Software architecture: perspectives on an emerging discipline
Software architecture: perspectives on an emerging discipline
Problem frames: analyzing and structuring software development problems
Problem frames: analyzing and structuring software development problems
Security in Computing
Relating Software Requirements and Architectures Using Problem Frames
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Architecture-driven Problem Decomposition
RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Component composition through architectural patterns for problem frames
APSEC '06 Proceedings of the XIII Asia Pacific Software Engineering Conference
An Analysis of the Security Patterns Landscape
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
From goal-driven security requirements engineering to secure design
International Journal of Intelligent Systems - Goal-driven Requirements Engineering
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Designing security requirements models through planning
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment
Information and Software Technology
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
Hi-index | 0.00 |
Existing approaches only provide informal guidelines for the transition from security requirements to secure design. Carrying out this transition is highly non-trivial and error-prone, leaving the risk of introducing vulnerabilities. This paper presents a pattern-oriented approach to connect security requirements analysis and secure architectural design. Following the divide & conquer principle, a software development problem is divided into simpler subproblems based on security requirements analysis patterns. We complement each of these patterns with architectural security patterns tailored to solve classes of security subproblems.We use UMLsec together with the advanced modeling possibilities for software architectures of UML 2.3 to equip the architectural security patterns with security properties, and to allow tool-supported analysis and composition of instances of these patterns. We validate our approach using two case studies and illustrate its support for Common Criteria certifications.