Skip to Main content Skip to Navigation
Conference papers

Integrating Security Patterns with Security Requirements Analysis Using Contextual Goal Models

Abstract : Security patterns capture proven security knowledge to help analysts tackle security problems. Although advanced research in this field has produced an impressive collection of patterns, they are not widely applied in practice. In parallel, Requirements Engineering has been increasing focusing on security-specific issues, arguing for an upfront treatment of security in system design. However, the vast body of security patterns are not integrated with existing proposals for security requirements analysis, making them difficult to apply as part of early system analysis and design. In this paper, we propose to integrate security patterns with our previously introduced goal-oriented security requirements analysis approach. Specifically, we provide a full concept mapping between textual security patterns and contextual goal models, as well as systematic instructions for constructing contextual goal models from security patterns. Moreover, we propose a systematic process for selecting and applying security patterns, illustrated with a realistic smart grid scenario. To facilitate the practical adoption of security patterns, we have created contextual goal models for 20 security patterns documented in the literature, and have implemented a prototype tool to support our proposal.
Complete list of metadata

Cited literature [26 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, March 3, 2016 - 10:33:29 AM
Last modification on : Monday, May 9, 2016 - 6:07:55 PM
Long-term archiving on: : Saturday, June 4, 2016 - 10:42:44 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Tong Li, Jennifer Horkoff, John Mylopoulos. Integrating Security Patterns with Security Requirements Analysis Using Contextual Goal Models. 7th IFIP Working Conference on The Practice of Enterprise Modeling (PoEM), Nov 2014, Manchester, United Kingdom. pp.208-223, ⟨10.1007/978-3-662-45501-2_15⟩. ⟨hal-01282000⟩



Record views


Files downloads