Integrating Security Patterns with Security Requirements Analysis Using Contextual Goal Models

Abstract : Security patterns capture proven security knowledge to help analysts tackle security problems. Although advanced research in this field has produced an impressive collection of patterns, they are not widely applied in practice. In parallel, Requirements Engineering has been increasing focusing on security-specific issues, arguing for an upfront treatment of security in system design. However, the vast body of security patterns are not integrated with existing proposals for security requirements analysis, making them difficult to apply as part of early system analysis and design. In this paper, we propose to integrate security patterns with our previously introduced goal-oriented security requirements analysis approach. Specifically, we provide a full concept mapping between textual security patterns and contextual goal models, as well as systematic instructions for constructing contextual goal models from security patterns. Moreover, we propose a systematic process for selecting and applying security patterns, illustrated with a realistic smart grid scenario. To facilitate the practical adoption of security patterns, we have created contextual goal models for 20 security patterns documented in the literature, and have implemented a prototype tool to support our proposal.
Type de document :
Communication dans un congrès
Ulrich Frank; Pericles Loucopoulos; Óscar Pastor; Ilias Petrounias. 7th IFIP Working Conference on The Practice of Enterprise Modeling (PoEM), Nov 2014, Manchester, United Kingdom. Springer, Lecture Notes in Business Information Processing, LNBIP-197, pp.208-223, 2014, The Practice of Enterprise Modeling. 〈10.1007/978-3-662-45501-2_15〉
Liste complète des métadonnées

Littérature citée [26 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01282000
Contributeur : Hal Ifip <>
Soumis le : jeudi 3 mars 2016 - 10:33:29
Dernière modification le : lundi 9 mai 2016 - 18:07:55
Document(s) archivé(s) le : samedi 4 juin 2016 - 10:42:44

Fichier

978-3-662-45501-2_15_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Tong Li, Jennifer Horkoff, John Mylopoulos. Integrating Security Patterns with Security Requirements Analysis Using Contextual Goal Models. Ulrich Frank; Pericles Loucopoulos; Óscar Pastor; Ilias Petrounias. 7th IFIP Working Conference on The Practice of Enterprise Modeling (PoEM), Nov 2014, Manchester, United Kingdom. Springer, Lecture Notes in Business Information Processing, LNBIP-197, pp.208-223, 2014, The Practice of Enterprise Modeling. 〈10.1007/978-3-662-45501-2_15〉. 〈hal-01282000〉

Partager

Métriques

Consultations de la notice

51

Téléchargements de fichiers

60