Using Security Patterns to Develop Secure Systems

Fernández, Eduardo B.; Yoshioka, Nobukazu; Washizaki, Hironori; Jürjens, Jan; VanHilst, Michael; Pernu, Guenther

doi:10.4018/9781615208371.ch002

Cited by 12 publications

(18 citation statements)

References 11 publications

(15 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Fernandez, Yoshioka, Washizaki & Jürjens (2007) we defined some requirements for such a methodology. Principles to build secure systems have been defined in some classical papers (Saltzer & Schroeder, 1975) and textbooks (Viega & McGraw, 2001), patterns may apply them implicitly.…”

Section: Secure Software Development Methodologymentioning

confidence: 99%

See 1 more Smart Citation

Using Security Patterns to Develop Secure Systems

Fernández

Yoshioka

Washizaki³

et al. 2011

Software Engineering for Secure Systems

Self Cite

View full text Add to dashboard Cite

This chapter describes ongoing work on the use of patterns in the development of secure systems. The work reflects a collaboration among five research centers on three continents. Patterns are applied to all aspects of development, from domain analysis and attack modeling to basic design, and to all aspects of the systems under development, from the database and infrastructure to policies, monitoring, and forensics. The chapter, provides an overview of the method of development involving the full range of patterns, and describes many recent contributions from the many research threads being pursued within the collaboration. Finally, future directions of research in the use of patters are described.

show abstract

Section: Secure Software Development Methodologymentioning

confidence: 99%

“…We found that they have many common and complementary aspects and we proposed a combination of them in Fernandez, Yoshioka, Washizaki & Jürjens, (2007). This methodology appears to satisfy all the requirements described above, although it is still not complete.…”

mentioning

confidence: 99%

Using Security Patterns to Develop Secure Systems

Fernández

Yoshioka

Washizaki³

et al. 2011

Software Engineering for Secure Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…Their approach includes guidelines for integrating security from the requirements phase through analysis, design, and implementation. In a more recent paper, Fernandez et al [39] proposed a combination of three similar methodologies into a single unified approach to build secure systems using patterns, but did not integrate them into an industry-recognized Secure SDL.…”

Section: Related Workmentioning

confidence: 99%

The ISDF Framework: Towards Secure Software Development

Alkussayer¹,

Allen²

2010

Journal of Information Processing Systems

View full text Add to dashboard Cite

Abstract-The rapid growth of communication and globalization has changed the software engineering process. Security has become a crucial component of any software system. However, software developers often lack the knowledge and skills needed to develop secure software. Clearly, the creation of secure software requires more than simply mandating the use of a secure software development lifecycle; the components produced by each stage of the lifecycle must be correctly implemented for the resulting system to achieve its intended goals. This study demonstrates that a more effective approach to the development of secure software can result from the integration of carefully selected security patterns into appropriate stages of the software development lifecycle to ensure that security designs are correctly implemented. The goal of this study is to provide developers with an Integrated Security Development Framework (ISDF) that can assist them in building more secure software.

show abstract

“…The template is augmented with UML notations for the solution and with formal artifacts for the requirement properties. Recently [4] presented an overview and new directions on how security patterns are used in the whole aspects of software systems from domain analysis to the infrastructures.…”

Section: Related Workmentioning

confidence: 99%

Model-Based Specification and Validation of Security and Dependability Patterns

Hamid

Percebois

2014

Foundations and Practice of Security

View full text Add to dashboard Cite

Abstract. The requirement for higher Security and Dependability (S&D) of systems is continuously increasing, even in domains traditionally not deeply involved in such issues. In our work, we propose a modeling environment for pattern-based secure and dependable embedded system development by design. Here we study a general scheme for representing security and dependability (S&D) design patterns whose intention specification can be defined using a set of local properties. We propose an approach that associates Model Driven Engineering (MDE) and formal validation to get a common representation to specify patterns for several domains. The contribution of this work is twofold. On the one hand, we use model-based techniques to capture a set of artifacts to specify patterns. On the other hand, we introduce a set of artifacts for the formal validation of these patterns in order to guarantee their correctness. As an illustration of the approach, we study the authorization pattern.

show abstract

Using Security Patterns to Develop Secure Systems

Cited by 12 publications

References 11 publications

Using Security Patterns to Develop Secure Systems

Using Security Patterns to Develop Secure Systems

The ISDF Framework: Towards Secure Software Development

Model-Based Specification and Validation of Security and Dependability Patterns

Contact Info

Product

Resources

About