Engineering Security into Distributed Systems: A Survey of Methodologies

Journal of Universal Computer Science

Volumn 18, Issue 20, 2012, Pages 2920-3006

  Uzunov, Anton V ^a   Fernandez, Eduardo B ^b   Falkner, Katrina ^a  

^a UNIVERSITY OF ADELAIDE   (Australia)

^b FLORIDA ATLANTIC UNIVERSITY   (United States)

Author keywords

Computer Security; Distributed Systems; Model Driven Security; Model based Development; Secure Software Architectures; Secure Software Engineering; Security Engineering; Security Methodologies; Security Patterns; Survey

Indexed keywords

EID: 84874788713     PISSN: 0948695X     EISSN: 09486968     Source Type: Journal    
DOI: None     Document Type: Review

References (253)

1. Alam, M., Breu, R., Hafner, M.: "Model-driven security engineering for trust management in SECTET;" J. Softw. 2(1), (2007), 47-59.
2. Alberts, C., Dorofee, A.: "Managing Information Security Risks: The OCTAVE (SM) Approach;" 1st ed., Addison-Wesley Professional, (2002).
3. Alexander, C.: "The Timeless Way of Building;" Oxford University Press, (1979).
4. Alexander, I.: "Misuse cases: use cases with hostile intent;" IEEE Software 20(1), (2003), 58-66.
5. Ali, Y., El-Kassas, S., Mahmoud, M.: "A rigorous methodology for security architecture modeling and verification;" In HICSS09 42nd Hawaii International Conference on System Sciences 2009 IEEE, (2009), 1-10.
6. Alkussayer, A., Allen, W.H.: "The ISDF Framework: Towards Secure Software Development;" J. Inf. Process. Syst. 6, (2010), 91-104.
7. Anderson, R.J.: "Security Engineering: A Guide to Building Dependable Distributed Systems;" 2nd ed., (2008), Wiley.
8. Arsanjani, A., Ghosh, S., Allam, A., Abdollah, T., Ganapathy, S., Holley, K.: "SOMA: A method for developing service-oriented solutions;" IBM Syst. J. 47(3), (2008), 377-396.
9. Basin, D., Doser, J., Lodderstedt, T.: "Model driven security for processoriented systems;" In Procs. of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT), ACM Press, (2003), 100-109.
10. Basin, D., Doser, J., Lodderstedt, T.: "Model Driven Security;" ACM Trans. Softw. Eng. Methodol. 15(1), (2006), 39-91.
11. Basin, D., Clavel, M., Doser, J. & Egea, M.: "Automated analysis of security-design models;" Inf. Softw. Technol. 51(5), (2009), 815-831.
12. Basin, D., Clavel, M., Egea, M.: "A decade of model-driven security;" In Procs. of the 16th ACM Symposium on Access Control Models and Technologies (SACMAT). Innsbruck, Austria, ACM, (2011), 1-10.
13. Baskerville, R.: "Information systems security design methods: implications for information systems development;" ACM Comput. Surv. 25(4), (1993), 375-414.
14. Bass, L., Clements, P., Kazman, R.: "Software Architecture in Practice;" 2nd ed., Addison-Wesley Professional (2003).
15. Beck, K., Cunningham, W.: "Using Pattern Languages for Object-Oriented Programs. " Technical Report No. CR-87-43, (1987).
16. Belapurkar, A., Chakrabarti, A., Ponnapalli, H., Varadarajan, N., Padmanabhuni, S., Sundarrajan, S.: "Distributed Systems Security: Issues, Processes and Solutions;" Wiley (2009).
17. Best, B., Jürjens, J., Nuseibeh, B.: "Model-Based Security Engineering of Distributed Information Systems Using UMLsec;" In Proceedings of the 29th International Conference on Software Engineering (ICSE), Minneapolis, MN: IEEE Computer Society, (2007), 581-590.
18. Blaimer, N., Bortfeldt, A., Pankratz, G.: "Patterns in Object-Oriented Analysis;" Working Paper No. 451, Faculty of Business Administration and Economics, University of Hagen, Germany, (2010).
19. Blakley, B., Heath, C.: "Security Design Patterns. " Technical Guide, The Open Group, (2004).
20. Booch, G.: "Object-Oriented Analysis and Design with Applications, " Benjamin Cummings (1994).
21. Braz, F.A., Fernandez, E.B., VanHilst, M.: "Eliciting Security Requirements through Misuse Activities;" In Procs. 19th International Conference on Database and Expert Systems Applications (DEXA), IEEE, (2008), 328-333.
22. Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: "Tropos: An Agent-Oriented Software Development Methodology;" Auton. Agents Multi-Agent Syst. 8(3), (2004), 203-236.
23. Breu, R., Burger, K., Hafner, M.: "Towards a systematic development of secure systems;" Fernández-Medina, L.J., Castro, E., Garcia-Villalba, J.C.H. (Eds.), Inf. Syst. Secur. J. (Special Issue) 13(3), (2004), 1-12.
24. Breu, R., Hafner, M., Innerhofer-Oberperfler, F., Wozak, F.: "Model-Driven Security Engineering of Service Oriented Systems;" In Kaschek, R. et al. (Eds.), Information Systems and e-Business Technologies: Springer, Berlin Heidelberg, (2008), 59-71.
25. Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: "Pattern-Oriented Software Architecture Volume 1: A System of Patterns;" Wiley, (1996).
26. Cassou, D., Bertran, B., Loriant, N., Consel, C.: "A generative programming approach to developing pervasive computing systems;" In Procs. of the 8th International Conference on Generative Programming and Component Engineering (GPCE), Denver, Colorado, USA, (2009), 137-146.
27. Ciancarini, P., Wooldridge, M. (Eds.): "Agent-Oriented Software Engineering;" 1st ed., Springer, (2001).
28. Clarke, S., Baniassad, E.: "Aspect-Oriented Analysis and Design: The Theme Approach;" Addison-Wesley Professional, (2005).
29. Clavel, M., Silva, V. da, Braga, C., Egea, M.: "Model-Driven Security in Practice: An Industrial Experience;" In I. Schieferdecker, A. Hartman (Eds.), Model Driven Architecture-Foundations and Applications, Springer, Berlin Heidelberg, (2008), 326-337.
30. Cole, R.: "A model for security in distributed systems;" Comput. Secur. 9(4), (1990), 319-330.
31. Côté, I., Hatebur, D., Heisel, M., Schmidt, H., Wentzlaff, I.: "A Systematic Account of Problem Frames;" In Procs. of EuroPLoP 2007, (2008), 749-767.
32. Dai, L., Cooper, K.: "A Survey of Modeling and Analysis Approaches for Architecting Secure Software Systems;" Int. J. Netw. Secur. 5(2), (2007), 187-198.
