Using security patterns to develop secure systems

Software Engineering for Secure Systems: Industrial and Research Perspectives

Volumn , Issue , 2010, Pages 16-31

  Fernandez, Eduardo B ^a   Yoshioka, Nobukazu ^b   Washizaki, Hironori ^b,c   Jurjens, Jan ^d   VanHilst, Michael ^e   Pernul, Guenther ^f  

^a Florida Atlantic University   (United States)

^b NATIONAL INSTITUTE OF INFORMATICS   (Japan)

^c WASEDA UNIVERSITY   (Japan)

^d TU DORTMUND UNIVERSITY   (Germany)

^e FLORIDA ATLANTIC UNIVERSITY   (United States)

^f UNIVERSITY OF REGENSBURG   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 80054087301     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.4018/978-1-61520-837-1.ch002     Document Type: Chapter

References (34)

1. Best, B., Jürjens, J., & Nuseibeh, B. (2007). Model-Based Security Engineering of Distributed Information Systems Using UMLsec Proceedings of the 29th International Conference on Software Engineering (pp. 581-590). New York: ACM.
2. Braz, F., Fernandez, E. B., & VanHilst, M. (2008). Eliciting security requirements through misuse activities. In Proceedings of the 19th International Workshop on Database and Expert Systems Applications (pp. 328-333). Los Alamitos, CA: IEEE Computer Society.
3. Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., & Stal, M. (1996). Pattern-Oriented Software Architecture: Vol. 1. A System of Patterns. West Sussex, England: John Wiley & Sons.
4. Delessy, N., & Fernandez, E. B. (2008). A pattern-driven security process for SOA applications. In Proceedings of the 3rd International Conference on Availability, Reliability, and Security (pp. 416-421). Washington DC: IEEE Computer Society.
5. Fernandez, E. B., Jürjens, J., Yoshioka, N., & Washizaki, H. (2008). Incorporating database systems into a secure software development methodology. In Proceedings of the 2008 19th International Conference on Database and Expert Systems Application (pp. 310-314). Washington DC: IEEE Computer Society.
6. Fernandez, E. B., Larrondo-Petrie, M. M., Sor-gente, T., & VanHilst, M. (2006). A Methodology to Develop Secure Systems Using Patterns. In Mouratidis, H., & Giorgini, P. (Eds.), Integrating Security and Software Engineering: Advances and Future Vision (pp. 107-126). Hershey, PA: IDEA Group.
7. Fernandez, E. B., Pelaez, J. C., & Larrondo-Petrie, M. M. (2007). Attack patterns: A new forensic and design tool. In P. Craiger & S. Shenoi (Eds.) Advances in Digital Forensics III: Proceedings of the Third Annual IFIP WG 11.9 International Conference on Digital Forensics (pp. 345-357). Berlin, Germany: Springer.
8. Fernandez, E. B., & Pernul, G. (2006). Patterns for session-based access control. In Proceedings of the Conference on Pattern Languages of Programs. Hillside Group. Retrieved November 25, 2009, from http://hillside.net/plop/2006/.
9. Fernandez, E. B., Pernul, G., & Larrondo-Petrie, M. M. (2008). Patterns and pattern diagrams for access control. In S. Furnell; S.K. Katsikas, & A. Lioy (Eds.) LNCS 5185: Trust, Privacy and Security in Digital Business: 5th International Conference on Trust and Privacy in Digital Business (pp. 38-47). Heidelberg, Germany: Springer.
10. Fernandez, E. B., Washizaki, H., Yoshioka, N., Kubo, A., & Fukazawa, Y. (2008). Classifying security patterns., In Y. Zhang, G. Yu, & E. Bertino (Eds.) NCS 4976 Progress in WWW Research and Development: Proceedings of the 10th Asia-Pacific Web Conference (pp. 342-347). Heidelberg, Germany: Springer.
11. Fernandez, E. B., Yoshioka, N., & Washizaki, H. (2009a). Modeling misuse patterns. In Proceedings of the International Conference on Availability, Reliability and Security (pp. 566-571). Los Alamitos, CA: IEEE Computer Society.
12. Fernandez, E. B., Yoshioka, N., & Washizaki, H. (2009b). Security patterns and quality. In H. Washizaki, N. Yoshioka, E.B.Fernandez, & J. Jürjens (Eds.) Proceedings of the Third International Workshop on Software Patterns and Quality (pp. 46-47).), in conjuction with OOPSLA 2009. Retrieved November 25, 2009 from http://gracecenter.jp/downloads/GRACE-TR-2009-07.pdf.
13. Fernandez, E. B., Yoshioka, N., Washizaki, H., & Jürjens, J. (2007). Using security patterns to build secure systems. Proceedings of the 1st International Workshop on Software Patterns and Quality, Retrieved November 25, 2009, from http://apsec2007.fuka.info.waseda.ac.jp/parts/ W3SPAQu.pdf.
