Effective security impact analysis with patterns for software enhancement

Takao Okubo; Haruhiko Kaiya; Nobukazu Yoshioka

doi:10.1109/ARES.2011.79

Effective security impact analysis with patterns for software enhancement

Takao Okubo^*, Haruhiko Kaiya, Nobukazu Yoshioka

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

10 Citations (Scopus)

Abstract

Unlike functional implementations, it is difficult to analyze the impact software enhancements on security. One of the difficulties is identifying the range of effects by new security threats, and the other is developing proper countermeasures. This paper proposes an analysis process that uses two kinds of security pattern: security requirements patterns for identifying threats and security design patterns for identifying countermeasures at an action class level. With these two patterns and the conventional traceability methodology, developers can estimate and compare the amounts of modifications needed by multiple security countermeasures.

Original language	English
Title of host publication	Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011
Pages	527-535
Number of pages	9
DOIs	https://doi.org/10.1109/ARES.2011.79
Publication status	Published - 2011
Externally published	Yes
Event	2011 6th International Conference on Availability, Reliability and Security, ARES 2011 - Vienna, Austria Duration: 2011 Aug 22 → 2011 Aug 26

Publication series

Name	Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Conference

Conference	2011 6th International Conference on Availability, Reliability and Security, ARES 2011
Country/Territory	Austria
City	Vienna
Period	11/8/22 → 11/8/26

Keywords

Application security
Software pattern
Software requirements engineering

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality

Access to Document

10.1109/ARES.2011.79

Cite this

Okubo, T., Kaiya, H., & Yoshioka, N. (2011). Effective security impact analysis with patterns for software enhancement. In Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011 (pp. 527-535). Article 6045972 (Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011). https://doi.org/10.1109/ARES.2011.79

Effective security impact analysis with patterns for software enhancement. / Okubo, Takao; Kaiya, Haruhiko; Yoshioka, Nobukazu.
Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011. 2011. p. 527-535 6045972 (Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Okubo, T, Kaiya, H & Yoshioka, N 2011, Effective security impact analysis with patterns for software enhancement. in Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011., 6045972, Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011, pp. 527-535, 2011 6th International Conference on Availability, Reliability and Security, ARES 2011, Vienna, Austria, 11/8/22. https://doi.org/10.1109/ARES.2011.79

Okubo T, Kaiya H, Yoshioka N. Effective security impact analysis with patterns for software enhancement. In Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011. 2011. p. 527-535. 6045972. (Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011). doi: 10.1109/ARES.2011.79

@inproceedings{bd014e1ea4bc4ae79988ff2d55cc7556,

title = "Effective security impact analysis with patterns for software enhancement",

abstract = "Unlike functional implementations, it is difficult to analyze the impact software enhancements on security. One of the difficulties is identifying the range of effects by new security threats, and the other is developing proper countermeasures. This paper proposes an analysis process that uses two kinds of security pattern: security requirements patterns for identifying threats and security design patterns for identifying countermeasures at an action class level. With these two patterns and the conventional traceability methodology, developers can estimate and compare the amounts of modifications needed by multiple security countermeasures.",

keywords = "Application security, Software pattern, Software requirements engineering",

author = "Takao Okubo and Haruhiko Kaiya and Nobukazu Yoshioka",

year = "2011",

doi = "10.1109/ARES.2011.79",

language = "English",

isbn = "9780769544854",

series = "Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011",

pages = "527--535",

booktitle = "Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011",

note = "2011 6th International Conference on Availability, Reliability and Security, ARES 2011 ; Conference date: 22-08-2011 Through 26-08-2011",

}

TY - GEN

T1 - Effective security impact analysis with patterns for software enhancement

AU - Okubo, Takao

AU - Kaiya, Haruhiko

AU - Yoshioka, Nobukazu

PY - 2011

Y1 - 2011

N2 - Unlike functional implementations, it is difficult to analyze the impact software enhancements on security. One of the difficulties is identifying the range of effects by new security threats, and the other is developing proper countermeasures. This paper proposes an analysis process that uses two kinds of security pattern: security requirements patterns for identifying threats and security design patterns for identifying countermeasures at an action class level. With these two patterns and the conventional traceability methodology, developers can estimate and compare the amounts of modifications needed by multiple security countermeasures.

AB - Unlike functional implementations, it is difficult to analyze the impact software enhancements on security. One of the difficulties is identifying the range of effects by new security threats, and the other is developing proper countermeasures. This paper proposes an analysis process that uses two kinds of security pattern: security requirements patterns for identifying threats and security design patterns for identifying countermeasures at an action class level. With these two patterns and the conventional traceability methodology, developers can estimate and compare the amounts of modifications needed by multiple security countermeasures.

KW - Application security

KW - Software pattern

KW - Software requirements engineering

UR - http://www.scopus.com/inward/record.url?scp=80455162448&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80455162448&partnerID=8YFLogxK

U2 - 10.1109/ARES.2011.79

DO - 10.1109/ARES.2011.79

M3 - Conference contribution

AN - SCOPUS:80455162448

SN - 9780769544854

T3 - Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

SP - 527

EP - 535

BT - Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

T2 - 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Y2 - 22 August 2011 through 26 August 2011

ER -

Effective security impact analysis with patterns for software enhancement

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Cite this