A software product line reference architecture for security

Software Product Lines: Research Issues in Engineering and Management

Volumn , Issue , 2006, Pages 275-326

  Fægri, Tor Erlend ^a   Hallsteinsen, Svein ^a  

^a SINTEF ICT   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84869874535     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1007/978-3-540-33253-4_8     Document Type: Chapter

References (62)

1. Allen J, Gabbard D, and May C (2003) Outsourcing Managed Security Services In: Security improvement module, CMU/SEI-SIM-012. 2003, Carnegie Mellon, Software Engineering Institute: Pittsburg, PA.
2. Bachmann F, Bass L, and Klein M (2003) Deriving Architectural Tactics: A Step toward Methodical Architectural Design Technical report, CMU/SEI-2003-TR-004. 2003
3. Bass L, Clement P, and Klein M (2003) Software Architecture in Practice. 2 ed. Addison Wesley.
4. Bayer J (2003) Design for Quality. In: Linden FVd (ed) 5th Int'l Workshop on Product Family Engineering. Springer, Berlin Heidelberg New York
5. Blakley B and Heath C (2004) Security Design Patterns. The Open Group.
6. Bollinger T, Voas J, and Boasson M, Persistent Software Attributes. IEEE Software, 2004. 21(6): p. 16-18.
7. Bosch J (2000) Design and Use of Software Architectures - Adopting and Evolving a Product-Line Approach. Addison-Wesley.
8. Bosch J and Molin P (1999) Software Architecture Design: Evaluation and Transformation. In: IEEE Conference and Workshop on Engineering of Computer-Based Systems. IEEE Computer Society Press. p. 4-10.
9. Butler SA (2002) Security Attribute Evaluation Method: A Cost-Benefit Approach. In: International conference on software engineering. ACM Press. p. 232-240.
10. Bühne S, Chastek G, Käkölä T, Knauber P, Northrop L, and Thiel S (2003) Exploring the Context of Product Line Adoption. In: Linden FVd (ed) 5th International workshop on Product Family Engineering. Springer, Berlin Heidelberg New York. p. 19-31.
11. Cavusoglu H, Mishra B, and Raghunathan S, A Model for Evaluating It Security Investments. Communications of the ACM, 2004. 47(7): p. 87-92.
12. Chang S, Chen Q, and Hsu M (2003) Managing Security Policy in a Large Distributed Web Services Environment. In: 27th Annual International Computer Software and Applications Conference (COMPSAC'03). IEEE Computer Society Press. p. 610-621.
13. Chung L, Nixon BA, Yu E, and Mylopoulos J, eds. Non-Functional Requirements in Software Engineering (2000). The Kluwer International Series in Software Engineering, Basili V (ed). Kluwer Academic Publishers. 439pp.
14. Clements P, Kazman R, and Klein M (2002) Evaluating Software Architectures: Methods and Case Studies. Addison Wesley.
15. Clements P and Northrop L (2002) Software Product Lines: Practices and Patterns. The Sei Series in Software Engineering Addison Wesley.
16. Covingtony MJ, Fogla P, Zhan Z, and Ahamad M (2002) A Context-Aware Security Architecture for Emerging Applications. In: 18th Annual Computer Security Applications Conference (ACSAC'02). IEEE Computer Society. p. 249-258.
17. Denning DE and Denning PJ, Data Security. ACM Computing Surveys, 1979. 11 (3). p. 227-249.
18. Douligeris C and Mitrokotsa A, Ddos Attacks and Defense Mechanisms: Classification and State-of-the-Art. Computer Networks, 2004. 44(5): p. 643-666.
19. Duchessi P and Chengalur-Smith I, Client/Server Benefits, Problems, Best Practices. Communications of the ACM, 1998. 41(5): p. 87-94.
20. Eguiluz HR and Barbacci MR (2003) Interactions among Techniques Addressing Quality Attributes In: Technical report, CMU/SEI-2003-TR-003. 2003.
21. Fernandez EB and Pan R (2001) A Pattern Language for Security Models. In: PLoP 2001.
22. Firesmith DG (2003) Common Concepts Underlying Safety, Security, and Survivability Engineering Technical note, CMU/SEI-2003-TN-033. 2003, Software Engineering Institute, Carnegie Mellon University
23. Gates C and Slonim J (2003) Owner-Controlled Information. In: New security paradigms workshop. ACM Press. p. 103-111.
24. Gordon LA and Loeb MP, The Economics of Information Security Investment. ACM Transactions on information and system security, 2002. 5(4): p. 438-457.
25. Hallsteinsen S, Fægri TE, and Syrstad M (2003) Patterns in Product Family Architecture Design. In: Linden FVd (ed) PFE-5. Springer Verlag. p. 261-268.
26. Hallsteinsen S, Fægri TE, and Syrstad M (2003) Patterns in Product Family Architecture Design. In: Linden FVd (ed) 5th International workshop on Product Family Engineering. Springer, Berlin Heidelberg New York. p. 261-268.
27. IEEE (2000) Ieee Standard No. 1471-2000: Recommended Practice for Architectural Description of Software-Intensive Systems. IEEE: http://shop. ieee.org/store/.
28. ISO/IEC (1999) 15408 Common Criteria for Information Technology Security Evaluation. v2.0 ed. Nat'l Inst. Standards and Technology Washington, DC.
