A multi-dimensional classification for users of security patterns

Security in Information Systems - Proceedings of the 6th International Workshop on Security in Information Systems, WOSIS 2008; In Conjunction with ICEIS 2008

Volumn , Issue , 2008, Pages 89-98

  VanHilst, Michael ^a   Fernandez, Eduardo B ^a   Braz, Fabrício ^b  

^a Florida Atlantic University   (United States)

^b UNIVERSITY OF BRASILIA   (Brazil)

Author keywords

[No Author keywords available]

Indexed keywords

TECHNICAL PRESENTATIONS;

MULTI-DIMENSIONAL; MULTIPLE CELLS; MULTIPLE DIMENSIONS; PATTERN SELECTIONS; PROBLEM SPACES; SECURITY PATTERNS;

INFORMATION SYSTEMS;

EID: 58049159495     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (31)

1. Common Criteria, http://www.commoncriteriaportal.org/
2. Blakley, B., Heath, C., members of The Open Group Security Forum: Technical Guide: Security Design Patterns. The Open Group, UK, April 2004.
3. Delessy, N., Fernandez, E.B.: Patterns for the extensible Access Control Markup Language. Proc. 12th Pattern Languages of Programs Conference, Monticello, Illinois, USA, (2005) http://hillside.net/plop/2005/proceedings/
4. Fernandez, E.B., Yuan, X.: Semantic Analysis Patterns. Proc. 19th Int. Conf. on Conceptual Modeling (2000), 183-195 http://www.cse.fau.edu/~ed/ SAPpaper2.pdf
5. Fernandez, E.B., Larrondo-Petrie, M.M., Sorgente, T., VanHilst, M.: A Methodology to Develop Secure Systems Using Patterns. In: Mouratidis, H., Giorgini, P. (Eds.): Integrating Security and Software Engineering: Advances and Future Vision. IDEA Press (2006) 107-126
6. Fernandez, E.B., VanHilst, M., Larrondo Petrie, M.M., Huang, S.: Defining Security Requirements through Misuse Actions. In: Ochoa, S.F., Roman, G.-C. (Eds.): Advanced Software Engineering: Expanding the Frontiers of Software Technology, International Federation for Information Processing, Springer (2006) 123-137
7. Fernandez, E.B., VanHilst, M., Pelaez, J.C.: Patterns for WiMax Security. Proc. EuroPLoP (2007) http://hillside.net/europlop/home.html
8. Fernandez, E.B., Washizaki, H., Yoshioka, N., Kubo, A., Fukazawa, Y.: Classifying Security Patterns. Proc. 10th Asia-Pacific Web Conference, Shenyang, China, April 26-28 (2008)
9. German D., Cowan, D.: Towards a Unified Catalog of Hypermedia Design Patterns. Proc. 33rd Hawaii International Conference on System Sciences, Maui, Hawaii, (2000)
10. Federal Information Security Management Act (FISMA), March 18, 2007, http://iase.disa.mil/fisma/index.html
11. Senate Banking Committee: Gramm-Leach-Bliley Act, Monday, November 1 (1999) http://www.senate.gov/~banking/conf/fincon.pdf
12. Hafiz, M., Adamczyk, P., Johnson, R.E.: Organizing Security Patterns. IEEE Software, 24(4), July/August (2007) 52-60
13. United States Department of Health and Human Services, Office of Civil Rights: Health Insurance Portability and Accountability Act of 1996. http://www.hhs.gov/ocr/hipaa/
14. Hoglan, G., McGraw, G.: Exploiting Software: How to Break Code. Addison-Wesley (2004)
15. Howard, M., LeBlanc, D.: Writing Secure Code, (2nd Ed.). Microsoft Press (2003)
16. Howard, M., Lipner, S.: The Security Development Lifecycle. Microsoft Press (2006)
17. Leveson, N.: A New Accident Model for Engineering Safer Systems. Safety Science, 42(4), April (2004) 237-270
18. Lipner, S., Howard, M.: The Trustworthy Computing Development Lifecycle, http://msdn2.microsoft.com/en-us/library/ms995349.aspx, March (2005)
19. McGraw, G.: Software Security: Building Security. Addison-Wesley (2006)
20. Nagaratnam, N., Nadalin, A., Hondo, M., McIntosh, M., Austel, P.: Business-Driven Application Security: from Modeling to Managing Secure Applications. IBM Systems Journal, 44(4) (2005) 847-867
21. The OWASP Testing Project. http://www.modsecurity.org/archive/ OWASPTesting-PhaseOne.pdf
22. Pelaez, J.C., Fernandez, E.B.: Network Forensics in Wireless VoIP Networks, Proc. 4th Latin American and Caribbean Conference for Engineering and Technology. Mayaguez, Puerto Rico, (2006)
23. Pelaez, J.C., Fernandez, E.B., Larrondo-Petrie, M.M., Wieser, C.: Attack Patterns in VoIP. Proc. 14th Pattern Languages of Programs Conference, Monticello, Illinois, USA, (2007)
24. One Hundred Seventh Congress of the United States of America: Sarbanes-Oxley Act of 2002. http://news.findlaw.com/hdocs/docs/gwbush/ sarbanesoxley072302.pdf
25. Schumacher, M., Ackermann, R., Steinmetz, R.: Towards Security at All Stages of a System's Life Cycle. Proc. Int. Conf. on Software, Telecommunications, and Computer Networks (2000) 11-19
26. Schumacher, M., Roedig, U.: Security Engineering with Patterns. Proc. 8th Pattern Languages of Programs Conference (2001)
27. Schumacher, M., Fernandez, E.B., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley (2006)
28. Steel, C., Nagappan, R., Lai, R.: Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management. Prentice Hall (2005)
29. Systems Security Engineering - Capability Maturity Model, http://www.sse-cmm.org
30. Trowbridge, D., Cunningham, W., Evans, M., Brader, L., Describing the Enterprise Architectural Space. MSDN (2004) http://msdn2.microsoft.com/en-us/ library/ms978655.aspx
31. Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley (2001)