33. Dashofy, E.M., Hoek, A. van der, Taylor, R.N.: "A comprehensive approach for the development of modular software architecture description languages;" ACM Trans. Softw. Eng. Methodol. 14(2), (2005), 199-245.
34. De Win, B., Scandariato, R., Buyens, K., Grégoire, J., Joosen, W.: "On the secure software development process: CLASP, SDL and Touchpoints compared;" Inf. Softw. Technol. 51(7), (2009), 1152-1171.
35. Dehlinger, J., Subramanian, N.V.: "Architecting Secure Software Systems Using an Aspect-Oriented Approach: A Survey of Current Research;" Technical Report, Computer Science, Iowa State University, (2006).
36. Delessy, N.A., Fernandez, E.B.: "A pattern-driven security process for SOA applications;" In Procs. of the 3rd International Conference on Availability, Security, and Reliability (ARES), Barcelona, Spain: IEEE Computer Society, (2008), 416-421.
37. Delessy, N., Fernandez, E.B., Larrondo-Petrie, M.M.: "A Pattern-Driven Process for Secure Service-Oriented Applications;" FAU Technical Report (unpublished), (2008).
38. Deng, Y., Wang, J., Tsai, J.J.P., Beznosov, K.: "An approach for modeling and analysis of security system architectures;" IEEE Trans. Knowl. Data Eng. 15(5), (2003), 1099-1119.
39. Devanbu, P.T., Stubblebine, S.: "Software engineering for security: a roadmap;" In Procs. Conference on the Future of Software Engineering, ACM, (2000), 227-239.
40. Dias, J.J.L., de Almeida, E.S., de Lemos Meida, S.R.: "A Systematic SOAbased Architecture Process;" In Procs. of the 21st International Conference on Software Engineering, Knowledge Engineering (SEKE), Boston, Massachusetts: Knowledge Systems Institute Graduate School, (2009), 328-333.
41. Dolinar, K., Fuchs, A., Klobucar, T., Llarena, R., Maña, A., Muñoz, A., Porekar, J., Rudolph, C., Saljic, S, Serrano, D.: "A3. D4.2-Extended Set of S&D Patterns for Networks and Devices;" Technical Report, A3. D4.2, SERENITY-027587, (2008).
42. Dougherty, C., Sayre, K., Seacord, R.C., Svoboda, D., Togashi, K.: "Secure Design Patterns;" Technical Report, CMU/SEI-2009-TR-010, Carnegie-Mellon University, SEI, (2009).
43. Dowd, M., McDonald, J., Schuh, J.: "The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities;" 1st ed., Addison-Wesley Professional, (2007).
44. Erl, T.: "SOA Design Patterns;" 1st ed., Prentice Hall PTR, (2009).
45. Fernandez, E.B., France, R.B.: "Formal specification of real-time dependable systems;" In Procs. of the 1st IEEE Int. Conf. on Eng. of Complex Comp. Systems (ICECCS), Fort Lauderdale, FL: IEEE Computer Society, (1995), 342-348.
46. Fernandez, E.B., Hawkins, J.C.: "Determining role rights from use cases;" In Proceedings of the 2nd ACM Workshop on Role-based Access Control (RBAC), Fairfax, Virginia, US: ACM, (1997), 121-125.
47. Fernandez, E.B., Nair, K.R.: "An abstract authorization system for the Internet;" In Proceedings of the 9th International Workshop on Database and Expert Systems Applications, IEEE, (1998), 310-315.
48. Fernandez, E.B.: "Coordination of security levels for Internet architectures;" In Proceedings of the 10th International Workshop on Database and Expert Systems Applications, IEEE, (1999), 837-841.
49. Fernandez, E.B., Yuan, X.: "Semantic analysis patterns;" In Proceedings of the 19th International Conference on Conceptual Modeling, ER2000. Salt Lake City, UT, (2000), 183-195.
50. Fernandez, E.B., Pan, R.: "A Pattern Language for Security Models;" In Procs. of the 8th Conference of Pattern Languages of Programs (PLoP), (2001).
51. Fernandez, E.B.: "Layers and non-functional patterns;" In Procs. of ChiliPLoP 2003, Phoenix, (2003).
52. Fernandez, E.B.: "A methodology for secure software design;" In Proceedings of the 2004 International Conference on Software Engineering Research and Practice (SERP), (2004), 21-24.
53. Fernandez, E.B., Sorgente, T., Larrondo-Petrie, M.M.: "A UML-based Methodology for Secure Systems: The Design Stage;" In Proceedings of the Third International Workshop on Security in Information Systems (WOSIS), Miami, FL, (2005).
54. Fernandez, E.B., Larrondo-Petrie, M.M.: "Security patterns and secure systems design;" In Proceedings of the 4th Latin American and Caribbean Conference for Engineering and Technology (LACCEI), Mayaguez, Puerto Rico, (2006).
55. Fernandez, E.B., Larrondo-Petrie, M.M., Sorgente, T., VanHilst, M.: "A methodology to develop secure systems using patterns;" In Giorgini, P., Mouratidis, H. (Eds.), Integrating security and software engineering: Advances and future vision, IDEA Press, (2006), 107-126.
56. Fernandez, E.B., VanHilst, M., Larrondo-Petrie, M.M., Huang, S.: "Defining Security Requirements through Misuse Actions;" In Ochoa, S.F., Roman, G.-C. (Eds.), Advanced Software Engineering: Expanding the Frontiers of Software Technology, Springer US, (2006).
57. Fernandez, E.B., Larrondo-Petrie, M.M.: "Securing design patterns for distributed systems;" In Xiao, Y. (Ed.), Security in Distributed, Grid, and Pervasive Computing, Auerbach: CRC Press, (2007), 53-66.
58. Fernandez, E.B., Yuan, X.: "Securing Analysis Patterns;" In Proceedings of the 45th Annual Southeast Regional Conference, Winston-Salem, North Carolina, ACM, (2007), 288-293.
59. Fernandez, E.B., Pelaez, J., Larrondo-Petrie, M.: "Attack Patterns: A New Forensic and Design Tool;" In Craiger, P., Shenoi, S. (Eds.), Advances in Digital Forensics III, Springer, New York, (2007), 345-357.
60. Fernandez, E.B., Cholmondeley, P., Zimmermann, O.: "Extending a Secure System Development Methodology to SOA;" In Procs. of the 18th International Workshop on Database and Expert Systems Applications, IEEE, (2007), 749-754.
61. Fernandez, E.B., Washizaki, H., Yoshioka, N.: "Abstract security patterns;" Procs. of the 15th Conference on Pattern Languages of Programs (PLoP), (2008).