14. Fernandez, E. B., & Yuan, X. Y. (2007). Securing analysis patterns. In D. John and S.N. Kerr (Eds.) Proceedings. of the 45th ACM Southeast Conference (pp. 288-293), New York: ACM.
15. Gamma, E., Helm, R., Johnson, R., & Vlissides, J. M. (1994). Design Patterns: Elements of Reusable Object-Oriented Software. Reading, MA: Addison-Wesley Professional.
16. Hafiz, M., Adamczyk, P., & Johnson, R. E. (2007). Organizing security patterns. IEEE Software, 24(4), 52-60. doi:10.1109/MS.2007.114
17. Jürjens, J. (2004). Secure Systems Development with UML. Heidelberg, Germany: Springer.
18. Morrison, P., & Fernandez, E. B. (2006). The credential pattern. In Proceedings of the Conference on Pattern Languages of Programs. Hillside Group. Retrieved November 25, 2009, from http://hillside.net/plop/2006/.
19. Mouratidis, H., & Giorgini, P. (2004). Analysing security in information systems. Presented at the Second International Workshop on Security in Information Systems, Porto Portugal. Retrieved November 25, 2009, from http://www.dit.unitn. it/~pgiorgio/papers/ICEISWorkshop04.pdf
20. Mouratidis, H., Jùrjens, J., & Fox, J. (2006). Towards a Comprehensive Framework for Secure Systems Development. In LNCS 4001: Proceedings of the 18th Conference on Advanced Information Systems, (pp. 48-Heidelberg, Germany: Springer.
21. Nagaratnam, N., Nadalin, A., Hondo, M., Mc-Intosh, M., & Austel, P. (2005). Business-driven application security: From modeling to managing secure applications. IBM Systems Journal, 44(4), 847-867. doi:10.1147/sj.444.0847
22. Pelaez, J., Fernandez, E. B., & Larrondo-Petrie, M. M. (2009). Misuse patterns in VoIP. Security and Communication Networks. Wiley InterScience. Retrieved November 25, 2009 from http://www3. interscience.wiley.com/journal/122324463/ abstract.
23. Priebe, T., Fernandez, E. B., Mehlau, J. I., & Pernul, G. (2004). A pattern system for access control. In C. Farkas and P. Samarati (Eds.) Research Directions in Data and Applications Security XVIII: Proceedings of the 18th. Annual IFIP WG 11.3 Working Conference on Data and Applications Security (pp. 25-28). Amsterdam, Netherlands: Kluwer Academic Publishers.
24. Rosado, D. G., Gutierrez, C., Fernandez-Medina, E., & Piattini, M. (2006). Security patterns related to security requirements. In E. Fernandez-Medina and M. Inmaculada (Eds.) Security in Informaiton Systems: Proceedings of the 4th International Workshop on Security in Information Systems. Setúbal, Portugal: INSTICC Press.
25. Saltzer, J. H., & Schroeder, M. D. (1975). The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1278-1308. Retrieved November 25, 2009 from http://web. mit.edu/Saltzer/www/publications/protection/ index.html
26. Schumacher, M., Fernandez, E. B., Hybertson, D., Buschmann, F., & Sommerlad, P. (2006). Security patterns: Integrating security and systems engineering. Hoboken, NJ: John Wiley & Sons.
27. Secure Systems Research Group. (2009). Florida Atlantic University. Retrieved November 25, 2009 from http://security.ceecs.fau.edu/
28. VanHilst, M., Fernandez, E. B., & Braz, F. (2009a). A multidimensional classification for users of security patterns. Journal of Research and Practice in Information Technology, 41(2), 87-97.
29. VanHilst, M., Fernandez, E. B., & Braz, F. (2009b). Building a concept grid to classify security patterns. In H. Washizaki, N. Yoshioka, E.B.Fernandez, & J. Jürjens (Eds.) Proceedings of the Third International Workshop on Software Patterns and Quality (pp. 34-39). Tokyo:NII. Retrieved November 25, 2009 from http://grace-center.jp/downloads/GRACE-TR-2009-07.pdf.
30. Viega, J., & McGraw, G. (2001). Building secure software: How to avoid security problems the right way. Boston: Addison-Wesley.
31. Warmer, J., & Kleppe, A. (2003). The object constraint language (2nd ed.). Boston: AddisonWesley.
32. Washizaki, H., Fernandez, E. B., Maruyama, K., Kubo, A., & Yoshioka, N. (2009). Improving the classification of security patterns. In Proceedings of the International Workshop on Database and Expert Systems Applications (pp. 165-170). Los Alamitos, CA: IEEE Computer Society.
33. th IEEE International Conference on Requirements Engineering (RE'08), IEEE Computer Society, pp. 169-172
34. Yoshioka, N., Honiden, S., & Finkelstein, A. (2004) Security patterns: A method for constructing secure and efficient inter-company coordination systems. In Proceedings of the Eighth IEEE International Enterprise Distributed Object Computing Conference (pp. 84-97). Los Alamitos, CA: IEEE Computer Society.