Role-Based Access Control Models
Computer
Software architecture: perspectives on an emerging discipline
Software architecture: perspectives on an emerging discipline
Pattern-oriented software architecture: a system of patterns
Pattern-oriented software architecture: a system of patterns
Security in computing
Secure electronic commerce: building the infrastructure for digital signatures and encryption
Secure electronic commerce: building the infrastructure for digital signatures and encryption
The Unified Modeling Language user guide
The Unified Modeling Language user guide
The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
Reusable component interconnection patterns for distributed software architectures
SSR '01 Proceedings of the 2001 symposium on Software reusability: putting software reuse in context
Designing Concurrent, Distributed, and Real-Time Applications with Uml
Designing Concurrent, Distributed, and Real-Time Applications with Uml
Software Engineering
Security Benefits from Software Architecture
COORDINATION '97 Proceedings of the Second International Conference on Coordination Languages and Models
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Multiple-View Meta-Modeling of Software Product Lines
ICECCS '02 Proceedings of the Eighth International Conference on Engineering of Complex Computer Systems
Evolution in multiple-view models of software product families
Evolution in multiple-view models of software product families
An Approach for Modeling and Analysis of Security System Architectures
IEEE Transactions on Knowledge and Data Engineering
Designing Software Product Lines with UML: From Use Cases to Pattern-Based Software Architectures
Designing Software Product Lines with UML: From Use Cases to Pattern-Based Software Architectures
Modeling Complex Systems by Separating Application and Security Concerns
ICECCS '04 Proceedings of the Ninth IEEE International Conference on Engineering Complex Computer Systems Navigating Complexity in the e-Engineering Age
Eliciting security requirements with misuse cases
Requirements Engineering
Towards an architectural treatment of software security: a connector-centric approach
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Modeling behavioral design patterns of concurrent objects
Proceedings of the 28th international conference on Software engineering
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
A systematic review of security requirements engineering
Computer Standards & Interfaces
Incremental security verification for evolving UMLsec models
ECMFA'11 Proceedings of the 7th European conference on Modelling foundations and applications
REUBI: A Requirements Engineering method for ubiquitous systems
Science of Computer Programming
Specifying model changes with UMLchange to support security verification of potential evolution
Computer Standards & Interfaces
Hi-index | 0.00 |
This paper describes an approach to modeling the evolution of non-secure applications into secure applications in terms of the software requirements model and software architecture model. The requirements for security services are captured separately from application requirements, and the security services are encapsulated in connectors in the software architecture, separately from the components providing functional services. The enterprise architecture is described in terms of use case models, static models, and dynamic models. The software architecture is described in terms of components and connectors, which can be deployed to distributed configurations. By separating application concerns from security concerns, the evolution from a non-secure application to a secure application can be achieved with less impact on the application. An electronic commerce system is described to illustrate the approach.