Managing security requirements patterns using feature diagram hierarchies

Slavin, Rocky; Lehker, Jean Michel; Niu, Jianwei; Breaux, Travis D.

doi:10.1109/re.2014.6912261

Cited by 11 publications

(4 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In order to guide software practitioners into the proper utilization of security patterns in their projects, the security pattern research community must attend to the fine-grain details of selecting and applying patterns in practice. We have observed a variety of pattern selection techniques in the literature including the utilization of feature models (Nguyen et al, 2015), (Slavin et al, 2014), ontology (Arjona et al, 2014), (Guan et al, 2014), and selection rules (Li et al, 2014), (Pearson and Shen, 2010). There is a lesser degree of variety in the techniques used for applying patterns.…”

Section: Techniques For Selecting and Applying Security Patterns (Rq12)mentioning

confidence: 99%

Security patterns: A systematic mapping study

Jafari

Rasoolzadegan

2020

Journal of Computer Languages

View full text Add to dashboard Cite

Security patterns are a means to encapsulate and communicate proven security solutions. They are wellestablished approaches for introducing security into the software development process. Our objective is to explore the research efforts on security patterns and discuss the current state of the art. This study will serve as a guideline for researchers, practitioners, and teachers interested in this field. We have conducted a systematic mapping study of relevant literature from 1997 until the end of 2017 and identified 403 relevant papers, 274 of which were selected for analysis based on quality criteria. This study derives a customized research strategy from established systematic approaches in the literature. We have utilized an exhaustive 3-tier search strategy to ensure a high degree of completeness during the study collection and used a test set to evaluate our search. The first 3 research questions address the demographics of security pattern research such as topic classification, trends, and distribution between academia and industry, along with prominent researchers and venues. The next 9 research questions focus on more indepth analyses such as pattern presentation notations and classification criteria, pattern evaluation techniques, and pattern usage environments. The results and discussions of this study have significant implications for researchers, practitioners, and teachers in software engineering and information security. to the end of 2017 Security pattern related research (Development, Evaluation, Usage)TABLE 1 COMPARISON BETWEEN OUR WORK AND OTHER REVIEWSpattern research and instead, attempted to cover the entire research spectrum in this field. We initially planned to utilize only two search strategies (manual search and backward snowballing), but we found that these two approaches were lacking in a few specific instances. The issue with backward snowballing and manual search is that they rely on the cross-reference relationship between research papers. Papers referenced from multiple other papers, or published in commonly occurring venues are easily discovered, whereas isolated papers in unexpected venues have a chance of never being found. Another issue with backward snowballing stems from its backward nature. The search period for our study was up to the end of 2017, but to find 2017 papers through backward snowballing, we had to analyze papers published after that period (2018 and up) which was out of our scope. Similarly, newer papers with fewer citations are hard to discover through backward snowballing. Adding a database search proved beneficial as we discovered 97 new papers, 64 of which were included.The time period for the study of Uzunov et al. (Uzunov et al., 2012) and Yoshioka et al. (Yoshioka et al., 2008) in Table 1 are not explicitly stated, but are extracted based on the references list. In the work of Bunke et al. (Bunke et al., 2012), the mentioned number of studies consists of other non-primary studies (e.g. tech reports, books, surveys). This work utilizes three search strat...

show abstract

Section: Techniques For Selecting and Applying Security Patterns (Rq12)mentioning

confidence: 99%

Security patterns: A systematic mapping study

Jafari

Rasoolzadegan

2020

Journal of Computer Languages

View full text Add to dashboard Cite

show abstract

“…The authors also summarize the techniques and methods used in these categories. Slavin et al [13] introduce the security requirement patterns that represent reusable security practices that software engineers can apply to improve security in their systems. The paper proposes a new method that combines an inquiry cycle-based approach with the feature diagram notation to review only relevant patterns and Modelling of IoT units for estimating quality of service A.…”

Section: (B) Security and Privacy Challenges Within Iotmentioning

confidence: 99%

Modelling of Internet of Things units for estimating security-energy-performance relationships for quality of service and environment awareness

Venčkauskas

Štuikys

Damaševičius

et al. 2016

Security Comm. Networks

View full text Add to dashboard Cite

Complexity of Internet of Things (IoT) applications and difficulty to predict their behaviour in wireless communications make modelling of IoT units an important research topic. The IoT unit is considered here as the two‐node IoT model that supports bi‐directional wireless communications. There are many approaches to model security and energy awareness; however, little is known about the synergistic effect of those factors at the application level under the influence of environmental factors such as noise. The paper introduces a modelling framework to model the security‐energy‐environment issues as main attributes to allow defining quality of service (QoS) for the IoT‐based applications. Among others, the healthcare ones are regarded as predominant now. We model IoT units using the feature‐based modelling methodology adopted from the software engineering domain. The result of modelling is a set of feature models with valid configurations that describe the energy‐security‐environment‐performance relationships and possible constraints to support various IoT applications. Having feature models, we can select a configuration that is best suited for a given IoT application with respect to QoS requirements. As feature models represent abstract relationships of domain factors, we need additionally to provide experiments to determine concrete values of modelled features. We describe the experimental system to measure energy consumption under the influencing factors. Both models (abstract and concrete) allow reasoning about QoS of the IoT applications. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

“…Venckauskas et al [12] present the energy efficient SSL protocol that ensures the maximum bandwidth and the required level of security with minimum energy consumption. Slavin et al [13] introduce security-requirement patterns that represent reusable security practices that software engineers can apply to improve security in their systems. The paper proposes a new method that combines an inquiry-cycle-based approach with the feature diagram notation to review relevant patterns and quickly select the most appropriate patterns for the situation.…”

Section: Related Workmentioning

confidence: 99%

A Model-Driven Framework to Develop Personalized Health Monitoring

et al. 2016

View full text Add to dashboard Cite

Both distributed healthcare systems and the Internet of Things (IoT) are currently hot topics. The latter is a new computing paradigm to enable advanced capabilities in engineering various applications, including those for healthcare. For such systems, the core social requirement is the privacy/security of the patient information along with the technical requirements (e.g., energy consumption) and capabilities for adaptability and personalization. Typically, the functionality of the systems is predefined by the patient's data collected using sensor networks along with medical instrumentation; then, the data is transferred through the Internet for treatment and decision-making. Therefore, systems creation is indeed challenging. In this paper, we propose a model-driven framework to develop the IoT-based prototype and its reference architecture for personalized health monitoring (PHM) applications. The framework contains a multi-layered structure with feature-based modeling and feature model transformations at the top and the application software generation at the bottom. We have validated the framework using available tools and developed an experimental PHM to test some aspects of the functionality of the reference architecture in real time. The main contribution of the paper is the development of the model-driven computational framework with emphasis on the synergistic effect of security and energy issues.

show abstract

Managing security requirements patterns using feature diagram hierarchies

Cited by 11 publications

References 39 publications

Security patterns: A systematic mapping study

Security patterns: A systematic mapping study

Modelling of Internet of Things units for estimating security-energy-performance relationships for quality of service and environment awareness

A Model-Driven Framework to Develop Personalized Health Monitoring

Contact Info

Product

Resources

About