A Pattern-Based Method to Develop Secure Software

2011 ◽  
pp. 32-74 ◽  
Author(s):  
Holger Schmidt ◽  
Denis Hatebur ◽  
Maritta Heisel
Keyword(s):  
Formal Specification ◽  
Security Architecture ◽  
Formal Models ◽  
Problem Frames ◽  
Architectural Patterns ◽  
Software Product ◽  
Secure Software ◽  
Security Problem ◽  
Security Components ◽  
Associated Solution

The authors present a security engineering process based on security problem frames and concretized security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Afterwards, the security problems and the solution approaches are formally modeled in detail. The formal models serve to prove that the solution approaches are correct solutions to the security problems. Furthermore, the formal models of the solution approaches constitute a formal specification of the software to be developed. Then, the specification is implemented by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined and the result is a secure software product built from existing and/or tailor-made security components.

Developing Secure Software Using UML Patterns

2018 ◽  
pp. 551-592
Author(s):  
Holger Schmidt ◽  
Denis Hatebur ◽  
Maritta Heisel
Keyword(s):  
Security Architecture ◽  
Engineering Process ◽  
Security Engineering ◽  
Problem Frames ◽  
Architectural Patterns ◽  
Software Product ◽  
Secure Software ◽  
Security Problem ◽  
Security Components ◽  
Associated Solution

This chapter presents a security engineering process based on UML security problem frames and concretized UML security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Then, solution approaches are specified by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined, and the result is a secure software product built from existing and/or tailor-made security components.

Developing Secure Software Using UML Patterns

2015 ◽  
pp. 228-264
Author(s):  
Holger Schmidt ◽  
Denis Hatebur ◽  
Maritta Heisel
Keyword(s):  
Security Architecture ◽  
Engineering Process ◽  
Security Engineering ◽  
Problem Frames ◽  
Architectural Patterns ◽  
Software Product ◽  
Secure Software ◽  
Security Problem ◽  
Security Components ◽  
Associated Solution

This chapter presents a security engineering process based on UML security problem frames and concretized UML security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Then, solution approaches are specified by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined, and the result is a secure software product built from existing and/or tailor-made security components.

Developing Secure Software Using UML Patterns

2015 ◽  
pp. 32-70 ◽  
Author(s):  
Holger Schmidt ◽  
Denis Hatebur ◽  
Maritta Heisel
Keyword(s):  
Security Architecture ◽  
Engineering Process ◽  
Security Engineering ◽  
Problem Frames ◽  
Architectural Patterns ◽  
Software Product ◽  
Secure Software ◽  
Security Problem ◽  
Security Components ◽  
Associated Solution

This chapter presents a security engineering process based on UML security problem frames and concretized UML security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Then, solution approaches are specified by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined, and the result is a secure software product built from existing and/or tailor-made security components.

Developing Secure Software Using UML Patterns

2017 ◽  
pp. 741-781
Author(s):  
Holger Schmidt ◽  
Denis Hatebur ◽  
Maritta Heisel
Keyword(s):  
Security Architecture ◽  
Engineering Process ◽  
Security Engineering ◽  
Problem Frames ◽  
Architectural Patterns ◽  
Software Product ◽  
Secure Software ◽  
Security Problem ◽  
Security Components ◽  
Associated Solution

This chapter presents a security engineering process based on UML security problem frames and concretized UML security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Then, solution approaches are specified by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined, and the result is a secure software product built from existing and/or tailor-made security components.

scholarly journals A Robust Security Architecture for SDN-Based 5G Networks

2019 ◽  
Vol 11 (4) ◽  
pp. 85 ◽  
Author(s):  
Jiaying Yao ◽  
Zhigeng Han ◽  
Muhammad Sohail ◽  
Liangmin Wang
Keyword(s):  
Mobile Communications ◽  
Vital Role ◽  
Security Architecture ◽  
5G Networks ◽  
High Data ◽  
5G Network ◽  
Security Problem ◽  
Network Communications ◽  
Cellular Mobile ◽  
Better Than

5G is the latest generation of cellular mobile communications. Due to its significant advantage in high data rate, reduced latency and massive device connectivity, the 5G network plays a vital role in today’s commercial telecommunications networks. However, the 5G network also faces some challenges when used in practice. This is because it consists of various diverse ingredients, termed heterogeneity. The heterogeneity of the 5G network has two consequences: first, it prevents us to use this technology in a uniform way, preventing the wide use of 5G technology; second, it complicates the structure of the 5G network, making it hard to monitor what is going on in a 5G network. To break through this limitation, researchers have worked in this field and design their own protocol, in which software-defined networking (SDN) is one key design concept. By separating control and data plane, SDN can make the 5G network functional and programmable, such that we can handle the heterogeneity in traditional 5G networks. In light of this, we say that SDN-5G network is attractive, but its advantages are not free. The intelligence centralization used in SDN has its own drawbacks when it comes to security. To break through this limitation, we propose a robust security architecture for SDN-based 5G Networks. To find the illegal request from malicious attackers, we add extra cryptographic authentication, termed synchronize secret. The basic idea of our scheme is leveraging preload secrets to differ attacks from regular network communications. The simulation results indicate that our work can completely handle the security problem from SDN with a low disconnect rate of 0.01%, which is much better than that from state of the art.

