Abstract-This paper describes security failure-tolerant requirements, which tolerate the failures of security services that protect applications from security attacks. A security service, such as authentication, confidentiality or integrity security service, can be always broken down as advanced attack skills are coined. There is no security service that is forever secure. This paper describes an approach to developing the security failure-tolerant use case that specifies the security requirements for tolerating the breaches of security services. A security failure-tolerant use case is modeled along with application use case and security use case, and specified with application use case description. Threats to applications are identified and modeled to develop security failure-tolerant requirements. Online shopping system is used for illustrating security failure-tolerant requirements.
This paper describes the design of secure connectors that are used in the design of secure software architectures for distributed business applications. Mixing security concerns with business concerns in software architectures makes applications more complex. With the goal of making secure software architectures more maintainable and evolvable, the secure connectors proposed in this paper are designed separately from business application components by considering different communication patterns between the components as well as security services required by application components. Each secure connector encapsulates security relevant objects to provide application components with security services. In this paper, secure connectors are applied to design the software architectures of electronic commerce and automated teller machine applications.
This paper describes an approach to analyzing security failure-tolerant (SFT) requirements that are specified by means of SFT use cases, along with security use cases and application use cases for application systems. The SFT requirements are analyzed with the analysis model that consists of the static model and dynamic model. A meta-modeling approach is taken to specify the static and dynamic models for analysis of SFT requirements. Threats are identified in the analysis of SFT requirements, and SFT countermeasures against the threats are specified in the analysis model. An online shopping system is used for illustrating our approach.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.