Abstract security patterns for requirements specification and analysis of secure systems

Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Joseph Yoder

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    9 Citations (Scopus)

    Abstract

    During the requirements and analysis stages of software development, the primary goal is to define precise requirements rather than being concerned with the details of software realizations. Security is a semantic aspect of applications and their constraints on the application should de described at this moment. From a security point of view we only want to indicate which specific security controls are needed, rather than getting involved with low-level design and implementation details. Therefore, at these stages, it is useful to have a set of patterns which define abstract security mechanisms. These patterns should specify only the fundamental characteristics of the security mechanism or service, not specific software aspects. We present the concept of Abstract Security Pattern (ASP), which describes a conceptual security mechanism that realizes one or more security policies able to handle a threat or comply with a security-related regulation or institutional policy. We present a detailed example of an ASP. We relate ASPs to each other using pattern diagrams as well as to Security Solution Frames and tactics. Finally, we discuss their value for defining security requirements and for building secure systems.

    Original languageEnglish
    Title of host publicationCIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering
    PublisherUniversidad de la Frontera
    Pages437-450
    Number of pages14
    ISBN (Print)9789562362474
    Publication statusPublished - 2014
    Event17th Ibero-American Conference on Software Engineering, CIBSE 2014 - Pucon
    Duration: 2014 Apr 232014 Apr 25

    Other

    Other17th Ibero-American Conference on Software Engineering, CIBSE 2014
    CityPucon
    Period14/4/2314/4/25

    Fingerprint

    Specifications
    Software engineering
    Semantics

    ASJC Scopus subject areas

    • Artificial Intelligence
    • Information Systems
    • Software

    Cite this

    Fernandez, E. B., Yoshioka, N., Washizaki, H., & Yoder, J. (2014). Abstract security patterns for requirements specification and analysis of secure systems. In CIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering (pp. 437-450). Universidad de la Frontera.

    Abstract security patterns for requirements specification and analysis of secure systems. / Fernandez, Eduardo B.; Yoshioka, Nobukazu; Washizaki, Hironori; Yoder, Joseph.

    CIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering. Universidad de la Frontera, 2014. p. 437-450.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Fernandez, EB, Yoshioka, N, Washizaki, H & Yoder, J 2014, Abstract security patterns for requirements specification and analysis of secure systems. in CIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering. Universidad de la Frontera, pp. 437-450, 17th Ibero-American Conference on Software Engineering, CIBSE 2014, Pucon, 14/4/23.
    Fernandez EB, Yoshioka N, Washizaki H, Yoder J. Abstract security patterns for requirements specification and analysis of secure systems. In CIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering. Universidad de la Frontera. 2014. p. 437-450
    Fernandez, Eduardo B. ; Yoshioka, Nobukazu ; Washizaki, Hironori ; Yoder, Joseph. / Abstract security patterns for requirements specification and analysis of secure systems. CIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering. Universidad de la Frontera, 2014. pp. 437-450
    @inproceedings{912b8a5900d241c69c14dd31deaaf1f3,
    title = "Abstract security patterns for requirements specification and analysis of secure systems",
    abstract = "During the requirements and analysis stages of software development, the primary goal is to define precise requirements rather than being concerned with the details of software realizations. Security is a semantic aspect of applications and their constraints on the application should de described at this moment. From a security point of view we only want to indicate which specific security controls are needed, rather than getting involved with low-level design and implementation details. Therefore, at these stages, it is useful to have a set of patterns which define abstract security mechanisms. These patterns should specify only the fundamental characteristics of the security mechanism or service, not specific software aspects. We present the concept of Abstract Security Pattern (ASP), which describes a conceptual security mechanism that realizes one or more security policies able to handle a threat or comply with a security-related regulation or institutional policy. We present a detailed example of an ASP. We relate ASPs to each other using pattern diagrams as well as to Security Solution Frames and tactics. Finally, we discuss their value for defining security requirements and for building secure systems.",
    author = "Fernandez, {Eduardo B.} and Nobukazu Yoshioka and Hironori Washizaki and Joseph Yoder",
    year = "2014",
    language = "English",
    isbn = "9789562362474",
    pages = "437--450",
    booktitle = "CIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering",
    publisher = "Universidad de la Frontera",

    }

    TY - GEN

    T1 - Abstract security patterns for requirements specification and analysis of secure systems

    AU - Fernandez, Eduardo B.

    AU - Yoshioka, Nobukazu

    AU - Washizaki, Hironori

    AU - Yoder, Joseph

    PY - 2014

    Y1 - 2014

    N2 - During the requirements and analysis stages of software development, the primary goal is to define precise requirements rather than being concerned with the details of software realizations. Security is a semantic aspect of applications and their constraints on the application should de described at this moment. From a security point of view we only want to indicate which specific security controls are needed, rather than getting involved with low-level design and implementation details. Therefore, at these stages, it is useful to have a set of patterns which define abstract security mechanisms. These patterns should specify only the fundamental characteristics of the security mechanism or service, not specific software aspects. We present the concept of Abstract Security Pattern (ASP), which describes a conceptual security mechanism that realizes one or more security policies able to handle a threat or comply with a security-related regulation or institutional policy. We present a detailed example of an ASP. We relate ASPs to each other using pattern diagrams as well as to Security Solution Frames and tactics. Finally, we discuss their value for defining security requirements and for building secure systems.

    AB - During the requirements and analysis stages of software development, the primary goal is to define precise requirements rather than being concerned with the details of software realizations. Security is a semantic aspect of applications and their constraints on the application should de described at this moment. From a security point of view we only want to indicate which specific security controls are needed, rather than getting involved with low-level design and implementation details. Therefore, at these stages, it is useful to have a set of patterns which define abstract security mechanisms. These patterns should specify only the fundamental characteristics of the security mechanism or service, not specific software aspects. We present the concept of Abstract Security Pattern (ASP), which describes a conceptual security mechanism that realizes one or more security policies able to handle a threat or comply with a security-related regulation or institutional policy. We present a detailed example of an ASP. We relate ASPs to each other using pattern diagrams as well as to Security Solution Frames and tactics. Finally, we discuss their value for defining security requirements and for building secure systems.

    UR - http://www.scopus.com/inward/record.url?scp=84906054103&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84906054103&partnerID=8YFLogxK

    M3 - Conference contribution

    AN - SCOPUS:84906054103

    SN - 9789562362474

    SP - 437

    EP - 450

    BT - CIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering

    PB - Universidad de la Frontera

    ER -