Abstract security patterns for requirements specification and analysis of secure systems

Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Joseph Yoder

研究成果: Conference contribution

11 被引用数 (Scopus)

抄録

During the requirements and analysis stages of software development, the primary goal is to define precise requirements rather than being concerned with the details of software realizations. Security is a semantic aspect of applications and their constraints on the application should de described at this moment. From a security point of view we only want to indicate which specific security controls are needed, rather than getting involved with low-level design and implementation details. Therefore, at these stages, it is useful to have a set of patterns which define abstract security mechanisms. These patterns should specify only the fundamental characteristics of the security mechanism or service, not specific software aspects. We present the concept of Abstract Security Pattern (ASP), which describes a conceptual security mechanism that realizes one or more security policies able to handle a threat or comply with a security-related regulation or institutional policy. We present a detailed example of an ASP. We relate ASPs to each other using pattern diagrams as well as to Security Solution Frames and tactics. Finally, we discuss their value for defining security requirements and for building secure systems.

本文言語English
ホスト出版物のタイトルCIBSE2014
ホスト出版物のサブタイトルProceedings of the 17th Ibero-American Conference Software Engineering
出版社Universidad de la Frontera
ページ437-450
ページ数14
ISBN(印刷版)9789562362474
出版ステータスPublished - 2014 1 1
イベント17th Ibero-American Conference on Software Engineering, CIBSE 2014 - Pucon, Chile
継続期間: 2014 4 232014 4 25

出版物シリーズ

名前CIBSE 2014: Proceedings of the 17th Ibero-American Conference Software Engineering

Conference

Conference17th Ibero-American Conference on Software Engineering, CIBSE 2014
国/地域Chile
CityPucon
Period14/4/2314/4/25

ASJC Scopus subject areas

  • 人工知能
  • 情報システム
  • ソフトウェア

フィンガープリント

「Abstract security patterns for requirements specification and analysis of secure systems」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル