Modelling Security Patterns Using NFR Analysis

Modelling Security Patterns Using NFR Analysis

M. Weiss (Carleton University, Canada)
DOI: 10.4018/978-1-59904-147-6.ch006
OnDemand PDF Download:


While many theoretical approaches to security engineering exist, they are often limited to systems of a certain complexity, and require security expertise that is not widely available. Additionally, in the practice of information system development security is but one of many concerns that needs to be addressed, and security concerns are often dealt with in an ad hoc manner. Security patterns promise to ?ll this gap. Patterns enable an ef?cient transfer of experience and skills. However, representing and selecting security patterns remains largely an empirical task. This becomes the more of a challenge as the number of security patterns documented in the literature grows, and as the patterns proposed by different authors often overlap in scope. Our contribution is to use a more explicit representation of the forces addressed by a pattern in the description of security patterns, which is based on non-functional requirements analysis. This representation helps us decide which patterns to ap-ply in a given design context, and anticipate the effect of using several patterns in combination. Speci?cally this chapter describes an approach for selecting security patterns, and exploring the impact of applying these patterns individually, and in concert with other patterns.

Complete Chapter List

Search this Book:
Table of Contents
Bashar Nuseibeh
Paolo Giorgini, Haralambos Mouratidis
Chapter 1
H. Mouratidis, P. Giorgini
This chapter serves as an introduction to this book. It introduces software engineer-ing, security engineering, and secure software engineering... Sample PDF
Integrating Security and Software Engineering: An Introduction
Chapter 2
C. B. Haley, R. Laney, J. D. Moffett, B. Nuseibeh
This chapter presents a process for security requirements elicitation and analysis, based around the construction of a satisfaction argument for the... Sample PDF
Arguing Satisfaction of Security Requirements
Chapter 3
N. R. Mead
In this chapter, we describe general issues in developing security requirements, meth-ods that have been useful, and a method (SQUARE) that can be... Sample PDF
Identifying Security Requirements Using the Security Quality Requirements Engineering (SQUARE) Method
Chapter 4
E. Yu, L. Liu, J. Mylopoulous
As software becomes more and more entrenched in everyday life in today’s society, security looms large as an unsolved problem. Despite advances in... Sample PDF
A Social Ontology for Integrating Security and Software Engineering
Chapter 5
E. B. Fernandez, M. M. Larrondo-Petrie, T. Sorgente, M. Vanhilst
We are developing a methodology to build secure software for complex applications and its related support. This methodology considers the whole... Sample PDF
A Methodology to Develop Secure Systems Using Patterns
Chapter 6
M. Weiss
While many theoretical approaches to security engineering exist, they are often limited to systems of a certain complexity, and require security... Sample PDF
Modelling Security Patterns Using NFR Analysis
Chapter 7
M. Siponen, R. Baskerville, R. Kuivalainen
Software developers can use agile software development methods to build secure information systems. Current agile methods have few (if any) explicit... Sample PDF
Extending Security in Agile Software Development Methods
Chapter 8
P. Giorgini, H. Mouratidis, N. Zannone
Although the concepts of security and trust play an important issue in the development of information systems, they have been mainly neglected by... Sample PDF
Modelling Security and Trust with Secure Tropos
Chapter 9
S. H. Houmb, G. Georg, J. Jurjens, R. France
This chapter describes the integrated security veri?cation and security solution design trade-off analysis (SVDT) approach. SVDT is useful when... Sample PDF
An Integrated Security Verification and Security Solution Design Trade-Off Analysis Approach
Chapter 10
M. Koch, F. Parisi-Presicce, K. Pauls
Security requirements have become an integral part of most modern software systems. In order to produce secure systems, it is necessary to provide... Sample PDF
Access Control Specification in UML
Chapter 11
A. Mana, C. Rudolph, G. Spanoudakis, V. Lotz, F. Massacci, M. Melideo, J. S. Lopez-Cobo
The scenarios of Ambient Intelligence introduce a new computing paradigm and set new challenges for the design and engineering of secure and... Sample PDF
Security Engineering for Ambient Intelligence: A Manifesto
Chapter 12
H. Mouratidis, P. Giorgini
The previous chapters of this book have presented promising approaches in the secure software engineering ?eld. However, the ?eld is still in its... Sample PDF
Integrating Security and Software Engineering: Future Vision and Challenges
About the Authors