ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Securing analysis patterns
Full text PdfPdf (171 KB)
Source ACM Southeast Regional Conference archive
Proceedings of the 45th annual southeast regional conference table of contents
Winston-Salem, North Carolina
SESSION: Papers table of contents
Pages: 288 - 293  
Year of Publication: 2007
ISBN:978-1-59593-629-5
Authors
Eduardo B. Fernandez  Florida Atlantic University, Boca Raton, FL
Xiaohong Yuan  North Carolina A&T State University, Greensboro, NC
Sponsor
SIGAPP: ACM Special Interest Group on Applied Computing
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 64,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1233341.1233393
What is a DOI?

ABSTRACT

One of the latest ways to improve software security is based on the use of security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. We present here a way to use security patterns to add security to applications. This is accomplished by adding instances of security patterns to the conceptual model of the application. This approach is part of a secure systems development methodology but it can be used on its own.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
David Basin , Jürgen Doser , Torsten Lodderstedt, Model driven security for process-oriented systems, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775425]
 
2
{Bro04} A. W. Brown, "Model driven architecture: Principles and practice", Softw. Syst. Model, vol. 3, 2004, 314--327.
3
E. B. Fernandez , J. C. Hawkins, Determining role rights from use cases, Proceedings of the second ACM workshop on Role-based access control, p.121-125, November 06-07, 1997, Fairfax, Virginia, United States  [doi>10.1145/266741.266767]
 
4
{Fer99} E. B. Fernandez and X. H. Yuan, "An analysis pattern for reservation and use of entities", Procs. of Pattern Languages of Programs Conf. (PLoP99), http://jerry.cs.uiuc.edu/~plop/plop99
 
5
{Fer00a} E. B. Fernandez and X. Yuan, "Semantic analysis patterns", Procs. of 19<sup>th</sup> Int. Conf. on Conceptual Modeling, ER2000, 183--195. Also available from: http://www.cse.fau.edu/~ed/SAPpaper2.pdf
 
6
{Fer01} E. B. Fernandez and R. Pan, "A Pattern Language for security models", Procs, of PLoP 2001, http://jerry.cs.uiuc.edu/~plop/plop2001/accepted_submissions
 
7
{Fer05a} E. B. Fernandez, T. Sorgente, and M. M. Larrondo-Petrie, "A UML-based methodology for secure systems: The design stage", Procs. of the Third International Workshop on Security in Information Systems (WOSIS-2005), Miami, May 24--25, 2005, 207--216.
 
8
{Fer05b} E. B. Fernandez, T. Anantvalee, J. Labush, and M. M. Larrondo-Petrie, "Analysis patterns for elections", Procs. of the Nordic Pattern Languages of Programs Conference (VikingPLoP 2005), Helsinki, Finland, September 23--25, 2005.
 
9
{Fer06a} Fernandez, E. B., Larrondo-Petrie, M. M., Sorgente, T. and VanHilst M.: A methodology to develop secure systems using patterns. In Integrating security and software engineering: Advances and future vision, H. Mouratidis and P. Giorgini (Eds.), Idea Group, Hershey, Pennsylvania, USA (2006).
 
10
{Fer06b} E. B. Fernandez, M. VanHilst, M. M. Larrondo Petrie, S. Huang, "Defining Security Requirements through Misuse Actions", in Advanced Software Engineering: Expanding the Frontiers of Software Technology, S. F. Ochoa and G.-C. Roman (Eds.), International Federation for Information Processing, Springer, 2006, 123--137.
 
11
{Fer06c} E. B. Fernandez, "Security patterns", Procs. of the Eigth International Symposium on System and Information Security - SSI'2006, keynote talk, Sao Jose dos Campos, Brazil, November 08-10, 2006.
 
12
Geri Georg , Indrakshi Ray , Robert France, Using Aspects to Design a Secure System, Proceedings of the Eighth International Conference on Engineering of Complex Computer Systems, p.117, December 02-04, 2002
 
13
Jan Jürjens, UMLsec: Extending UML for Secure Systems Development, Proceedings of the 5th International Conference on The Unified Modeling Language, p.412-425, September 30-October 04, 2002
 
14
Jan Juerjens, Secure Systems Development with UML, SpringerVerlag, 2003
 
15
{Kon03} S. Konrad, L. A. Campbell, B. H. C. Cheng, and M. Den, "A Requirements Patterns-Driven Approach to Specify Systems and Check Properties", http://www.cse.msu.edu/~konradsa/Publications/spin03.pdf
 
16
Torsten Lodderstedt , David A. Basin , Jürgen Doser, SecureUML: A UML-Based Modeling Language for Model-Driven Security, Proceedings of the 5th International Conference on The Unified Modeling Language, p.426-441, September 30-October 04, 2002
 
17
{Mañ04} A. Maña, D. Ray, F. Sanchez, and M. I. Yague, "Integrando la ingenieria de seguridad en un proceso de ingenieria software", Reunion Española sobre Criptologia y Seguridad de Informacion (RECSI 2004), Madrid, 2004.
 
18
N. Nagaratnam , A. Nadalin , M. Hondo , M. McIntosh , P. Austel, Business-driven application security: from modeling to managing secure applications, IBM Systems Journal, v.44 n.4, p.847-867, 2005
 
19
{Ray04} I. Ray, R. B. France, N. Li, and G. Georg, "An Aspect-Based approach to modeling Access Control Concerns", Journal of Information and Software Technology, vol 46, number 9, July 2004, 575--587,.
 
20
Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
 
21
Markus Schumacher , Eduardo Fernandez , Duane Hybertson , Frank Buschmann, Security Patterns: Integrating Security and Systems Engineering, John Wiley & Sons, 2005
 
22
{Sor04} T. Sorgente, E. B. Fernandez, and M. M. Larrondo-Petrie, "Analysis patterns for patient treatment records", Procs. of the Pattern Languages of Programs Conference, 2004, http://hillside.net/patterns/
 
23
{Yua03} X. H. Yuan and E. B. Fernandez, "An analysis pattern for course management", Procs. EuroPLoP'03, 899--907.

CITED BY
Luca Compagna , Paul El Khoury , Alžbeta Krausová , Fabio Massacci , Nicola Zannone, How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns, Artificial Intelligence and Law, v.17 n.1, p.1-30, March 2009

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.0 General
          Subjects: Protection mechanisms

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
        D.2.11 Software Architectures
            Subjects: Patterns (e.g., client/server, pipeline, blackboard)
      D.2.3 Coding Tools and Techniques
          Subjects: Object-oriented programming
      D.2.9 Management
          Subjects: Life cycle

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.3 Software Management
          Subjects: Software maintenance


General Terms:
Design, Management, Security


Keywords:
object-oriented patterns, secure software development, security patterns, software lifecycle, system security

Collaborative Colleagues:
Eduardo B. Fernandez: colleagues
Xiaohong Yuan: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player