Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment

Information and Software Technology

Volumn 54, Issue 9, 2012, Pages 1029-1043

  Abramov, Jenny ^a   Sturm, Arnon ^a   Shoval, Peretz ^a  

^a BEN GURION UNIVERSITY OF THE NEGEV   (Israel)

Author keywords

Authorization; Controlled experiment; Database design; Model driven development; Secure software development; Security patterns

Indexed keywords

AUTHORIZATION; CONTROLLED EXPERIMENT; DATABASE DESIGN; MODEL DRIVEN DEVELOPMENT; SECURE SOFTWARE DEVELOPMENT; SECURITY PATTERNS;

ACCESS CONTROL; DESIGN; EXPERIMENTS; FLOW CONTROL; SECURITY SYSTEMS; SOFTWARE DESIGN; SPECIFICATIONS;

DATABASE SYSTEMS;

EID: 84861955129     PISSN: 09505849     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.infsof.2012.04.001     Document Type: Article

References (48)

1. J. Abramov, O. Anson, A. Sturm, and P. Shoval Tool support for enforcing security policies on databases CAiSE Forum 2011 2011 41 48
2. J. Abramov, A. Sturm, and P. Shoval A Pattern based Approach for Secure Database Design, CAiSE Workshops 2011, LNBIP 83(10) 2011 Springer Berlin, Heidelberg pp. 637-651
3. A. Ampatzoglou, and A. Chatzigeorgiou Evaluation of object-oriented design patterns in game development Information and Software Technology 49 5 2007 445 454
4. D. Basin, M. Clavel, J. Doser, and M. Egea Automated analysis of security-design models Information and Software Technology 51 5 2009 815 831
5. D. Basin, J. Doser, and T. Lodderstedt Model driven security: from UML models to access control infrastructures ACM Transactions on Software Engineering and Methodology 15 1 2006 39 91
6. L. Chen, and M.A. Babar A systematic review of evaluation of variability management approaches in software product lines Information and Software Technology 53 2011 344 362
7. L. Compagna, P.E. Khoury, A. Krausová, F. Massacci, and N. Zannone How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns Artificial Intelligence and Law 17 1 2009 1 30
8. J. Czuprynski, Oracle Label Security. The Database Journal, 2003. < http://www.databasejournal.com >.
9. F. D'Aubeterre, L.S. Iyer, and R. Singh An empirical evaluation of information security awareness levels in designing secure business processes Proceedings of the 4th International Conference on Design Science Research in Information Systems and Technology (DESRIST '09) 2009 ACM New York, NY, USA
10. F. D'aubeterre, R. Singh, and L. Iyer Secure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processes European Journal of Information Systems 17 5 2008 528 542
11. G. Dhillon Information Security Management: Global Challenges in the New Millennium 2001 IGI Publishing Hershey, PA, USA
12. E.B. Fernandez, M.M. Larrondo-Petrie, T. Sorgente, and M. VanHilst A methodology to develop secure systems using patterns H. Mouratidis, P. Giorgini, Integrating Security and Software Engineering: Advances and Future Vision 2006 IDEA Press 107 126 (Chapter 5)
13. E. Fernández-Medina, and M. Piattini Designing secure databases Information and Software Technology 47 7 2005 463 477
14. E. Gamma, R. Helm, R. Johnson, and J.M. Vlissides Design Patterns: Elements of Reusable Object-Oriented Software 1994 Addison-Wesley Longman Publishing Co., Inc. Boston, MA, USA
15. J. Jürjens, and P. Shabalin Tools for secure systems development with UML International Journal on Software Tools for Technology Transfer 9 2007 527 544
16. J. Jürjens Secure Systems Development with UML 2005 Springer-Verlag
17. J. Jürjens, and R. Rumm Model-based security analysis of the German health card architecture Methods of Information in Medicine 47 5 2008 409 416
18. M. Koch, and F. Parisi-Presicce UML specification of access control policies and their formal verification Software and System Modeling 5 4 2006 429 447
19. A. Kriegel, and B.M. Trukhnov SQL Bible 2008 Wiley
20. J.H. Larkin, and H.A. Simon Why a diagram is (sometimes) worth ten thousand words Cognitive Science 11 1 1987 65 100
21. S.W. Lee, and M. Monga Special issue on software engineering for secure systems Computers & Security 29 2010 299 301
22. J. Lloyd, and J. Jürjens Security analysis of a biometric authentication system using UMLsec and JML 12th International Conference on Model Driven Engineering Languages and Systems (Models 2009), LNCS 5795 2009 Springer 15
23. T. Lodderstedt, D.A. Basin, and J. Doser SecureUML: a UML-based modeling language for model-driven security J. Jézéquel, H. Hußmann, S. Cook, Proceedings of the 5th International Conference on the Unified Modeling Language LNCS vol. 2460 2002 Springer-Verlag London 426 441
