TY - GEN
T1 - Validating security design patterns application using model testing
AU - Kobashi, Takanori
AU - Yoshioka, Nobukazu
AU - Okubo, Takao
AU - Kaiya, Haruhiko
AU - Washizaki, Hironori
AU - Fukazawa, Yoshiaki
PY - 2013
Y1 - 2013
N2 - Software developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately apply a security pattern or that a properly applied pattern does not mitigate threats and vulnerabilities. Herein we propose a method to validate security pattern applications. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. Developers specify the threats and vulnerabilities in the target system during an early stage of development, and then our method validates whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.
AB - Software developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately apply a security pattern or that a properly applied pattern does not mitigate threats and vulnerabilities. Herein we propose a method to validate security pattern applications. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. Developers specify the threats and vulnerabilities in the target system during an early stage of development, and then our method validates whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.
KW - Model Testing
KW - Security Patterns
KW - Test-Driven Development
KW - UML
UR - http://www.scopus.com/inward/record.url?scp=84892391200&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84892391200&partnerID=8YFLogxK
U2 - 10.1109/ARES.2013.13
DO - 10.1109/ARES.2013.13
M3 - Conference contribution
AN - SCOPUS:84892391200
SN - 9780769550084
T3 - Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013
SP - 62
EP - 71
BT - Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013
T2 - 2013 8th International Conference on Availability, Reliability and Security, ARES 2013
Y2 - 2 September 2013 through 6 September 2013
ER -