Effective security impact analysis with patterns for software enhancement

Takao Okubo*, Haruhiko Kaiya, Nobukazu Yoshioka

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Unlike functional implementations, it is difficult to analyze the impact software enhancements on security. One of the difficulties is identifying the range of effects by new security threats, and the other is developing proper countermeasures. This paper proposes an analysis process that uses two kinds of security pattern: security requirements patterns for identifying threats and security design patterns for identifying countermeasures at an action class level. With these two patterns and the conventional traceability methodology, developers can estimate and compare the amounts of modifications needed by multiple security countermeasures.

Original languageEnglish
Title of host publicationProceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011
Pages527-535
Number of pages9
DOIs
Publication statusPublished - 2011
Externally publishedYes
Event2011 6th International Conference on Availability, Reliability and Security, ARES 2011 - Vienna, Austria
Duration: 2011 Aug 222011 Aug 26

Publication series

NameProceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Conference

Conference2011 6th International Conference on Availability, Reliability and Security, ARES 2011
Country/TerritoryAustria
CityVienna
Period11/8/2211/8/26

Keywords

  • Application security
  • Software pattern
  • Software requirements engineering

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality

Cite this