A framework for exploiting security expertise in application development

Authors:
Theodoros Balopoulos;Lazaros Gymnopoulos;Maria Karyda;Spyros Kokolakis;Stefanos Gritzalis;Sokratis Katsikas
Affiliations:
Laboratory of Information and Communication Systems Security (Info-Sec-Lab), Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece;Laboratory of Information and Communication Systems Security (Info-Sec-Lab), Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece;Laboratory of Information and Communication Systems Security (Info-Sec-Lab), Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece;Laboratory of Information and Communication Systems Security (Info-Sec-Lab), Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece;Laboratory of Information and Communication Systems Security (Info-Sec-Lab), Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece;Laboratory of Information and Communication Systems Security (Info-Sec-Lab), Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece
Venue:
TrustBus'06 Proceedings of the Third international conference on Trust, Privacy, and Security in Digital Business
Year:
2006

Citing 9
Cited 0

Information systems security design methods: implications for information systems development

ACM Computing Surveys (CSUR)
Design patterns: elements of reusable object-oriented software

Design patterns: elements of reusable object-oriented software
Ontology in information security: a useful theoretical foundation and methodological tool

Proceedings of the 2001 workshop on New security paradigms
Towards Development of Secure Systems Using UMLsec

FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
Communicating security agents

WET-ICE '96 Proceedings of the 5th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE'96)
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications

Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Security Patterns: Integrating Security and Systems Engineering

Security Patterns: Integrating Security and Systems Engineering
An ontology for secure e-government applications

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods

Information and Organization

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a framework that employs security ontologies and security patterns to provide application developers with a way to utilize security expertise. Through the development of a security ontology, developers locate the major security-related concepts relevant to their application context. Security patterns are then integrated with these concepts to provide tested solutions for accommodating security requirements.