Design patterns: elements of reusable object-oriented software
Design patterns: elements of reusable object-oriented software
Entity-relationship and object-oriented data modeling—an experimental comparison of design quality
Data & Knowledge Engineering
Understanding “why” in software process modelling, analysis, and design
ICSE '94 Proceedings of the 16th international conference on Software engineering
Experimentation in software engineering: an introduction
Experimentation in software engineering: an introduction
Information Security Management: Global Challenges in the New Millennium
Information Security Management: Global Challenges in the New Millennium
A Controlled Experiment in Maintenance Comparing Design Patterns to Simpler Solutions
IEEE Transactions on Software Engineering
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
The Pragmatics of Model-Driven Development
IEEE Software
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Security Engineering with Patterns: Origins, Theoretical Models, and New Applications
Security Patterns: Integrating Security and Systems Engineering
Security Patterns: Integrating Security and Systems Engineering
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Evaluation of object-oriented design patterns in game development
Information and Software Technology
Tools for secure systems development with UML
International Journal on Software Tools for Technology Transfer (STTT)
Automated analysis of security-design models
Information and Software Technology
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
Utilizing domain models for application design and validation
Information and Software Technology
Proceedings of the 4th International Conference on Design Science Research in Information Systems and Technology
CAiSE '09 Proceedings of the 21st International Conference on Advanced Information Systems Engineering
Security Analysis of a Biometric Authentication System Using UMLsec and JML
MODELS '09 Proceedings of the 12th International Conference on Model Driven Engineering Languages and Systems
Information and Software Technology
SQL Bible
From goal-driven security requirements engineering to secure design
International Journal of Intelligent Systems - Goal-driven Requirements Engineering
Tool support for code generation from a UMLsec property
Proceedings of the IEEE/ACM international conference on Automated software engineering
A systematic review of evaluation of variability management approaches in software product lines
Information and Software Technology
Connecting security requirements analysis and secure design using patterns and UMLsec
CAiSE'11 Proceedings of the 23rd international conference on Advanced information systems engineering
What Do We Know about the Effectiveness of Software Design Patterns?
IEEE Transactions on Software Engineering
Hi-index | 0.00 |
Context: Security in general, and database protection from unauthorized access in particular, are crucial for organizations. Although it has been long accepted that the important system requirements should be considered from the early stages of the development process, non-functional requirements such as security tend to get neglected or dealt with only at later stages of the development process. Objective: We present an empirical study conducted to evaluate a Pattern-based method for Secure Development - PbSD - that aims to help developers, in particular database designers, to design database schemata that comply with the organizational security policies regarding authorization, from the early stages of development. The method provides a complete framework to guide, enforce and verify the correct implementation of security policies within a system design, and eventually generate a database schema from that design. Method: The PbSD method was evaluated in comparison with a popular existing method that directly specifies the security requirements in SQL and Oracle's VPD. The two methods were compared with respect to the quality of the created access control specifications, the time it takes to complete the specification, and the perceived quality of the methods. Results: We found that the quality of the access control specifications using the PbSD method for secure development were better with respect to privileges granted in the table, column and row granularity levels. Moreover, subjects who used the PbSD method completed the specification task in less time compared to subjects who used SQL. Finally, the subjects perceived the PbSD method clearer and more easy to use. Conclusion: The pattern-based method for secure development can enhance the quality of security specification of databases, and decrease the software development time and cost. The results of the experiment may also indicate that the use of patterns in general has similar benefits; yet this requires further examinations.