Validating security design patterns application using model testing

Takanori Kobashi; Nobukazu Yoshioka; Takao Okubo; Haruhiko Kaiya; Hironori Washizaki; Yoshiaki Fukazawa

doi:10.1109/ARES.2013.13

Validating security design patterns application using model testing

Takanori Kobashi, Nobukazu Yoshioka, Takao Okubo, Haruhiko Kaiya, Hironori Washizaki, Yoshiaki Fukazawa

School of Fundamental Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

10 Citations (Scopus)

Abstract

Software developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately apply a security pattern or that a properly applied pattern does not mitigate threats and vulnerabilities. Herein we propose a method to validate security pattern applications. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. Developers specify the threats and vulnerabilities in the target system during an early stage of development, and then our method validates whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

Original language	English
Title of host publication	Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013
Pages	62-71
Number of pages	10
DOIs	https://doi.org/10.1109/ARES.2013.13
Publication status	Published - 2013
Event	2013 8th International Conference on Availability, Reliability and Security, ARES 2013 - Regensburg, Germany Duration: 2013 Sept 2 → 2013 Sept 6

Publication series

Name	Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

Conference

Conference	2013 8th International Conference on Availability, Reliability and Security, ARES 2013
Country/Territory	Germany
City	Regensburg
Period	13/9/2 → 13/9/6

Keywords

Model Testing
Security Patterns
Test-Driven Development
UML

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality

Access to Document

10.1109/ARES.2013.13

Cite this

Kobashi, T., Yoshioka, N., Okubo, T., Kaiya, H., Washizaki, H., & Fukazawa, Y. (2013). Validating security design patterns application using model testing. In Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013 (pp. 62-71). [6657227] (Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013). https://doi.org/10.1109/ARES.2013.13

Validating security design patterns application using model testing. / Kobashi, Takanori; Yoshioka, Nobukazu; Okubo, Takao et al.
Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013. 2013. p. 62-71 6657227 (Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Kobashi, T, Yoshioka, N, Okubo, T, Kaiya, H, Washizaki, H & Fukazawa, Y 2013, Validating security design patterns application using model testing. in Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013., 6657227, Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013, pp. 62-71, 2013 8th International Conference on Availability, Reliability and Security, ARES 2013, Regensburg, Germany, 13/9/2. https://doi.org/10.1109/ARES.2013.13

Kobashi T, Yoshioka N, Okubo T, Kaiya H, Washizaki H , Fukazawa Y. Validating security design patterns application using model testing. In Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013. 2013. p. 62-71. 6657227. (Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013). doi: 10.1109/ARES.2013.13

@inproceedings{a29e2e63572f4f9b9fa3406bf6761422,

title = "Validating security design patterns application using model testing",

abstract = "Software developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately apply a security pattern or that a properly applied pattern does not mitigate threats and vulnerabilities. Herein we propose a method to validate security pattern applications. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. Developers specify the threats and vulnerabilities in the target system during an early stage of development, and then our method validates whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.",

keywords = "Model Testing, Security Patterns, Test-Driven Development, UML",

author = "Takanori Kobashi and Nobukazu Yoshioka and Takao Okubo and Haruhiko Kaiya and Hironori Washizaki and Yoshiaki Fukazawa",

year = "2013",

doi = "10.1109/ARES.2013.13",

language = "English",

isbn = "9780769550084",

series = "Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013",

pages = "62--71",

booktitle = "Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013",

note = "2013 8th International Conference on Availability, Reliability and Security, ARES 2013 ; Conference date: 02-09-2013 Through 06-09-2013",

}

TY - GEN

T1 - Validating security design patterns application using model testing

AU - Kobashi, Takanori

AU - Yoshioka, Nobukazu

AU - Okubo, Takao

AU - Kaiya, Haruhiko

AU - Washizaki, Hironori

AU - Fukazawa, Yoshiaki

PY - 2013

Y1 - 2013

N2 - Software developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately apply a security pattern or that a properly applied pattern does not mitigate threats and vulnerabilities. Herein we propose a method to validate security pattern applications. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. Developers specify the threats and vulnerabilities in the target system during an early stage of development, and then our method validates whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

AB - Software developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately apply a security pattern or that a properly applied pattern does not mitigate threats and vulnerabilities. Herein we propose a method to validate security pattern applications. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. Developers specify the threats and vulnerabilities in the target system during an early stage of development, and then our method validates whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

KW - Model Testing

KW - Security Patterns

KW - Test-Driven Development

KW - UML

UR - http://www.scopus.com/inward/record.url?scp=84892391200&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84892391200&partnerID=8YFLogxK

U2 - 10.1109/ARES.2013.13

DO - 10.1109/ARES.2013.13

M3 - Conference contribution

AN - SCOPUS:84892391200

SN - 9780769550084

T3 - Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

SP - 62

EP - 71

BT - Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013

T2 - 2013 8th International Conference on Availability, Reliability and Security, ARES 2013

Y2 - 2 September 2013 through 6 September 2013

ER -

Validating security design patterns application using model testing

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this