62. Fernandez, E.B.: "Security patterns and a methodology to apply them;" In Spanoudakis, G., Maña, A., Kokolakis, S. (Eds.), Security and Dependability for Ambient Intelligence, Boston, MA: Springer Verlag, (2009), 37-46.
63. Fernandez, E.B., Yoshioka, N., Washizaki, H.: "Modeling misuse patterns;" In Procs. of the 2009 International Conference on Availability, Reliability and Security, Fukuoka, Fukuoka Prefecture, Japan: IEEE Computer Society, (2009), 566-571.
64. Fernandez, E.B., Mujica, S.: "Building Secure Systems: From Threats to Security Patterns;" In Procs. of the 29th International Conference of the Chilean Computer Science Society (SCCC), IEEE, (2010), 66-70.
65. Fernandez, E.B., Yoshioka, N., Washizaki, H., Jürjens, J., VanHilst, M., Pernul, G.: "Using security patterns to develop secure systems;" In Mouratidis, H. (Ed.), Software Engineering for Secure Systems: Industrial and Research Perspectives, IGI Global Group, (2011), 16-31.
66. Fernandez, E.B., Uzunov, A.V.: "Secure Middleware Patterns;" In Y. Xiang, J. Lopez, C.-C.J. Kuo and W. Zhou (Eds.), Procs. of the 4th International Symposium on Cyberspace Safety and Security (CSS). Melbourne, Australia: LNCS 7672, Springer, Heidelberg, (2012), 470-482.
67. Fernandez, E.B.: "Security Patterns in Practice: Designing Secure Architectures Using Software Patterns;" Wiley, (2013).
68. Fernández-Medina, E., Jürjens, J., Trujillo, J., Jajodia, S.: "Model-Driven Development for secure information systems;" Inf. Softw. Technol. 51(5), (2009), 809-814.
69. Firesmith, D.: "Security Use Cases;" J. Object Technol. 2(3), (2003), 53-64.
70. Flechais, I., Sasse, M.A., Hailes, S.M.V.: "Bringing security home: a process for developing secure and usable systems;" In Proceedings of the 2003 Workshop on New Security Paradigms, ACM, (2003), 49-57.
71. Flechais, I., Mascolo, C., Sasse, M.A.: "Integrating security and usability into the requirements and design process;" Int. J. Electron. Secur. Digit. Forensics 1(1), (2007), 12-26.
72. Fleurey, F., Baudry, B., France, R., Ghosh, S.: "A Generic Approach for Automatic Model Composition;" In Giese, H. (Ed.), Models in Software Engineering, Springer, Berlin Heidelberg, (2008), 7-15.
73. Foster, I., Kesselman, C.: "The Grid 2, Second Edition: Blueprint for a New Computing Infrastructure;" 2nd ed., Morgan Kaufmann, (2003).
74. France, R.B., Kim, D., Song, E., Ghosh, S.: "Patterns as precise characterizations of designs;" Technical Report, Colorado State University, (2002).
75. France, R., Ray, I., Georg, G., Ghosh, S.: "Aspect-oriented approach to early design modelling;" IEE Proc.-Softw. 151(4), (2004), 173-185.
76. France, R., Kim, D., Ghosh, S., Song, E.: "A UML-based pattern specification technique;" IEEE Trans. on Softw. Eng. 30(3), (2004), 193-206.
77. France, R., Rumpe, B.: "Model-driven Development of Complex Software: A Research Roadmap;" In Future of Software Engineering, IEEE, (2007), 37-54.
78. Frankel, D.S.: "Model Driven Architecture: Applying MDA to Enterprise Computing;" Wiley, (2003).
79. Fu, Y., Dong, Z., He, X.: "An approach to web services oriented modeling and validation;" In Proceedings of the 2006 International Workshop on Service-Oriented Software Engineering (SOSE), ACM Press, (2006), 81.
80. Gallego-Nicasio, B., Muñoz, A., Maña, A., Serrano, D.: "Security patterns, towards a further level;" In SECRYPT 2009-International Conference on Security and Cryptography, Milan, Italy: INSTICC Press, (2009), 349-356.
81. Gamma, E., Helm, R., Johnson, R., Vlissides, J.: "Design Patterns: Elements of Reusable Object-Oriented Software;" Addison-Wesley Professional, (1995).
82. García, M., Llewellyn-Jones, D., Ortin, F., Merabti, M.: "Applying dynamic separation of aspects to distributed systems security: A case study;" IET Softw. 6(3), (2012), 231-248.
83. Georg, G., Ray, I., France, R.: "Using aspects to design a secure system;" In Proceedings of the 8th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), IEEE, (2002), 117-126.
84. Georg, G., France, R., Ray, I.: "Designing High Integrity Systems using Aspects;" In Proceedings of the Fifth IFIP TC-11 WG 11.5 Working Conference on Integrity and Internal Control in Information Systems (IICIS), (2002), 37-57.
85. Georg, G., Houmb, S.H., Ray, I.: "Aspect-Oriented Risk Driven Development of Secure Applications;" In Damiani, E., Liu, P. (Eds.), Data and Applications Security: Springer Berlin Heidelberg, (2006), 282-296.
86. Georg, G., Ray, I., Anastasakis, K., Bordbar, B., Toahchoodee, M., Houmb, S.H.: "An aspect-oriented methodology for designing secure applications;" Inf. Softw. Technol. 51(5), (2009), 846-864.
87. Georg, G., Anastasakis, K., Bordbar, B., Houmb, S.H., Ray, I., Toahchoodee, M.: "Verification and Trade-Off Analysis of Security Properties in UML System Models;" IEEE Trans. Softw. Eng. 36(3), (2010), 338-356.
88. Ghosh, A.K., Howell, C., Whittaker, J.A.: "Building Software Securely from the Ground Up;" IEEE Softw. 19(1), (2002), 14-16.
89. Giorgini, P., Kolp, M., Mylopoulos, J., Pistore, M.: "The Tropos Methodology: An Overview;" In Methodologies and Software Engineering for Agent Systems, Kluwer Academic Press, (2004), 89-106.
90. Giunchiglia, F., Mylopoulos, J., Perini, A.: "The Tropos Software Development Methodology: Processes, Models and Diagrams;" In Giunchiglia, F., Odell, J., Weiß, G. (Eds.), Agent-Oriented Software Engineering III, Springer, Berlin Heidelberg, (2003), 162-173.
91. Gollmann, D.: "Computer Security;" 3rd ed., Wiley, (2011).
92. Gonzalez-Perez, C., Henderson-Sellers, B.: "Metamodelling for Software Engineering;" 1st ed., Wiley, (2008).
93. Gregoire, J., Buyens, K., De Win, B., Scandariato, R., Joosen, W.: "On the Secure Software Development Process: CLASP and SDL Compared;" In Third International Workshop on Software Engineering for Secure Systems (SESS: ICSE Workshops 2007), IEEE, (2007).