24. F. Massacci, and N. Zannone Detecting conflicts between functional and security requirements with secure Tropos: John Rusnak and the Allied Irish Bank P. Giorgini, N.A.M. Maiden, J. Mylopoulos, E. Yu, Social Modeling for Requirements Engineering 2006 MIT Press Cambridge, MA
25. L. Montrieux, J. Jürjens, C.B. Haley, Y. Yu, P.-Y. Schobbens, H. Toussaint, Tool support for code generation from a UMLsec property, in: The 25th IEEE/ACM International Conference on Automated Software Engineering (ASE'10), 2010, pp. 357-358.
26. D. Moody What makes a good diagram? Improving the cognitive effectiveness of diagrams in IS development W. Wojtkowski, W.G. Wojtkowski, J. Zupancic, G. Magyar, G. Knapp, Advances in Information Systems Development 2007 Springer US 481 492
27. H. Mouratidis, and P. Giorgini Secure tropos: a security-oriented extension of the tropos methodology International Journal of Software Engineering and Knowledge Engineering 27 2 2007 285 309
28. H. Mouratidis, and J. Jürjens From goal driven security requirements engineering to secure design International Journal of Intelligent Systems 25 8 2010 813 840
29. H. Mouratidis, A. Sunyaev, and J. Jürjens Secure information systems engineering: experiences and lessons learned from two health care projects P. Van Eck, J. Gordijn, R. Wieringa, Advanced Information Systems Engineering LNCS vol. 5565 2009 Springer Berlin/Heidelberg, London 231 245
30. Object Constraint Language. OMG Specification, Version 2.2, 2010. < http://www.omg.org/spec/OCL/2.2/ >.
31. A.L. Opdahl, and G. Sindre Experimental comparison of attack trees and misuse cases for security threat identification Information and Software Technology 51 5 2009 916 932
32. Oracle, 2011. < http://www.oracle.com >.
33. Oracle: Oracle@Database - Security Guide, 2008. < http://download. oracle.com/docs/cd/B28359-01/network.111/b28531.pdf >.
34. J.A. Pavlich-Mariscal, S.A. Demurjian, and L.D. Michel A framework of composable access control features: preserving separation of access control concerns from models to code Computers & Security 29 3 2010 350 379
35. L. Prechelt, B. Unger, W.F. Tichy, P. Brössler, and L.G. Votta A controlled experiment in maintenance comparing design patterns to simpler solutions IEEE Transactions on Software Engineering 27 12 2001 1134 1144
36. I. Ray, R.B. France, N. Li, and G. Georg An aspect-based approach to modeling access control concerns Information and Software Technology 46 9 2004 575 587
37. I. Reinhartz-Berger, and A. Sturm Enhancing UML models: a domain analysis approach Journal of Database Management 19 1 2008 74 94
38. I. Reinhartz-Berger, and A. Sturm Utilizing domain models for application design and validation Information & Software Technology 51 8 2009 1275 1289
39. H. Schmidt, and J. Jürjens Connecting security requirements analysis and secure design using patterns and UMLsec CAiSE 2011 2011 367 382
40. M. Schumacher, E.B. Fernandez, D. Hybertson, F. Buschmann, and P. Sommerlad Security Patterns: Integrating Security and Systems Engineering 2006 John Wiley & Sons
41. M. Schumacher Security Engineering with Patterns: Origins, Theoretical Models, and New Applications 2003 Springer-Verlag New York, Inc. Secaucus, NJ, USA
42. B. Selic The pragmatics of model-driven development IEEE Software 20 5 2003 19 25
43. SERENITY Project, 2011. < http://www.serenity-project.org >.
44. P. Shoval, and S. Shiran Entity-relationship and object-oriented data modeling - an experimental comparison of design quality Data & Knowledge Engineering 21 1997 297 315
45. M. Vokáč, W. Tichy, D.I.K. Sjoberg, E. Arisholm, and M. Aldrin A controlled experiment comparing the maintainability of programs designed with and without design patterns - a replication in a real programming environment Empirical Software Engineering 9 3 2004 149 195
46. C. Wohlin, P. Runeson, M. Höst, M.C. Ohlsson, B. Regnell, and A. Wesslén Experimentation in Software Engineering: An Introduction 2000 Kluwer Academic Publishers
47. E. Yu, and J. Mylopoulos Understanding "Why" in software process modelling, analysis, and design Proceedings of the 16th International Conference on Software Engineering 1994 IEEE Computer Society/ACM Press 159 168
48. C. Zhang, and D. Budgen What do we know about the effectiveness of software design patterns IEEE Transactions on Software Engineering 2011 10.1109/TSE.2011.79