Developing Secure Software Using UML Patterns

This chapter presents a security engineering process based on UML security problem frames and concretized UML security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Then, solution approaches are specified by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined, and the result is a secure software product built from existing and/or tailor-made security components.

Download Full-text

Developing Secure Software Using UML Patterns

Handbook of Research on Innovations in Systems and Software Engineering - Advances in Systems Analysis, Software Engineering, and High Performance Computing ◽

10.4018/978-1-4666-6359-6.ch002 ◽

2015 ◽

pp. 32-70 ◽

Cited By ~ 1

Author(s):

Holger Schmidt ◽

Denis Hatebur ◽

Maritta Heisel

Keyword(s):

Security Architecture ◽

Engineering Process ◽

Security Engineering ◽

Problem Frames ◽

Architectural Patterns ◽

Software Product ◽

Secure Software ◽

Security Problem ◽

Security Components ◽

Associated Solution

This chapter presents a security engineering process based on UML security problem frames and concretized UML security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Then, solution approaches are specified by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined, and the result is a secure software product built from existing and/or tailor-made security components.

Download Full-text

Developing Secure Software Using UML Patterns

Computer Systems and Software Engineering ◽

10.4018/978-1-5225-3923-0.ch030 ◽

2017 ◽

pp. 741-781

Author(s):

Holger Schmidt ◽

Denis Hatebur ◽

Maritta Heisel

Keyword(s):

Security Architecture ◽

Engineering Process ◽

Security Engineering ◽

Problem Frames ◽

Architectural Patterns ◽

Software Product ◽

Secure Software ◽

Security Problem ◽

Security Components ◽

Associated Solution

This chapter presents a security engineering process based on UML security problem frames and concretized UML security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Then, solution approaches are specified by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined, and the result is a secure software product built from existing and/or tailor-made security components.

Download Full-text

A Pattern-Based Method to Develop Secure Software

Software Engineering for Secure Systems ◽

10.4018/978-1-61520-837-1.ch003 ◽

2011 ◽

pp. 32-74 ◽

Cited By ~ 5

Author(s):

Holger Schmidt ◽

Denis Hatebur ◽

Maritta Heisel

Keyword(s):

Formal Specification ◽

Security Architecture ◽

Formal Models ◽

Problem Frames ◽

Architectural Patterns ◽

Software Product ◽

Secure Software ◽

Security Problem ◽

Security Components ◽

Associated Solution

The authors present a security engineering process based on security problem frames and concretized security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Afterwards, the security problems and the solution approaches are formally modeled in detail. The formal models serve to prove that the solution approaches are correct solutions to the security problems. Furthermore, the formal models of the solution approaches constitute a formal specification of the software to be developed. Then, the specification is implemented by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined and the result is a secure software product built from existing and/or tailor-made security components.

Download Full-text

A Requirements Engineering process for Software Product Lines

2010 IEEE International Conference on Information Reuse & Integration ◽

10.1109/iri.2010.5558929 ◽

2010 ◽

Cited By ~ 4

Author(s):

Danuza Neiva ◽

Fernando Cesar de Almeida ◽

Eduardo Santana de Almeida ◽

Silvio Lemos Meira

Keyword(s):

Requirements Engineering ◽

Software Product Lines ◽

Engineering Process ◽

Product Lines ◽

Requirements Engineering Process ◽

Software Product

Download Full-text

Security Engineering towards Building a Secure Software

International Journal of Computer Applications ◽

10.5120/14017-2170 ◽

2013 ◽

Vol 81 (6) ◽

pp. 32-37 ◽

Cited By ~ 1

Author(s):

Mohammad NazmulAlam ◽

Subhra Prosun Paul ◽

Shahrin Chowdhury

Keyword(s):

Security Engineering ◽

Secure Software

Download Full-text

A Security Requirements Engineering Tool for Domain Engineering in Software Product Lines

Non-Functional Properties in Service Oriented Architecture ◽

10.4018/978-1-60566-794-2.ch004 ◽

2011 ◽

pp. 73-92

Author(s):

Jesús Rodríguez ◽

Eduardo Fernández-Medina ◽

Mario Piattini ◽

Daniel Mellado

Keyword(s):