94. Gritzalis, S., Spinellis, D., Georgiadis, P.: "Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification;" Comput. Commun. 22(8), (1999), 697-709.
95. Gunawan, L.A., Herrmann, P., Kraemer, F.A.: "Towards the Integration of Security Aspects into System Development Using Collaboration-Oriented Models;" In Śle{ogonek}zak, D. et al. (Eds.), Security Technology, Springer, Berlin Heidelberg, (2009), 72-85.
96. Gunawan, L.A., Kraemer, F.A., Herrmann, P.: "A tool-supported method for the design and implementation of secure distributed applications;" In Proceedings of the 3rd International Conference on Engineering Secure Software and Systems (ESSoS), Madrid, Spain: Springer-Verlag Berlin/Heidelberg, (2011), 142-155.
97. Gutiérrez, C., Fernández-Medina, E., Piattini, M.: "Towards a Process for Web Services Security;" In Proceedings of the 3rd International Workshop on Security in Information Systems (WOSIS), Miami, FL, INSTICC Press, (2005a), 298-308.
98. Gutiérrez, C., Fernández-Medina, E., Piattini, M.: "Web services enterprise security architecture: a case study;" In Proceedings of the 2nd ACM Workshop On Secure Web Services (SWS), Fairfax, VA, USA, ACM, (2005b), 10-19.
99. Gutiérrez, C., Fernández-Medina, E., Piattini, M.: "PWSSec: Process for Web Services Security;" In Proceedings of the IEEE International Conference on Web Services. Washington, DC, USA: IEEE Computer Society, (2006), 213-222.
100. Gutiérrez, C., Rosado, D.G., Fernández-Medina, E.: "The practical application of a process for eliciting and designing security in web service systems. " Inf. Softw. Technol. 51(12), (2009), 1712-1738.
101. Hafiz, M., Johnson, R.E., Afandi, R.: "The security architecture of qmail;" In Proceedings of the 11th Conference on Pattern Language of Programs (PLoP), Allerton, Illinois, (2004).
102. Hafiz, M., Adamczyk, P., Johnson, R.E.: "Organizing security patterns;" IEEE Softw. 24(4), (2007), 52-60.
103. Hafner, M., Breu, R., Agreiter, B., Nowak, A.: "SECTET: an extensible framework for the realization of secure inter-organizational workflows;" Internet Res. 16(5), (2006), 491-506.
104. Hafner, M., Memon, M., Breu, R.: "SeAAS-A Reference Architecture for Security Services in SOA;" J. Univers. Comput. Sci. 15(15), (2009), 2916-2936.
105. Hafner, M., Breu, R.: "Security Engineering for Service-Oriented Architectures;" 1st ed., Springer, (2009).
106. Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: "Security Requirements Engineering: A Framework for Representation and Analysis;" IEEE Trans. Softw. Eng. 34(1), (2008), 133-153.
107. Hatebur, D., Heisel, M., Schmidt, H.: "A security engineering process based on patterns;" In Procs. of the 18th International Workshop on Database and Expert Systems Applications, Regensburg, Germany: IEEE Computer Society, (2007), 734-738.
108. Hatebur, D., Heisel, M., Schmidt, H.: "A Pattern System for Security Requirements Engineering;" In Procs of the 2nd International Conference on Availability, Reliability and Security (ARES), IEEE Computer Society, (2007), 356-365.
109. Hatebur, D., Heisel, M., Schmidt, H.: "Analysis and Component-based Realization of Security Requirements;" In Procs. of the 3rd International Conference on Availability, Reliability and Security (ARES), IEEE, (2008), 195-203.
110. Hatebur, D., Heisel, M.: "Deriving Software Architectures from Problem Descriptions;" In Software Engineering 2009-Workshopband, GI, (2009), 383-392.
111. Hatebur, D., Heisel, M.: "A UML profile for requirements analysis of dependable software;" In Proceedings of the 29th International Conference on Computer Safety, Reliability and Security (Safecomp), Vienna, Austria: Springer, (2010), 317-331.
112. Hatebur, Denis, Heisel, M., Jürjens, J., Schmidt, H.: "Systematic Development of UMLsec Design Models Based on Security Requirements;" In Giannakopoulou, D., Orejas, F. (Eds.), Fundamental Approaches to Software Engineering, Springer, Berlin Heidelberg, (2011), 232-246.
113. He, X., Ding, J., Deng, Y.: "Model checking software architecture specifications in SAM;" In Proceedings of the 14th International Conference on Software Engineering and Knowledge Engineering (SEKE). Ischia, Italy: ACM, (2005), 271-274.
114. Hein, D., Saiedian, H.: "Secure Software Engineering: Learning from the Past to Address Future Challenges;" Inf. Secur. J.: A Global Perspective, 18(1), (2009), 8-25.
115. Henderson-Sellers, B., Giorgini, P.: "Agent-Oriented Methodologies, " 1st ed., IGI Global, (2005).
116. Henderson-Sellers, B., Ralyté, J.: "Situational method engineering: state-of-the-art review;" J. Univers. Comput. Sci. (J. UCS) 16(3), (2010), 424-478.
117. Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: "An Analysis of the Security Patterns Landscape;" In Procs. 3rd International Workshop on Software Engineering for Secure Systems (SESS: ICSE Workshops 2007). Minneapolis, MN: IEEE, (2007).
118. Heyman, T., Scandariato, R., Huygens, C., Joosen, W.: "Using Security Patterns to Combine Security Metrics;" In Procs. of the 7th International Conference on Availability, Reliability and Security (ARES). Barcelona, Spain: IEEE Computer Society, (2008), 1156-1163.
119. Hoglund, G., McGraw, G.: "Exploiting Software: How to Break Code;" Addison-Wesley Professional, (2004).
120. Houmb, S.H., Georg, G., Petriu, D., Bordbar, B., Ray, I., Anastasakis, K., France, R.: "Balancing Security and Performance Properties During System Architectural Design;" In Mouratidis, H. (Ed.), Software Engineering for Secure Systems, IGI Global, (2011), 155-191.
121. Howard, M., Lipner, S.: "The Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software;" 1st ed., Microsoft Press, (2006).
122. Huget, M.P.: "Agent UML notation for multiagent system design;" IEEE Internet Comput. 8(4), (2004), 63-71.
123. Hurtado Alegría, J.A., Bastarrica, M.C., Quispe, A., Ochoa, S.F.: "An MDE approach to software process tailoring;" In Proceedings of the 2011 International Conference on Software and Systems Process (ICSSP). Waikiki, Honolulu, HI, USA: ACM, (2011), 43-52.
