TY - GEN
T1 - Abstract security patterns for requirements specification and analysis of secure systems
AU - Fernandez, Eduardo B.
AU - Yoshioka, Nobukazu
AU - Washizaki, Hironori
AU - Yoder, Joseph
N1 - Publisher Copyright:
© 2014 Anais do WER 2014 - Workshop em Engenharia de Requisitos. All rights reserved.
PY - 2014
Y1 - 2014
N2 - During the requirements and analysis stages of software development, the primary goal is to define precise requirements rather than being concerned with the details of software realizations. Security is a semantic aspect of applications and their constraints on the application should de described at this moment. From a security point of view we only want to indicate which specific security controls are needed, rather than getting involved with low-level design and implementation details. Therefore, at these stages, it is useful to have a set of patterns which define abstract security mechanisms. These patterns should specify only the fundamental characteristics of the security mechanism or service, not specific software aspects. We present the concept of Abstract Security Pattern (ASP), which describes a conceptual security mechanism that realizes one or more security policies able to handle a threat or comply with a security-related regulation or institutional policy. We present a detailed example of an ASP. We relate ASPs to each other using pattern diagrams as well as to Security Solution Frames and tactics. Finally, we discuss their value for defining security requirements and for building secure systems.
AB - During the requirements and analysis stages of software development, the primary goal is to define precise requirements rather than being concerned with the details of software realizations. Security is a semantic aspect of applications and their constraints on the application should de described at this moment. From a security point of view we only want to indicate which specific security controls are needed, rather than getting involved with low-level design and implementation details. Therefore, at these stages, it is useful to have a set of patterns which define abstract security mechanisms. These patterns should specify only the fundamental characteristics of the security mechanism or service, not specific software aspects. We present the concept of Abstract Security Pattern (ASP), which describes a conceptual security mechanism that realizes one or more security policies able to handle a threat or comply with a security-related regulation or institutional policy. We present a detailed example of an ASP. We relate ASPs to each other using pattern diagrams as well as to Security Solution Frames and tactics. Finally, we discuss their value for defining security requirements and for building secure systems.
UR - http://www.scopus.com/inward/record.url?scp=85061824295&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85061824295&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85061824295
T3 - Anais do WER 2014 - Workshop em Engenharia de Requisitos
BT - Anais do WER 2014 - Workshop em Engenharia de Requisitos
A2 - Giachetti, Giovanni
A2 - Lucena, Marcia
PB - PUC-Rio, Pontificia Universidade Catolica do Rio de Janeiro
T2 - 17th Workshop em Engenharia de Requisitos, WER 2014 - 17th Requirements Engineering Workshop, WER 2014
Y2 - 23 April 2014 through 25 April 2014
ER -