scholarly journals Secure Virtualization for Cloud Environment Using Guest OS and VMM-based Technology

2020 ◽  
Vol 1 (2013) ◽  
pp. 61-67
Keyword(s):  
Cloud Computing ◽  
Minimum Cost ◽  
Security Architecture ◽  
Cloud Environment ◽  
Service Cost ◽  
Privacy Concerns ◽  
Security Components ◽  
Cloud User ◽  
Digital Assets

Cloud computing, the utility base computing, is going to become the mainstream of IT future. Governments and enterprises are realizing that by immigrating into the cloud they can significantly enhance their current infrastructure or application services with minimum cost and maximum elasticity. But securing cloud user digital assets and addressing privacy concerns of cloud costumers has become serious challenge. Providing security in cloud always has to consider performance. Employing high secure methods with massive complexity will increase overall service cost, to address this problem in this paper a two- tier security architecture is proposed. This architecture use multiple work mode for security components in guest level to decrease security process over-head and a security supervisory in hypervisor layer to make sure avoiding from false security alarms

scholarly journals BMC-SDN: Blockchain-Based Multicontroller Architecture for Secure Software-Defined Networks

2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Abdelouahid Derhab ◽  
Mohamed Guerroumi ◽  
Mohamed Belaoued ◽  
Omar Cheikhrouhou
Keyword(s):  
Network Flow ◽  
Large Scale ◽  
Flow Rule ◽  
Security Architecture ◽  
Software Defined Networks ◽  
Reputation Mechanism ◽  
Master Controller ◽  
Secure Software ◽  
Block Based ◽  
Large Scale Networks

Multicontroller software-defined networks have been widely adopted to enable management of large-scale networks. However, they are vulnerable to several attacks including false data injection, which creates topology inconsistency among controllers. To deal with this issue, we propose BMC-SDN, a security architecture that integrates blockchain and multicontroller SDN and divides the network into several domains. Each SDN domain is managed by one master controller that communicates through blockchain with the masters of the other domains. The master controller creates blocks of network flow updates, and its redundant controllers validate the new block based on a proposed reputation mechanism. The reputation mechanism rates the controllers, i.e., block creator and voters, after each voting operation using constant and combined adaptive fading reputation strategies. The evaluation results demonstrate a fast and optimal detection of fraudulent flow rule injection.

Formal Specification and Implementation of Priority Queue using Stream Functions

2013 ◽  
Vol 1 (3) ◽  
pp. 66-75 ◽  
Author(s):  
Gongzhu Hu ◽  
Jin Zhang ◽  
Roger Lee
Keyword(s):  
Formal Specification ◽  
Finite State Machine ◽  
Priority Queue ◽  
Research Area ◽  
Software Components ◽  
Formal Models ◽  
Regular Behavior ◽  
Finite State ◽  
Stream Functions ◽  
A Priority

Formal specification of software components, as a core research area in software engineering, has been widely studied for decades. Although quite a few formal models have been proposed for this purpose, specification of concrete software components is still a challenging task due to the complexity of the functionalities of the components. In this paper, the authors use the stream function model to specify the behavior of priority queue, a commonly used software component. This specification formally defines the regular behavior and fault tolerance behavior of priority queue. In particular, a priority-concatenation operator is defined to handle the ordering of data items to ensure the highest-priority item is removed first. A finite state machine is built based on this specification as an implementation of priority queue. In addition, the authors also discuss a priority upgrading approach to handle possible starvation situation of low-priority data items in the priority queue.

A Survey on Secure Software Development Lifecycles

2014 ◽  
pp. 17-33
Author(s):  
José Fonseca ◽  
Marco Vieira
Keyword(s):  
Software Development ◽  
Software Security ◽  
Software Products ◽  
Development Lifecycle ◽  
Software Product ◽  
Secure Software ◽  
Secure Software Development ◽  
Software Development Practices ◽  
Complete Solutions ◽  
The Web

This chapter presents a survey on the most relevant software development practices that are used nowadays to build software products for the web, with security built in. It starts by presenting three of the most relevant Secure Software Development Lifecycles, which are complete solutions that can be adopted by development companies: the CLASP, the Microsoft Secure Development Lifecycle, and the Software Security Touchpoints. However it is not always feasible to change ongoing projects or replace the methodology in place. So, this chapter also discusses other relevant initiatives that can be integrated into existing development practices, which can be used to build and maintain safer software products: the OpenSAMM, the BSIMM, the SAFECode, and the Securosis. The main features of these security development proposals are also compared according to their highlights and the goals of the target software product.

Sign in / Sign up

Export Citation Format

Share Document