29. ISO/IEC (1991) Fcd 9126-1.2: Information Technology - Software Product Quality. Part 1: Quality Model.
30. Jung H-W, Kim S-G, and Chung C-S, Measuring Software Product Quality: A Survey of Iso/Iec 9126. IEEE Software, 2004. 21(5): p. 88-92.
31. Klein M and Kazman R (1999) Attribute-Based Architectural Styles. In: SEI Technical Report, CMU/SEI-99-TR-022. 1999.
32. Kristol D and Montulli L (2000) Http State Management Mechanism (Rfc2965). http://www.watersprings.org/pub/rfc/rfc2965.txt.
33. Landwehr CE, Computer Security. International Journal of Information Security, 2001. 1(1): p. 3-13.
34. Linden Fvd, Software Product Families in Europe: The Esaps and Café Projects. IEEE Software, 2002. 19(4): p. 41-49.
35. Lindqvist U and Jonsson E, A Map of Security Risks Associated with Using Cots, in IEEE Computer. 1998. p. 60-66.
36. Matyás V and Ríha Z, Towards Reliable User Authentication through Biometrics. IEEE Security & Privacy, 2003. 1(3): p. 45-49.
37. McHugh J, Intrusion and Intrusion Detection. International Journal of Information Security, 2001. 1 (1). p. 14-35.
38. Microsoft (2002) Building Secure Asp. Net Applications. Microsoft: www.microsoft.com.
39. Microsoft (2003) Enterprise Solution Patterns Using Microsoft. Net. Microsoft Corp.: http://msdn. microsoft.com/library/default.asp?url=/library/en- us/dnpatterns/html/Esp.asp.
40. Min BJ, Kim SK, and Choi J-S (2003) Secure System Architecture Based on Dynamic Resource Reallocation. In: Chae K and Yung M (eds) Information Security Applications, 4th International Workshop, WISA 2003. Springer. p. 174-187.
41. Motta G H M B and Furuie SS, A Contextual Role-Based Access Control Authorization Model for Electronic Patient Record. IEEE Transactions on information technology in biomedicine, 2003. 7(3): p. 202-207.
42. O'Gorman L, Comparing Passwords, Tokens, and Biometrics for User Authentication. Proceedings of the IEEE, 2003. 91 (12).
43. Oppliger R and Rytz R, Digtal Evidence: Dream and Reality. IEEE Security & Privacy, 2003: p. 44-48.
44. Park JS, Sandhu R, and Ahn G-J, Role-Based Access Control on the Web. ACM Transactions on information and system security, 2001. 4(1): p. 37-71.
45. Peteanu R (2001) Best Practices for Secure Development. http://www.mkaz.com/ref/secure-webdev-3.0.pdf.
46. Probst S, Essmayr W, and Weippl E (2002) Reusable Components for Developing Security-Aware Applications. In: 18th Annual computer security applications conference (ACSAC'02). IEEE. p. 239-248.
47. Ramachandran J (2002) Designing Security Architecture Solutions. Wiley.
48. Romanosky S (2002) Enterprise Security Patterns. In: 7th European conference on pattern languages of programs (EuroPLoP). http://hillside.net/ patterns/EuroPLoP2002
49. Saltzer JH, Protection and the Control of Information Sharing in Multics. Communications of the ACM, 1974. 17(7): p. 388-402.
50. Sandhu RS and Samarati P, Access Control: Principle and Practice. IEEE Communications Magazine, 1994. c 32(9): p. 40-48.
51. Schmidt DC and Buschmann F (2003) Patterns, Frameworks, and Middleware: Their Synergistic Relationships. In: International conference on software engineering. IEEE Computer Society. p. 694-704.
52. Schneider EA (1999) Security Architecture-Based System Design. In: New security paradigms workshop. ACM Press. p. 25-31.
53. Schneider FB, Least Privilege and More. IEEE Security & privacy, 2003: p. 55-59.
54. Shumacher M, ed. Security Engineering with Patterns: Origins, Theoretical Model, and New Applications (2003). Lecture Notes in Computer Science. Vol. 2754. Springer Verlag pp.
55. Smith SW, Humans in the Loop: Human-Computer Interaction and Security. IEEE Security & privacy, 2003. 1(3): p. 75-79.
56. Ting TC (1993) Modeling Security Requirements for Applications. In: Conference on Object Oriented Programming Systems Languages and Applications. ACM Press. p. 305.
57. Viega J and Messier M, Security Is Harder Than You Think, in ACM Queue. 2004. p. 60-65.
58. Yee K-P (2002) User Interaction Design for Secure Systems. In: Fourth International Conference on Information and Communications Security. Springer Verlag. p. 278-290.
59. Yoder J and Barcalow J (1998) Architectural Patterns for Enabling Application Security. In: In Proceedings of the 4th Conference on Patterns Language of Programming (PLoP'97). p. 1-31.
60. Zhong Q and Edwards N, Security Control for Cots Components. IEEE computer, 1998. 31(6): p. 67-73.
61. Zurko ME and Simon RT (1996) User-Centered Security. In: New Security Paradigms Workshop. ACM Press. p. 27-33.
62. Aagedal JØ, Braber Fd, Dimitrakos T, Gran BA, Raptis D, and Stølen K (2002) Model-Based Risk Assessment to Improve Enterprise Security. In: Sixth International Enterprise Distributed Object Computing Conference (EDOC'02). p. 51-62.