TY - JOUR
T1 - Using a variety of patterns in a secure software development methodology
AU - Fernandez, Eduardo B.
AU - Yoshioka, Nobukazu
N1 - Publisher Copyright:
Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
PY - 2021
Y1 - 2021
N2 - Building secure software systems requires the application of a systematic methodology. A security methodology includes a security process and a conceptual security framework consisting of security artifacts such as patterns. In this work we consider systems designed using patterns. In previous work we proposed a secure systems development methodology that uses security patterns. This methodology applies security throughout the whole lifecycle and considers all architectural levels. As part of this work we have produced a variety of security patterns. As it is difficult for designers to select security patterns, we proposed SSFs (Security Solution Frames), which are hierarchical combinations of related patterns. We introduce now a new artifact, the Security Cluster, an application-oriented combination of SSFs which further facilitates the use of security patterns to build secure applications. We also present a metamodel to get a perspective of the use of these artifacts.
AB - Building secure software systems requires the application of a systematic methodology. A security methodology includes a security process and a conceptual security framework consisting of security artifacts such as patterns. In this work we consider systems designed using patterns. In previous work we proposed a secure systems development methodology that uses security patterns. This methodology applies security throughout the whole lifecycle and considers all architectural levels. As part of this work we have produced a variety of security patterns. As it is difficult for designers to select security patterns, we proposed SSFs (Security Solution Frames), which are hierarchical combinations of related patterns. We introduce now a new artifact, the Security Cluster, an application-oriented combination of SSFs which further facilitates the use of security patterns to build secure applications. We also present a metamodel to get a perspective of the use of these artifacts.
KW - Secure software development
KW - Security patterns
KW - Software architecture
KW - Software security
KW - Systems security
UR - http://www.scopus.com/inward/record.url?scp=85101254312&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85101254312&partnerID=8YFLogxK
M3 - Conference article
AN - SCOPUS:85101254312
VL - 2809
SP - 26
EP - 32
JO - CEUR Workshop Proceedings
JF - CEUR Workshop Proceedings
SN - 1613-0073
T2 - 2018 International Workshop on Evidence-Based Security and Privacy in the Wild and the 1st International Workshop on Machine Learning Systems Engineering, WESPr-iMLSE 2018
Y2 - 4 December 2018
ER -