [Fer06a]. Another basic idea is the use of patterns to guide security at each stage [Sch06]. Patterns are applied in the different architectural levels of the system to realize security mechanisms. This project proposes guidelines for incorporating security from the requirements stage through analysis, design, implementation, testing, and deployment. We discuss each stage indicating the most recent work. Modeling can include also hardware, which means that a complete secure system can be designed in this way.

Domain analysis stage: A generic conceptual model is defined. Legacy systems are identified and their security implications analyzed. Domain and regulatory constraints are identified. Analysis patterns lead to a domain model. Institution security policies are defined now but specific application policies are added later. The suitability of the development team is assessed, possibly leading to added training. Security issues of the developers, themselves, and their environment may also be considered in some cases. This phase may be performed only once for each new domain or team.

Requirements stage: Use cases define the required interactions with the system. Applying the principle that security must start from the highest levels, it makes sense to relate attacks to use cases. We study each activity within a use case and see which threats are possible [Fer06b]. We then determine which policies would stop these attacks. From the use cases we can also determine the needed rights for each actor and thus apply a need-to-know policy. Note that the set of all use cases defines all the uses of the system and from all the use cases we can determine all the rights for each actor. The security test cases for the complete system are also defined at this stage.

Analysis stage: Analysis patterns can be used to build the conceptual model in a more reliable and efficient way. We build a conceptual model where repeated applications of a security model pattern [Fer07] realize the rights determined from use cases. In fact, analysis patterns can be built with predefined authorizations according to the roles in their use cases [Fer07]. Then we only need to additionally specify the rights for those parts not covered by patterns.

Design stage: Design mechanisms are selected to stop the attacks identified earlier and realize the required policies [Fer05]. User interfaces should correspond to use cases and may be used to enforce the authorizations defined in the analysis stage. Secure interfaces enforce authorizations when users interact with the system. Components can be secured by using authorization rules for Java or .NET components. Distribution provides another dimension where security restrictions can be applied. Deployment diagrams can define secure configurations to be used by security administrators. A multilayer architecture is needed to enforce the security constraints defined at the application level. In each level we use patterns to represent appropriate security mechanisms. Security constraints must be mapped between levels.

Implementation stage: This stage requires reflecting in the code the security rules defined in the design stage. Because these rules are expressed as classes, associations, and constraints, they can be implemented as classes in object-oriented languages. In this stage we can also select specific security packages or COTS, e.g., a firewall product, a cryptographic package. Some of the patterns identified earlier in the cycle can be replaced by COTS (these can be tested to see if they include a similar pattern).

"PIRE... provides our students with the kind of direct international experience and training that will prepare them for careers in an increasingly competitive global arena."
Dr. Modesto Maidique
President Emeritus, Florida International University

"PIRE...will enable the next generation of students participants to become fully engaged as members of the globally-aware IT workforce.""
Dr. Nicholas Bowen
Vice President of Strategy and Worldwide Operations, IBM Research

"We look forward to hosting students researchers ... to foster our existing collaborations and create new ones."
Mateo Valero Cortés
Director, Barcelona Supercomputing Center

"I was able to develop quite a bit as a person, researcher, and professional."
Marlon Bright,
FIU student

"Being able to learn elements directly related to my project, the likes and dislikes of another culture, and be able to communicate in a different language are all aspects related to the PIRE program for which I will always be grateful."
Simone Pasmore,
FAU student

"It helps you build confidence that the degree you hold will enable you to tackle any problem, and, more importantly, it lets you experience the job before committing your life to it."
Allison Lanager,
FIU student

This material is based in part upon work supported by the National Science Foundation under Grant Number OISE-0730065. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. © 2007 Florida International University