124. Hutchinson, J., Rouncefield, M., Whittle, J.: "Model-driven engineering practices in industry;" In Proceeding of the 33rd International Conference on Software Engineering (ICSE), Waikiki, Honolulu, HI, USA: ACM, (2011), 633-642.
125. ISO/IEC 7498-2: "Information Processing System-Open Systems Interconnection (OSI)-Basic Reference Model-Part 2: Security Architecture, " (1989).
126. Jaatun, M.G., Tøndel, I.A.: "Covering Your Assets in Software Engineering;" In Proceedings of the 3rd International Conference on Availability, Reliability and Security (ARES), Barcelona, Spain: IEEE Computer Society, (2008), 1172-1179.
127. Jakob, H., Loriant, N., Consel, C.: "An aspect-oriented approach to securing distributed systems;" In Proceedings of the 2009 International Conference on Pervasive Services. ACM, (2009), 21-30.
128. Jaquith, A.: "The security of applications: Not all are created equal;" Research Report, @stake, (2002), 1-12. Available at [Accessed 24 Mar 2011]: http://www.securitymanagement.com/archive/library/atstake_tech0502.pdf
129. Jayaram, K., Mathur, A.P.: "Software engineering for secure software-state of the art: A survey;" CERIAS Tech. Report 2005-67, Purdue University, West Lafayette, (2005).
130. Jennings, N.R.: "An agent-based approach for building complex software systems;" Commun. ACM 44(4), (2001), 35-41.
131. Jensen, C.: "Secure software architectures" In Proceedings of the 8th Nordic Workshop on Programming Environment Research (WPER), Ronneby, (1998), 239-246.
132. Jouve, W., Palix, N., Consel, C., Kadionik, P.: "A SIP-Based Programming Framework for Advanced Telephony Applications;" In Schulzrinne, H., State, R., Niccolini, S. (Eds.), Services and Security for Next Generation Networks (IPTComm 2008), Springer, Berlin Heidelberg, (2008), 1-20.
133. Jürjens, J.: "UMLsec: Extending UML for Secure Systems Development;" In Proceedings of the 5th International Conference on The Unified Modeling Language (UML), Springer-Verlag, (2002), 412-425.
134. Jürjens, J.: "Using UMLsec and goal trees for secure systems development;" In Proceedings of the 2002 ACM Symposium on Applied Computing (SAC), Madrid, Spain ACM, (2002), 1026-1030.
135. Jürjens, J., Popp, G., Wimmel, G.: "Towards Using Security Patterns in Model-based System Development;" In Procs. of EuroPLoP 2002, Kloster Irsee, Germany, (2002).
136. Jürjens, J.: "Secure Systems Development with UML;" Springer, (2005).
137. Jürjens, J.: "Sound methods and effective tools for model-based security engineering with UML;" In Proceedings of the 27th International Conference on Software Engineering (ICSE), St. Louis, MO, USA ACM, (2005), 322-331.
138. Jürjens, J.: "Model-Based Security Engineering with UML: Introducing Security Aspects;" In Boer, F.S. et al. (Eds.), Formal Methods for Components and Objects, Springer, Berlin Heidelberg, (2006), 64-87.
139. Jürjens, J.: "Model-Based Security Engineering for Real;" In Misra, J., Nipkow, T., Sekerinski, E. (Eds.), FM 2006: Formal Methods, Springer, Berlin Heidelberg, (2006), 600-606.
140. Jürjens, J., Schreck, J., Yu, Y.: "Automated analysis of permission-based security using UMLsec;" In Proceedings of the Theory and Practice of Software (ETAPS), 11th International Conference on Fundamental Approaches to Software Engineering (FASE), Budapest, Hungary: Springer-Verlag, (2008), 292-295.
141. Jürjens, J.: "Security and Dependability Engineering;" In Spanoudakis, G., Maña, A., Kokolakis, S. (Eds.), Security and Dependability for Ambient Intelligence, Boston, MA: Springer Verlag, (2009), 21-36.
142. Kasal, K., Heurix, J., Neubauer, T.: "Model-Driven Development Meets Security: An Evaluation of Current Approaches;" In Procs. of the 44th Hawaii International Conference on System Sciences (HICSS). Kauai, HI, USA: IEEE, (2011), 1-9.
143. Katt, B., Breu, R., Memon, M., Hafner, M.: "SECTET-Model driven Security of Service Oriented Systems based on Security-as-a-Service;" In Presentation in Japan-Austria Joint Workshop on "ICT, " October 18-19, Tokyo, Japan, (2010). Available at: http://www.jst.go.jp/sicp/ws2010_austria/presentation/presentation_05.pdf (Accessed 2011)
144. Khan, M.U.A., Zulkernine, M.: "A Survey on Requirements and Design Methods for Secure Software Development;" Technical Report No. 2009-562, School of Computing, Queen's University, Kingston, Ontario, Canada, (2009). Available at: http://research.cs.queensu.ca/TechReports/Reports/2009-562.pdf (Accessed: December 2010).
145. Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C., Loingtier, J.-M., Irwin, J.: "Aspect-oriented programming;" In Akşit, M., Matsuoka, S. (Eds.), ECOOP'97-Object-Oriented Programming, LNCS 1241, Springer, Berlin Heidelberg, (1997), 220-242.
146. Kraemer, F.A.: "Engineering Reactive Systems: A Compositional and Model-Driven Method Based on Collaborative Building Blocks;" PhD Thesis, Norwegian University of Science and Technology, (2008).
147. Kraemer, F.A., Slåtten, V., Herrmann, P.: "Tool support for the rapid composition, analysis and implementation of reactive services;" J. Syst. Softw. 82(12), (2009), 2068-2080.
148. Lang, U., Schreiner, R.: "A Flexible, Model-Driven Security Framework for Distributed Systems;" In Proceedings of the IASTED International Conference on Communication, Network, and Information Security (CNIS 2003), New York, USA, (2003).
149. Lang, U., Schreiner, R.: "OpenPMF Security Policy Framework for Distributed Systems;" In Proceedings of the Information Security Solutions Europe (ISSE 2004) Conference, Berlin, Germany, (2004).
150. Lodderstedt, T., Basin, D., Doser, J.: "SecureUML: A UML-based modeling language for model-driven security;" In UML 2002-The Unified Modeling Language: 5th International Conference, Dresden, Germany, Springer, (2002), 426-441.
151. Lodderstedt, T.: "Model driven security from UML Models to Access Control Architectures;" PhD Thesis, University of Freiburg, Germany, (2003). Available at: http://www.freidok.uni-freiburg.de/volltexte/1253/
152. Low, G., Mouratidis, H., Henderson-Sellers, B.: "Using a Situational Method Engineering Approach to Identify Reusable Method Fragments from the Secure TROPOS Methodology;" J. Object Technol. 9(4), (2010), 93-125.
