Early security patterns: A collection of constraints to describe regulatory security requirements

2012 ◽  
Author(s):  
Robin A. Gandhi ◽  
Mariam Rahmani
Keyword(s):  
Security Requirements ◽  
Security Patterns

Security Patterns

2011 ◽  
pp. 75-111 ◽  
Author(s):  
Armstrong Nhlabatsi ◽  
Arosha Bandara ◽  
Shinpei Hayashi ◽  
Charles Haley ◽  
Jan Jurjens ◽  
...  
Keyword(s):  
Security Analysis ◽  
Research Area ◽  
Security Requirements ◽  
Software Systems ◽  
Security Patterns ◽  
Secure Systems ◽  
Modeling Approaches ◽  
Security Pattern ◽  
Security Modeling ◽  
Active Research

Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns.

Designing Secure Software by Testing Application of Security Patterns

2019 ◽  
pp. 136-169 ◽  
Author(s):  
Takanori Kobashi ◽  
Hironori Washizaki ◽  
Nobukazu Yoshioka ◽  
Haruhiko Kaiya ◽  
Takao Okubo ◽  
...  
Keyword(s):  
Early Stage ◽  
Model Testing ◽  
Security Requirements ◽  
Target System ◽  
Software Systems ◽  
Design Phase ◽  
Security Patterns ◽  
Stage Of Development ◽  
Secure Software ◽  
Design Software

Simply confirming potential threats and vulnerabilities in an early stage of the development process (e.g., the requirement or design phase) is insufficient because software developers are not necessarily security experts. Additionally, even if the software design considers security at an early stage, whether the software actually satisfies the security requirements must be confirmed. To realize secure design, the authors propose an application to design software systems with verification of security patterns using model testing. The method provides extended security patterns, which include requirement- and design-level patterns as well as a new designing and model testing process that uses these patterns. Once developers specify threats and vulnerabilities in the target system in an early stage of development, the method can verify whether the security patterns are properly applied and assess if the vulnerabilities are resolved.

scholarly journals Model-based development of security requirements

2011 ◽  
Vol 14 (3) ◽  
Author(s):  
Eduardo B. Fernandez ◽  
Sergio Mujica
Keyword(s):  
Security Analysis ◽  
Two Dimensions ◽  
Security Requirements ◽  
Security Patterns ◽  
Model Based ◽  
Security And Reliability

We present a model-based approach using two dimensions to propagate security restrictions: along the lifecycle and along the architectural levels. We apply security patterns to perform this propagation. We believe that this double propagation can be very effective for security and reliability. This approach can also facilitate the security analysis of the system and can be used to verify compliance with regulations. We have developed a methodology to apply these ideas and we are extending it to make it more powerful, in particular to increase its level of security and to add to it also reliability concerns. The extensions include two new metamodels for security requirements and a validation approach.

Validating Security Design Pattern Applications by Testing Design Models

2014 ◽  
Vol 5 (4) ◽  
pp. 1-30 ◽  
Author(s):  
Takanori Kobashi ◽  
Nobukazu Yoshioka ◽  
Haruhiko Kaiya ◽  
Hironori Washizaki ◽  
Takano Okubo ◽  
...  
Keyword(s):  
Development Process ◽  
Early Stage ◽  
Model Testing ◽  
Security Requirements ◽  
Target System ◽  
Security Design ◽  
Software Developers ◽  
Security Patterns ◽  
Stage Of Development ◽  
Testing Design

Software developers are not necessarily security experts, confirming potential threats and vulnerabilities at an early stage of the development process (e.g., in the requirement- and design-phase) is insufficient. Additionally, even if designed software considers security at an early stage, whether the software really satisfies the security requirements must be confirmed. To realize secure design, this work proposes an application to validate security patterns using model testing. Its method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. After a developer specifies threats and vulnerabilities in the target system during an early stage of development, this method can validate whether the security patterns are properly applied and assess if these vulnerabilities are resolved.

Cloud Security Requirements

2014 ◽  
Vol 1 (1) ◽  
pp. 1-5
Author(s):  
Poonam Rawat ◽  
◽  
Neha Rawat ◽  
Shikha Singh ◽  
Awantika . ◽  
...  
Keyword(s):  
Cloud Security ◽  
Security Requirements
Sign in / Sign up

Export Citation Format

Share Document