Security patterns: Comparing modeling approaches

Armstrong Nhlabatsi, Arosha Bandara, Shinpei Hayashi, Charles B. Haley, Jan Jurjens, Haruhiko Kaiya, Atsuto Kubo, Robin Laney, Haralambos Mouratidis, Bashar Nuseibeh, Thein T. Tun, Hironori Washizaki, Nobukazu Yoshioka, Yijun Yu

    研究成果: Chapter

    16 引用 (Scopus)

    抄録

    Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: Problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns.

    元の言語English
    ホスト出版物のタイトルSoftware Engineering for Secure Systems: Industrial and Research Perspectives
    出版者IGI Global
    ページ75-111
    ページ数37
    ISBN(印刷物)9781615208371
    DOI
    出版物ステータスPublished - 2010

    Fingerprint

    Requirements engineering
    Software engineering
    Computer systems

    ASJC Scopus subject areas

    • Computer Science(all)

    これを引用

    Nhlabatsi, A., Bandara, A., Hayashi, S., Haley, C. B., Jurjens, J., Kaiya, H., ... Yu, Y. (2010). Security patterns: Comparing modeling approaches. : Software Engineering for Secure Systems: Industrial and Research Perspectives (pp. 75-111). IGI Global. https://doi.org/10.4018/978-1-61520-837-1.ch004

    Security patterns : Comparing modeling approaches. / Nhlabatsi, Armstrong; Bandara, Arosha; Hayashi, Shinpei; Haley, Charles B.; Jurjens, Jan; Kaiya, Haruhiko; Kubo, Atsuto; Laney, Robin; Mouratidis, Haralambos; Nuseibeh, Bashar; Tun, Thein T.; Washizaki, Hironori; Yoshioka, Nobukazu; Yu, Yijun.

    Software Engineering for Secure Systems: Industrial and Research Perspectives. IGI Global, 2010. p. 75-111.

    研究成果: Chapter

    Nhlabatsi, A, Bandara, A, Hayashi, S, Haley, CB, Jurjens, J, Kaiya, H, Kubo, A, Laney, R, Mouratidis, H, Nuseibeh, B, Tun, TT, Washizaki, H, Yoshioka, N & Yu, Y 2010, Security patterns: Comparing modeling approaches. : Software Engineering for Secure Systems: Industrial and Research Perspectives. IGI Global, pp. 75-111. https://doi.org/10.4018/978-1-61520-837-1.ch004
    Nhlabatsi A, Bandara A, Hayashi S, Haley CB, Jurjens J, Kaiya H その他. Security patterns: Comparing modeling approaches. : Software Engineering for Secure Systems: Industrial and Research Perspectives. IGI Global. 2010. p. 75-111 https://doi.org/10.4018/978-1-61520-837-1.ch004
    Nhlabatsi, Armstrong ; Bandara, Arosha ; Hayashi, Shinpei ; Haley, Charles B. ; Jurjens, Jan ; Kaiya, Haruhiko ; Kubo, Atsuto ; Laney, Robin ; Mouratidis, Haralambos ; Nuseibeh, Bashar ; Tun, Thein T. ; Washizaki, Hironori ; Yoshioka, Nobukazu ; Yu, Yijun. / Security patterns : Comparing modeling approaches. Software Engineering for Secure Systems: Industrial and Research Perspectives. IGI Global, 2010. pp. 75-111
    @inbook{47f34a85c54840518e7af3e9106f8648,
    title = "Security patterns: Comparing modeling approaches",
    abstract = "Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: Problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns.",
    author = "Armstrong Nhlabatsi and Arosha Bandara and Shinpei Hayashi and Haley, {Charles B.} and Jan Jurjens and Haruhiko Kaiya and Atsuto Kubo and Robin Laney and Haralambos Mouratidis and Bashar Nuseibeh and Tun, {Thein T.} and Hironori Washizaki and Nobukazu Yoshioka and Yijun Yu",
    year = "2010",
    doi = "10.4018/978-1-61520-837-1.ch004",
    language = "English",
    isbn = "9781615208371",
    pages = "75--111",
    booktitle = "Software Engineering for Secure Systems: Industrial and Research Perspectives",
    publisher = "IGI Global",

    }

    TY - CHAP

    T1 - Security patterns

    T2 - Comparing modeling approaches

    AU - Nhlabatsi, Armstrong

    AU - Bandara, Arosha

    AU - Hayashi, Shinpei

    AU - Haley, Charles B.

    AU - Jurjens, Jan

    AU - Kaiya, Haruhiko

    AU - Kubo, Atsuto

    AU - Laney, Robin

    AU - Mouratidis, Haralambos

    AU - Nuseibeh, Bashar

    AU - Tun, Thein T.

    AU - Washizaki, Hironori

    AU - Yoshioka, Nobukazu

    AU - Yu, Yijun

    PY - 2010

    Y1 - 2010

    N2 - Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: Problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns.

    AB - Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: Problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns.

    UR - http://www.scopus.com/inward/record.url?scp=84873820076&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=84873820076&partnerID=8YFLogxK

    U2 - 10.4018/978-1-61520-837-1.ch004

    DO - 10.4018/978-1-61520-837-1.ch004

    M3 - Chapter

    AN - SCOPUS:84873820076

    SN - 9781615208371

    SP - 75

    EP - 111

    BT - Software Engineering for Secure Systems: Industrial and Research Perspectives

    PB - IGI Global

    ER -