Requirements Engineering ◽

Software Product Lines ◽

Product Line ◽

Security Requirements ◽

Engineering Process ◽

Product Lines ◽

Requirements Engineering Process ◽

Security Requirements Engineering ◽

Software Product ◽

Automated Support

The concepts of Service-Oriented Architectures and Software Product Lines are currently being paid a considerable amount of attention, both in research and in practice. Both disciplines promise to make the development of flexible, cost-effective software systems possible and to support high levels of reuse, and may sometimes be complementary to each other. In both paradigms, security is a critical issue, although most of the existing product line practices do not comprise all the security requirements engineering activities or provide automated support through which to perform these activities, despite the fact that it is widely accepted that the application of any requirements engineering process or methodology is much more difficult without a CARE (Computer-Aided Requirements Engineering) tool, since it must be performed manually. Therefore, this chapter shall present a tool denominated as SREPPLineTool, which provides automated support through which to facilitate the application of the security quality requirements engineering process for software product lines, SREPPLine. SREPPLineTool simplifies the management of security requirements in product lines by providing us with a guided, systematic and intuitive manner in which to deal with them from the early stages of product line development, thus simplifying the management and the visualization of artefact variability and traceability links and the integration of security standards, along with the management of the security reference model proposed by SREPPLine.

Download Full-text

Software Security Engineering

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch064 ◽

2008 ◽

pp. 927-942

Author(s):

Mohammad Zulkernine ◽

Sheikh I. Ahamed

Keyword(s):

Software Engineering ◽

Software Security ◽

Rapid Development ◽

Process Models ◽

Software Systems ◽

Engineering Process ◽

Software Life Cycle ◽

Security Engineering ◽

Controlled Systems ◽

Protection Mechanisms

The rapid development and expansion of network-based applications have changed the computing world in the last decade. However, this overwhelming success has an Achilles’ heel: most software-controlled systems are prone to attacks both by internal and external users of the highly connected computing systems. These software systems must be engineered with reliable protection mechanisms, while still delivering the expected value of the software to their customers within the budgeted time and cost. The principal obstacle in achieving these two different but interdependent objectives is that current software engineering processes do not provide enough support for the software developers to achieve security goals. In this chapter, we reemphasize the principal objectives of both software engineering and security engineering, and strive to identify the major steps of a software security engineering process that will be useful for building secure software systems. Both software engineering and security engineering are ever-evolving disciplines, and software security engineering is still in its infancy. This chapter proposes a unification of the process models of software engineering and security engineering in order to improve the steps of the software life cycle that would better address the underlying objectives of both engineering processes. This unification will facilitate the incorporation of the advancement of the features of one engineering process into the other. The chapter also provides a brief overview and survey of the current state-of-the-art of software engineering and security engineering with respect to computer systems.

Download Full-text

Software Security Engineering

Enterprise Information Systems Assurance and System Security ◽

10.4018/978-1-59140-911-3.ch014 ◽

2011 ◽

pp. 215-233 ◽

Cited By ~ 3

Author(s):

Mohammad Zulkernine ◽

Sheikh I. Ahamed

Keyword(s):

Software Engineering ◽

Software Security ◽

Rapid Development ◽

Process Models ◽

Software Systems ◽

Engineering Process ◽

Software Life Cycle ◽

Security Engineering ◽

Controlled Systems ◽

Protection Mechanisms

The rapid development and expansion of network-based applications have changed the computing world in the last decade. However, this overwhelming success has an Achilles’ heel: most software-controlled systems are prone to attacks both by internal and external users of the highly connected computing systems. These software systems must be engineered with reliable protection mechanisms, while still delivering the expected value of the software to their customers within the budgeted time and cost. The principal obstacle in achieving these two different but interdependent objectives is that current software engineering processes do not provide enough support for the software developers to achieve security goals. In this chapter, we reemphasize the principal objectives of both software engineering and security engineering, and strive to identify the major steps of a software security engineering process that will be useful for building secure software systems. Both software engineering and security engineering are ever-evolving disciplines, and software security engineering is still in its infancy. This chapter proposes a unification of the process models of software engineering and security engineering in order to improve the steps of the software life cycle that would better address the underlying objectives of both engineering processes. This unification will facilitate the incorporation of the advancement of the features of one engineering process into the other. The chapter also provides a brief overview and survey of the current state-of-the-art of software engineering and security engineering with respect to computer systems.

Download Full-text