153. Lund, M.S., Solhaug, B., Stølen, K.: "Model-Driven Risk Analysis;" Berlin, Heidelberg: Springer Berlin Heidelberg, (2011).
154. Maña, A., Sánchez-Cid, F., Serrano, D., Muñoz, A.: "Towards Secure Ambient Intelligence Scenarios;" In Proceedings of the 18th International Conference on Software Engineering, Knowledge Engineering (SEKE), San Francisco, CA, (2006), 386-391.
155. Maña, A., Pujol, G.: "Towards Formal Specification of Abstract Security Properties;" In Proceedings of the 3rd International Conference on Availability, Reliability and Security, Washington, DC, USA: IEEE Computer Society, (2008), 80-87.
156. McGraw, G.: "Software security;" IEEE Security & Privacy 2(2), (2004), 80-83.
157. McGraw, Gary: "Software Security: Building Security In;" Addison-Wesley Professional, (2006).
158. Mekerke, F., Georg, G., France, R.: "Tool Support for Aspect-Oriented Design;" In Bruel, J.-M., Bellahsene, Z. (Eds.), Advances in Object-Oriented Information Systems, Springer, Berlin Heidelberg, (2002), 280-289.
159. Meland, P.H., Jensen, J.: "Secure software design in practice;" In Procs. of the 3rd International Conference on Availability, Reliability and Security (ARES). IEEE, (2008), 1164-1171.
160. Memon, M., Hafner, M., Breu, R.: "SECTISSIMO: A Platformindependent Framework for Security Services;" In Modeling Security Workshop In Association with MODELS 2008, Toulouse, France, (2008).
161. Memon, M.: "Security Modeling with Pattern Refinement for a Security-as-a-Service Architecture;" PhD Thesis, University of Innsbruck, Austria, (2011).
162. Menzel, M., Meinel, C.: "A Security Meta-model for Service-Oriented Architectures;" In Procs. of the 2009 IEEE International Conference on Services Computing (SCC), IEEE, (2009), 251-259.
163. Menzel, M., Thomas, I., Meinel, C.: "Security Requirements Specification in Service-Oriented Business Process Management;" In Procs. of the 2009 International Conference on Availability, Reliability and Security (ARES), IEEE, (2009), 41-48.
164. Menzel, M., Meinel, C.: "SecureSOA;" In Procs. of the 2010 IEEE International Conference on Services Computing, IEEE Computer Society, (2010), 146-153.
165. Menzel, M., Warschofsky, R., Meinel, C.: "A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures;" In Procs. of the 2010 IEEE International Conference on Web Services, IEEE, (2010), 243-250.
166. Milojicic, D.S., Kalogeraki, V., Lukose, R., Nagaraja, K., Pruyne, J., Richard, B., Rollins, S., Xu, Z.: "Peer-to-Peer Computing;" Technical Report, HPL-2002-57, HP Labs, (2002).
167. Moriconi, M., Qian, X., Riemenschneider, R.A., Gong, L.: "Secure software architectures;" In Proceedings of the 1997 IEEE Symposium on Security and Privacy, IEEE, (1997), 84-93.
168. Mouheb, D., Talhi, C., Lima, V., Debbabi, M., Wang, L., Pourzandi, M.: "Weaving security aspects into UML 2.0 design models;" In Proceedings of the 13th Workshop on Aspect-Oriented Modeling, Charlottesville, Virginia, USA: ACM, (2009), 7-12.
169. Mouheb, D., Talhi, C., Nouh, M., Lima, V., Debbabi, M., Wang, L., Pourzandi, M.: "Aspect-Oriented Modeling for Representing and Integrating Security Concerns in UML;" In Lee, R. et al. (Eds.), Software Engineering Research, Management and Applications 2010, Springer, Berlin Heidelberg, (2010), 197-213.
170. Mouratidis, H., Giorgini, P., Schumacher, M.: "Security Patterns for Agent Systems;" In Procs. of the 8th European Conference on Pattern Languages of Programs (EuroPLoP), (2003).
171. Mouratidis, H., Giorgini, P.: "Analysing Security in Information Systems;" In Procs. of the 2nd International Workshop on Security In Information Systems (WOSIS), Porto, Portugal, (2004).
172. Mouratidis, H., Giorgini, P., Manson, G.: "When security meets software engineering: a case of modelling secure information systems;" Inf. Syst. 30(8), (2005), 609-629.
173. Mouratidis, H., Giorgini, P.: "Integrating Security and Software Engineering: Advances and Future Vision;" 1st ed., IGI Global, (2006).
174. Mouratidis, H., Weiss, M., Giorgini, P.: "Modelling Secure Systems Using An Agent Oriented Approach and Security Patterns;" Int. J. Softw. Eng. Knowl. Eng. 16(4), (2006), 471-498.
175. Mouratidis, H., Jürjens, J., Fox, J.: "Towards a Comprehensive Framework for Secure Systems Development;" In Dubois, E., Pohl, K. (Eds.), Advanced Information Systems Engineering, Springer, Berlin Heidelberg, (2006), 48-62.
176. Mouratidis, H.: "Secure Information Systems Engineering: A Manifesto;" Int. J. Electron. Secur. Digit. Forensics, 1(1), 27-41.
177. Mouratidis, H., Giorgini, P.: "Secure Tropos: A Security-Oriented Extension of the Tropos methodology;" Int. J. Softw. Eng. Knowl. Eng. 17(2), (2007), 285-309.
178. Mouratidis, H., Giorgini, P.: "Security Attack Testing (SAT)--testing the security of information systems at design time;" Inf. Syst. 32(8), (2007), 1166-1183.
179. Mouratidis, H.: "Secure Tropos: An Agent Oriented Software Engineering Methodology for the Development of Health and Social Care Information Systems;" Int. J. Comput. Sci. Secur. 3(3), (2009), 241-271.
180. Mouratidis, H., Jürjens, J.: "From Goal-Driven Security Requirements Engineering to Secure Design;" Int. J. Intell. Syst. 25(8), (2010), 813-840.
181. Mouratidis, H.: "Secure Software Systems Engineering: The Secure Tropos Approach" (Invited Paper); J. Softw. 6(3), (2011), 331-339.
182. Myagmar, S., Lee, A., Yurcik, W.: "Threat Modeling as a Basis for Security Requirements;" In Proceedings of the 2005 ACM Workshop on Storage Security and Survivability (StorageSS). ACM Press, (2005), 94-102.
183. Naqvi, S., Riguidel, M.: "Security architecture for heterogeneous distributed computing systems;" In Procs. of the 38th Annual International Carnahan Conference on Security Technology, IEEE, (2004), 34-41.
