TY - JOUR
T1 - Implementation support of security design patterns using test templates
AU - Yoshizawa, Masatoshi
AU - Washizaki, Hironori
AU - Fukazawa, Yoshiaki
AU - Okubo, Takao
AU - Kaiya, Haruhiko
AU - Yoshioka, Nobukazu
N1 - Funding Information:
This work was supported by JSPS KAKENHI Grant Numbers 25330091, 15H02686, 16H02804, and IISF SSR Forum 2015 and 2016.
Publisher Copyright:
© 2016 by the authors; licensee MDPI, Basel, Switzerland.
PY - 2016/6/15
Y1 - 2016/6/15
N2 - Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an "aspect test template" to observe the internal processing and a "test case template". Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.
AB - Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an "aspect test template" to observe the internal processing and a "test case template". Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.
KW - Aspect-oriented programming
KW - Model-based testing
KW - Security patterns
KW - Test-driven development
UR - http://www.scopus.com/inward/record.url?scp=84976597284&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84976597284&partnerID=8YFLogxK
U2 - 10.3390/info7020034
DO - 10.3390/info7020034
M3 - Article
AN - SCOPUS:84976597284
SN - 2078-2489
VL - 7
JO - Information (Switzerland)
JF - Information (Switzerland)
IS - 2
M1 - 34
ER -