A Pattern-Based Method to Develop Secure Software

A Pattern-Based Method to Develop Secure Software

Holger Schmidt (Technical University Dortmund, Germany), Denis Hatebur (University Duisburg-Essen and ITESYS Institut für technische Systeme GmbH, Germany) and Maritta Heisel (University Duisburg-Essen, Germany)
DOI: 10.4018/978-1-61520-837-1.ch003
OnDemand PDF Download:
No Current Special Offers


The authors present a security engineering process based on security problem frames and concretized security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Afterwards, the security problems and the solution approaches are formally modeled in detail. The formal models serve to prove that the solution approaches are correct solutions to the security problems. Furthermore, the formal models of the solution approaches constitute a formal specification of the software to be developed. Then, the specification is implemented by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined and the result is a secure software product built from existing and/or tailor-made security components.
Chapter Preview


In the following, we first present problem frames and second, we discuss our work in the context of other approaches to security engineering.

Complete Chapter List

Search this Book: