TY - CHAP
T1 - Security patterns
T2 - Comparing modeling approaches
AU - Nhlabatsi, Armstrong
AU - Bandara, Arosha
AU - Hayashi, Shinpei
AU - Haley, Charles B.
AU - Jurjens, Jan
AU - Kaiya, Haruhiko
AU - Kubo, Atsuto
AU - Laney, Robin
AU - Mouratidis, Haralambos
AU - Nuseibeh, Bashar
AU - Tun, Thein T.
AU - Washizaki, Hironori
AU - Yoshioka, Nobukazu
AU - Yu, Yijun
PY - 2010/12/1
Y1 - 2010/12/1
N2 - Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: Problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns.
AB - Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: Problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns.
UR - http://www.scopus.com/inward/record.url?scp=84873820076&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84873820076&partnerID=8YFLogxK
U2 - 10.4018/978-1-61520-837-1.ch004
DO - 10.4018/978-1-61520-837-1.ch004
M3 - Chapter
AN - SCOPUS:84873820076
SN - 9781615208371
SP - 75
EP - 111
BT - Software Engineering for Secure Systems
PB - IGI Global
ER -