184. Oladimeji, E.A., Supakkul, S., Chung, L.: "A model-driven approach to architecting secure software;" In Proceedings of the International Conference on Software Engineering and Knowledge Engineering, Boston, USA, (2007), 535-551.
185. OWASP: "Comprehensive, Lightweight Application Security Process (CLASP);" (2011), Available at: http://www.owasp.org/index.php/Category:OWASP_CLASP_Project (Accessed 2011).
186. Popp, G., Jürjens, J., Wimmel, G., Breu, R.: "Security-Critical System Development with Extended Use Cases;" In Proceedings of the 10th Asia-Pacific Software Engineering Conference Software Engineering Conference (APSEC), IEEE Computer Society, (2003), 478-487.
187. Ramsin, R., Paige, R.F.: "Process-centered review of object oriented software development methodologies;" ACM Comput. Surv. 40(1), (2008), 1-89.
188. Ray, I., France, R., Na, L., Georg, G.: "An aspect-based approach to modeling access control concerns;" Inf. Softw. Technol. 46(9), (2004), 575-587.
189. Reddy, Y.R., Ghosh, S., France, R.B., Straw, G., Bieman, J.M., McEachen, N., Song, E., Georg, G.: "Directives for Composing Aspect-Oriented Design Class Models;" In Rashid, A., Aksit, M. (Eds.), Transactions on Aspect-Oriented Software Development I, Springer, Berlin Heidelberg, (2006), 75-105.
190. Ren, J., Taylor, R.N.: "A Secure Software Architecture Description Language;" In Procs. of the Workshop on Software Security Assurance Tools, Techniques, and Metrics, in conjunction with the 20th IEEE/ACM Int. Conf. on Automated Software Engineering. Long Beach, California, USA, (2005).
191. Ren, J., Taylor, R., Dourish, P., Redmiles, D.: "Towards an architectural treatment of software security: a connector-centric approach;" ACM SIGSOFT Softw. Eng. Notes 30(4), (2005), 1-7.
192. Ren, Jie: "A Connector-Centric Approach to Architectural Access Control;" PhD Thesis, University of California Irvine, (2006).
193. Reznik, J., Ritter, T., Schreiner, R., Lang, U.: "Model Driven Development of Security Aspects;" Electron. Notes Theor. Comput. Sci. 163(2), (2007), 65-79.
194. Rodriguez, L.C., Mora, M., Vergas-Martin, M., O'Connor, R., Alvarez, F.: "Process Models of SDLCs: Comparison and Evolution;" In M.R. Syed, S.N. Syed (Eds.), Handbook of Research on Modern Systems Analysis and Design Technologies and Applications, IGI Global, (2009), 76-89.
195. Rojas, D.M., Mahdy, A.M.: "Integrating Threat Modeling in Secure Agent-Oriented Software Development;" Int. J. Softw. Eng. 2(3), (2011), 23-36.
196. Rosado, D.G., Gutiérrez, C., Fernández-Medina, E., Piattini, M.: "Security patterns and requirements for internet-based applications;" Internet Res. 16(5), (2006), 519-536.
197. Rosado, D.G., Fernández-Medina, E., López, J., Piattini, M.: "PSecGCM: Process for the development of Secure Grid Computing based Systems with Mobile devices;" In Procs. of the 3rd International Conference on Availability, Reliability and Security (ARES), IEEE, (2008), 136-143.
198. Rosado, D.G., Fernández-Medina, E., López, J., Piattini, M.: "Obtaining Security Requirements for a Mobile Grid System;" Int. J. Grid High Perform. Comput. 1(3), (2009), 1-17.
199. Rosado, D.G., Fernández-Medina, E., López, J.: "Applying a UML Extension to Build Use Cases Diagrams in a Secure Mobile;" In Heuser, C., Pernul, G. (Eds.), Advances in Conceptual Modeling-Challenging Perspectives, Springer Berlin/Heidelberg, (2009), 126-136.
200. Rosado, D.G., Fernández-Medina, E., López, J., Piattini, M.: "Analysis of Secure Mobile Grid Systems: A Systematic Approach;" Inf. Softw. Technol. 52(5), (2010), 517-536.
201. Rosado, D.G., Fernández-Medina, E., López, J., Piattini, M.: "Developing a Secure Mobile Grid System through a UML Extension;" J. Univers. Comput. Sci. 16(17), (2010), 2333-2352.
202. Rosado, D.G., Fernández-Medina, E., López, J.: "Security Services Architecture for Secure Mobile Grid Systems;" J. Syst. Arch. 53(3), (2011), 240-258.
203. Rosado, D.G., Fernández-Medina, E., López, J., Piattini, M.: "Systematic Design of Secure Mobile Grid Systems;" J. Netw. Comput. Appl. 34(4), (2011), 1168-1183.
204. Sachitano, A., Chapman, R.O., Hamilton, J.A.: "Security in software architecture: a case study;" In Proceedings of the 5th Annual IEEE SMC Information Assurance Workshop, IEEE, (2004), 370-376.
205. Sánchez, Ó., Molina, F., García-Molina, J., Toval, A.: "ModelSec: A Generative Architecture for Model-Driven Security;" J. Univers. Comput. Sci. 15(15), (2009), 2957-2980.
206. Sánchez-Cid, F., Maña, A.: "SERENITY Pattern-Based Software Development Life-Cycle;" In Proceedings of the 19th International Conference on Database and Expert Systems Application, Washington, DC, USA: IEEE Computer Society, (2008), 305-309.
207. Sánchez-Cid, F., Maña, A., Spanoudakis, G., Serrano, D., Muñoz, A.: "Representation of Security and Dependability Solutions;" In G. Spanoudakis, A. Maña, S. Kokolakis (Eds.), Security and Dependability for Ambient Intelligence, Springer, (2009), 69-96.
208. Scandariato, R., Yskout, K., Heyman, T., Joosen, W.: "Architecting software with security patterns;" CW Reports, volume CW515, Department of Computer Science, KU Leuven, (2008).
209. Schmidt, D.C.: "Using design patterns to develop reusable object-oriented communication software;" Commun, ACM 38, (1995), 65-74.
210. Schmidt, D.C.: "Model-Driven Engineering;" Comput. 39(2), (2006), 25-31.
211. Schmidt, H.: "A Pattern and Component-Based Method to Develop Secure Software" (PhD Thesis); Baden-Baden, Germany: Deutscher Wissenschafts-Verlag, (2010).
212. Schmidt, H.: "Threat-and Risk-Analysis During Early Security Requirements Engineering;" In Procs. of the 5th International Conference on Availability, Reliability, and Security (ARES), IEEE, (2010), 188-195.
