Selecting Security Patterns that Fulfill Security Requirements Method presentation by Ondrej...
-
Upload
christine-meryl-daniel -
Category
Documents
-
view
214 -
download
0
Transcript of Selecting Security Patterns that Fulfill Security Requirements Method presentation by Ondrej...
Selecting Security Patterns that Fulfill Security
Requirements
Method presentation by Ondrej Travnicek
Utrecht University Method Engineering 2014
Outline• Introduction
o Overviewo Main phases
• Related literatureo Pasto Presento Future
• Method description• Example• Conclusion
o Strengths / Opportunitieso Weaknesses / Threats
Utrecht University Method Engineering 2014
Introduction
• Purposeo To aid developers with the selection of security patterns
• Authorso Michael Weiss
• Associate professor• Carleton University (Ottawa, Canada)• Open source, ecosystems, mash-ups, patterns, and social network
analysiso Haralambos (Haris) Mouratidis
• Professor• University of Brighton (Brighton, UK)• Software systems engineering, security requirements engineering,
software engineering, information systems engineering
Utrecht University Method Engineering 2014
Overview
Introduction
• Build repositoryo Pattern investigation & decompositiono Search engine implementation
• Select patternso Inputo Search engine at worko Output
Utrecht University Method Engineering 2014
Main phases
Related literature
• From non-functional requirements to design through patterns (Gross & Yu, 2001)o Modeling the impact of security patternso Non-functional requirement frameworko Analysis employed by Weiss and Mouratidis (2008)
• Elaborating security requirements by construction of intentional anti- models (Van Lamsweerde, 2004)o Modeling, specification and analysis of security requirementso Security, not only an after thought
Utrecht University Method Engineering 2014
Past
Related literature
• Building a pattern repository: Benefitting from the open, lightweight, and participative nature of wikis (Weiss & Birokou, 2007)o Effects of increasing number of security patternso Pattern repository through wikis
• Using security patterns to develop secure systems (Fernandez et al., 2011)o Ongoing global collaborationo Use of patterns in development of secure systems
Utrecht University Method Engineering 2014
‘Present’
Related literature
• Legally “reasonable” security requirements: A 10-year FTC retrospective (Breaux & Baumer, 2011)o Investigation into “reasonable” security
• Otherso Cited: 22 timeso Application of the method
Utrecht University Method Engineering 2014
Future
Method description
Utrecht University Method Engineering 2014
Method represented using the Process-Deliverable Diagram (Weerd & Brinkkemper, 2008).
Example
From GRL model
to Prolog facts
Utrecht University Method Engineering 2014
Conclusion• Strengths / Opportunities
o Universalo Development heavy environment
• Weaknesses / Threatso Single project situationo Repository updateso Repository sources and builder
Utrecht University Method Engineering 2014
References• Breaux, T. D., & Baumer, D. L. (2011). Legally “reasonable” security requirements: A
10-year FTC retrospective. computers & security, 30(4), 178-193. • Fernandez, E. B., Yoshioka, N., Washizaki, H., Jurjens, J., VanHilst, M., & Pernul, G.
(2011). Using security patterns to develop secure systems, 2, 16-31.• Gross, D., & Yu, E. (2001). From non-functional requirements to design through
patterns. Requirements Engineering, 6(1), 18-36. • Van Lamsweerde, A. (2004). Elaborating security requirements by construction of
intentional anti- models. Proceedings of the 26th International Conference on Software Engineering (pp. 148-157). IEEE Computer Society.
• Weerd, I. van de, & Brinkkemper, S. (2008). Meta-modeling for situational analysis and design methods. In M.R. Syed and S.N. Syed (Eds.), Handbook of Research on Modern Systems Analysis and Design Technologies and Applications (pp. 38-58). Hershey: Idea Group Publishing.
• Weiss, M., & Birukou, A. (2007). Building a pattern repository: Benefitting from the open, lightweight, and participative nature of wikis. International Symposium on Wikis (WikiSym), ACM (pp. 21-23).
• Weiss, M., & Mouratidis, H. (2008). Selecting security patterns that fulfill security requirements. International Requirements Engineering, 2008. RE'08. 16th IEEE (pp. 169-172). Catalonia: IEEE.
Utrecht University Method Engineering 2014
Questions?
Utrecht University Method Engineering 2014