Effective Security Impact Analysis with Patterns for Software Enhancement

Okubo, Takao; Kaiya, Haruhiko; Yoshioka, Nobukazu

doi:10.1109/ares.2011.79

Cited by 11 publications

(7 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The mal-activity diagram 1 [8] in figure 1 describes the expected order and sequence of events which include the user initiated events (white objects) and the attacker/misuser events (black objects) with arrows indicating the flow of activities. It also shows the countermeasures (gray objects) to the identified security threats and the points at which the countermeasures are expected to be applied in order to mitigate the threats appropriately.…”

Section: The "Make Referral" Use Casementioning

confidence: 99%

System security requirements analysis with answer set programming

Bibu

Yoshioka

Padget

2012

2012 Second IEEE International Workshop on Requirements Engineering for Systems, Services, and Systems-of-Systems (RESS)

Self Cite

View full text Add to dashboard Cite

The need for early consideration of security during system design and development cannot be over-emphasized, since this allows security features to be properly integrated into the system rather than added as patches later on. A necessary pre-requisite is the elicitation and analysis of the security requirements prior to system design. Existing methods for the security requirements phase, such as attack trees and misuse case analysis, use manual means for analysis, with which it is difficult to validate and analyse system properties exhaustively. We present a computational solution to this problem using an institutional (also called normative) specification to capture the requirements in the InstAL action language, which in turn is implemented in answer set programming (a kind of logic programming language). The result of solving the answer set program with respect to a set of events is a set of traces that capture the evolution of the model over time (as defined by the occurrence of events). Verification is achieved by querying the traces for specific system properties. Using a simple scenario, we show how any state of the system can be verified with respect to the events that brought about that state. We also demonstrate how the same traces enable: (i) identification of possible times and causes of security breaches and (ii) establishment of possible consequences of security violations.

show abstract

Section: The "Make Referral" Use Casementioning

confidence: 99%

System security requirements analysis with answer set programming

Bibu

Yoshioka

Padget

2012

2012 Second IEEE International Workshop on Requirements Engineering for Systems, Services, and Systems-of-Systems (RESS)

Self Cite

View full text Add to dashboard Cite

show abstract

“…We describe the process of data extraction of the 10 studies remaining in Section 3. These studies are identified throughout this paper as S1 to S10 as follows: S1 -Adaptive requirement-driven architecture for integrated healthcare systems (Yang et al, 2010) S2 -Analysing security requirements patterns based on problems decomposition and composition (Wen et al, 2011) S3 -An architectural framework of the integrated transportation information service system (Chang and Gan, 2009) S4 -Application of ontologies in identifying requirements patterns in use cases (Couto et al, 2014) S5 -Effective security impact analysis with patterns for software enhancement (Okubo et al, 2011) S6 -From requirement to design patterns for ubiquitous computing applications (Knote et al, 2016) S7 -Modeling design patterns with description logics: A case study (Asnar et al, 2011) S8 -Mutation patterns for temporal requirements of reactive systems (Trakhtenbrot, 2017) S9 -SACS: A pattern language for Safe Adaptive Control Software (Hauge and Stølen, 2011) S10 -Re-engineering legacy Web applications into RIAs by aligning modernization requirements, patterns and RIA features (Conejero et al, 2013) . A detailed view of the conduction phase: automatic search, duplicate study exclusion, study selection, data extraction, snowballing, and data synthesis.…”

Section: Selection Of Primary Studiesmentioning

confidence: 99%

A revisited systematic literature mapping on the support of requirement patterns for the software development life cycle

Kudo

Bulcão-Neto

Vincenzi

et al. 2019

JSERD

View full text Add to dashboard Cite

In the past few years, the literature has shown that the practice of reuse through requirement patterns is an effective alternative to address specification quality issues, with the additional benefit of time savings. Due to the interactions between requirements engineering and other phases of the software development life cycle (SDLC), these benefits may extend to the entire development process. This paper describes a revisited systematic literature mapping (SLM) that identifies and analyzes research that demonstrates those benefits from the use of requirement patterns for software design, construction, testing, and maintenance. In this extended version, the SLM protocol includes automatic search over two additional sources of information and the application of the snowballing technique, resulting in ten primary studies for analysis and synthesis. In spite of this new version of the SLM protocol, results still point out a small number of studies on requirement patterns at the SDLC (excluding requirements engineering). Results indicate that there is yet an open field for research that demonstrates, through empirical evaluation and usage in practice, the pertinence of requirement patterns at software design, construction, testing, and maintenance.

show abstract

“…-Okubo et al [57] propose a method for security impact and security requirements analyzes. There are two types of security impact described with more details in the paper: horizontal impact on artifacts in the same stage and vertical impact on artifacts in a later stage.…”

Section: Patterns Not Modelsmentioning

confidence: 99%

“…The method proposed by Okubo et al [57] makes use of security requirements patterns and security design patterns.…”

Section:  Not Modelsmentioning

confidence: 99%

Reusable knowledge in security requirements engineering: a systematic mapping study

et al. 2015

View full text Add to dashboard Cite

International audienceSecurity is a concern that must be taken into consideration starting from the early stages of system development. Over the last two decades, researchers and engineers have developed a considerable number of methods for security requirements engineering. Some of them rely on the (re)use of security knowledge. Despite some existing surveys about security requirements engineering , there is not yet any reference for researchers and practitioners that presents in a systematic way the existing proposals, techniques, and tools related to security knowledge reuse in security requirements engineering. The aim of this paper is to fill this gap by looking into drawing a picture of the literature on knowledge and reuse in security requirements engineering. The questions we address are related to methods, techniques, modeling frameworks, and tools for and by reuse in security requirements engineering. We address these questions through a systematic mapping study. The mapping study was a literature review conducted with the goal of identifying, analyzing, and categorizing state-of-the-art research on our topic. This mapping study analyzes more than thirty approaches, covering 20 years of research in security requirements engineering. The contributions can be summarized as follows: (1) A framework was defined for analyzing and comparing the different proposals as well as categorizing future contributions related to knowledge reuse and security requirements engineering; (2) the different forms of knowledge representation and reuse were identified; and (3) previous surveys were updated. We conclude that most methods should introduce more reusable knowledge to manage security requirements

show abstract

Effective Security Impact Analysis with Patterns for Software Enhancement

Cited by 11 publications

References 21 publications

System security requirements analysis with answer set programming

System security requirements analysis with answer set programming

A revisited systematic literature mapping on the support of requirement patterns for the software development life cycle

Reusable knowledge in security requirements engineering: a systematic mapping study

Contact Info

Product

Resources

About