Modeling misuse patterns

Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

Volumn , Issue , 2009, Pages 566-571

  Fernandez, Eduardo B ^a   Yoshioka, Nobukazu ^b   Washizaki, Hironori ^c  

^a FLORIDA ATLANTIC UNIVERSITY   (United States)

^b NATIONAL INSTITUTE OF INFORMATICS   (Japan)

^c WASEDA UNIVERSITY   (Japan)

Author keywords

[No Author keywords available]

Indexed keywords

GENERIC SOLUTIONS; SECURITY DESIGN; SECURITY PATTERNS;

SECURITY OF DATA;

EID: 70349706065     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2009.139     Document Type: Conference Paper

References (26)

1. Z. Anwar, W. Yurcik, R. Johnson, M. Hafiz and R. Campbell, Multiple design patterns for Voice over IP (VoIP) security, Procs. of the IEEE Workshop on Information Assurance (WIA 2006), Phoenix, AZ, 2006.
2. A.C. Bogen D. A. Dampier, and J.C. Carver, Support for computer forensics examination planning with domain modeling: Areport of one experiment trial, Procs. of the 40th Annual Hawaii Int. Conf. on System Sciences (HICSS 2007), 2007.
3. F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, M. Stal, Pattern-Oriented Software Architecture: A System of Patterns, Volume 1, Wiley, 1996.
4. CERT Coordination Center. Carnegie Mellon University, http://www.cert.org/, 2006.
5. E. B. Fernandez, M. VanHilst, M. M. Larrondo Petrie, S. Huang, Defining Security Requirements through Misuse Actions, in Advanced Software Engineering: Expanding the Frontiers of Software Technology, International Federation for Information Processing, Springer, pp.123-137, 2006.
6. E. B. Fernandez, M.M. Larrondo-Petrie, T. Sorgente, and M. VanHilst, A methodology to develop secure systems using patterns, Chapter 5 in Integrating security and software engineering: Advances and future vision, IDEA Press, pp.107-126, 2006.
7. E.B. Fernandez, J.C. Pelaez, and M.M. Larrondo-Petrie, Attack patterns: A new forensic and design tool, Procs. of the Third Annual IFIP WG 11.9 Int. Conf. on Digital Forensics, Springer/IFIP, pp.345-357, 2007.
8. E. Gamma, R. Helm, R. Johnson, J. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software, Addison-Wesley, Boston, Mass., 1994.
9. G. Hoglund and G. McGraw, Exploiting software-How to break code, Addison-Wesley, 2004.
10. IBM Corp., Introduction to business security patterns, white paper, http://www-03.ibm.com/Security/patterns/intro.shtml
11. N. G. Leveson, M.P.E. Heimdahl, H. Hildreth, and J.D. Reese, Requirements specification for process control systems, IEEE Transactions on Software Engineering, Vol. 20, No 9, IEEE Computer Society Press, pp.684-707, 1994.
12. G. McGraw, Software security: Building security in, Addison-Wesley, 2006.
13. A.P. Moore, R.J. Ellison, and R.C. Linger, Attack modeling for information security and survability. Tech. Note CMU/SEI-2001-TN-001, 2001.
14. The Open Group, Security Design Patterns Technical Guide, http://www.opengroup.org/security/gsp.htm.
15. J.J. Pauli and P.H. Engebretson, Towards a specification prototype for hierarchy-driven attack patterns, Procs. 5th Conf. on Information Technology: New generations (ITNG 2008), 2008.
16. J. C. Pelaez, E.B.Fernandez, M.M. Larrondo-Petrie, and C. Wieser, Attack patterns in VoIP, Procs. of the 14th Pattern Languages of Programs Conference (PLoP2007), 2007.
17. M. Schumacher, E.B.Fernandez, D. Hybertson, F. Buschmann, and P. Sommerlad, Security Patterns: Integrating Security and Systems Engineering, Wiley, 2006.
18. N. Yoshioka, S. Honiden, and A. Finkelstein, Security patterns: A method for constructing secure and efficient intercompany coordination systems, Procs. of the 8th Int. IEEE Enterprise Distributed Object Computing Conference, 2004.
19. N. Yoshioka, A development method based on security patterns, Presentation, NII, Tokyo, Japan, 03/29/06, 2006.
20. N. Yoshioka, Integration of attack patterns and protective patterns, Procs. of the 1st Int. Workshop on Software Patterns and Quality (SPAQu'07), IPSJ, pp. 45-46, 2007.
21. N. Yoshioka, H. Washizaki, and K. Maruyama, A Survey on Security Patterns, Progress in Informatics, National Institute of Informatics, No.5, pp.35-47, 2008.
22. H. Washizaki, E. B. Fernandez, H. Maruyama, A. Kubo, and N. Yoshioka, Precise classification of software patterns, 2008(submitted).
23. M. VanHilst, E.B.Fernandez, and F. Braz, A multidimensional classification for users of security patterns, the Journal of Research and Practice in Information Technology, 2009(accepted).
24. E.B.Fernandez and Ajoy Kumar, A security pattern for rulebased intrusion detection, Proceedings of the Nordic Conference on Pattern Languages of Programs, Viking PLoP 2005, 2005.
25. C. Steel, R. Nagappan, and R. Lai, Core Security Patterns: Best Strategies for J2EE, Web Services, and Identity anagement, Prentice Hall, 2005.
26. L. Wang, A. Singhal and S. Jajodia, An Attack Graph Based Probablistic Security Metrics, In Proceedings of 22nd IFIP WG 11.3 Working Conference on Data and Application Security (DBSEC 2008), 2008.