213. Schmidt, H., Hatebur, D., Heisel, M.: "A Pattern-Based Method to Develop Secure Software;" In Mouratidis, H. (Ed.), Software Engineering for Secure Systems: Industrial and Research Perspectives, IGI Global, (2011), 32-74.
214. Schmidt, H., Jürjens, J.: "Connecting Security Requirements Analysis and Secure Design Using Patterns and UMLsec;" In Mouratidis, H., Rolland, C. (Eds.), Advanced Information Systems Engineering, Springer, (2011), 367-382.
215. Schmidt, H., Jürjens, J.: "UMLsec4UML2-adopting UMLsec to support UML2;" Technical Report 838, Technical University of Dortmund, (2011), Available at: http://hdl.handle.net/2003/27602.
216. Schneier, B.: "Attack Trees;" Dr. Dobb's Journal, (1999).
217. Schneider, E.A.: "Security architecture-based system design;" In Proceedings of the 1999 Workshop on New Security Paradigms (NSPW), ACM Press, (1999), 25-31.
218. Schnjakin, M., Menzel, M., Meinel, C.: "A pattern-driven security advisor for service-oriented architectures;" In Proceedings of the 2009 ACM Workshop on Secure Web Services (SWS), ACM Press, (2009), 13-20.
219. Schreiner, R., Lang, U.: "Protection of complex distributed systems;" In Proceedings of the 2008 Workshop on Middleware Security (MidSec), ACM Press, (2008), 7-12.
220. Schumacher, M.: "Security Engineering with Patterns: Origins, Theoretical Models, and New Applications;" 1st ed., Springer, (2003).
221. Schumacher, M., Fernandez, E.B., Hybertson, D., Buschmann, F., Sommerlad, P.: "Security Patterns: Integrating Security and Systems Engineering;" Wiley Series on Software Patterns, 1st ed., Wiley, (2006).
222. SecTro: "SecTro automated modeling tool;" (2011), Available at: http://sectro.securetropos.org/(Accessed 2011).
223. Serrano, D., Maña, A., Sotirious, A.D.: "Towards Precise Security Patterns;" In Procs. of the 19th International Conference on Database and Expert Systems Application (DEXA), Turin, Italy: IEEE, (2008), 287-291.
224. Serrano, D. Maña, A., Llarena, R., Gallego-Nicasio, B., Li, K.: "SERENITY Aware System Development Process;" In Spanoudakis, G., Maña, A., Kokolakis, S. (Eds.), Security and Dependability for Ambient Intelligence, (2009), 165-179.
225. Serrano, D., Ruiz, J.F. Muñoz, A., Maña, A., Armenteros, A., Gallego-Nicasio, B.: "Development of Applications Based on Security Patterns;" In Procs. of the 2nd International Conference on Dependability, Athens, Glyfada, Greece: IEEE, (2009), 111-116.
226. Shaw, M.: "Procedure calls are the assembly language of software interconnection: Connectors deserve first-class status;" In Studies of Software Design, Springer, (1996), 17-32.
227. Shin, M.E., Gomaa, H.: "Software requirements and architecture modeling for evolving non-secure applications into secure applications;" Sci. Comput. Program. 66(1), (2007), 60-70.
228. Spanoudakis, G., Maña, A., Kokolakis, S. (Eds.): "Security and Dependability for Ambient Intelligence;" Springer, (2009).
229. Steel, C., Nagappan, R., Lai, R.: "Core Security Patterns: Best Practices and Strategies for J2EE(TM), Web Services, and Identity Management;" Prentice Hall, (2005).
230. Straw, Greg et al.: "Model Composition Directives;" In Baar, T. et al. (Eds.), In UML 2004-The Unified Modeling Language. Modelling Languages and Applications. Springer, Berlin Heidelberg, (2004), 84-97.
231. Swiderski, F., Snyder, W.: "Threat Modeling;" 1st ed., Microsoft Press, (2004).
232. Talhi, C., Mouheb, D., Lima, V., Debbabi, M., Wang, L., Pourzandi, M.: "Usability of Security Specification Approaches for UML Design: A Survey;" J. Object Technol. 8(6), (2009), 103-122.
233. Taylor, R.N., Medvidovic, N., Dashofy, E.M.: "Software Architecture: Foundations, Theory, and Practice;" Wiley, (2010).
234. Tryfonas, T., Kiountouzis, E., Poulymenakou, A.: "Embedding security practices in contemporary information systems development approaches;" Inf. Manag. Comput. Secur. 9(4), (2001), 183-197.
235. Uzunov, A.V., Fernandez, E.B.: "An Extensible Pattern-based Library and Taxonomy of Security Threats for Distributed Systems;" submitted for publication, (n.d.).
236. Uzunov, A.V., Fernandez, E.B., Falkner, K.: "Securing distributed systems using patterns: A survey;" Comput. Secur. 31(5), (2012), 681-703.
237. Uzunov, A.V., Falkner, K., Fernandez, E.B.: "A Comprehensive Pattern-Oriented Approach to Engineering Security Methodologies;" submitted for publication, (n.d.).
238. Uzunov, A.V., Fernandez, E.B., Falkner, K.: "A Software Engineering Approach to Authorization in Distributed, Collaborative Systems using Security Patterns and Security Solution Frames;" submitted for publication, (n.d.).
239. VanHilst, M., Fernandez, E.B., Braz, F.: "A Multi-dimensional Classification for Users of Security Patterns;" J. Res. Pract. Inf. Technol. 41(2), (2009), 87-97.
240. Vaquero-Gonzalez, L.M., Rodero-Merino, L., Caceres, J., Lindner, M.: "A break in the clouds: towards a Cloud definition;" ACM SIGCOMM Comput. Commun. Rev. 39(1), (2009), 50-55.
241. Villarroel, R., Fernández-Medina, E., Piattini, M: "Secure information systems development-a survey and comparison;" Comput. Secur. 24(4), (2005), 308-321.
242. Wagner, R., Fontoura, L.M., Fontoura, A.B.: "Using security patterns to tailor software process;" In Proceedings of the 23rd International Conference on Software Engineering and Knowledge Engineering (SEKE). Miami, FL, USA: Knowledge Systems Institute Graduate School, (2011), 672-677.
243. Washizaki, H, Fernandez, E.B., Maruyama, K., Kubo, A., Yoshioka, N.: "Improving the Classification of Security Patterns;" In Procs. of the 2009 International Workshop on Database and Expert Systems Applications, (2009), 165-170.
244. Whitmore, J.J.: "A method for designing secure solutions;" IBM Syst. J. 40(3), (2001), 747-768.
245. [Whyte and Harrison 2011] Whyte, B., Harrison, J.: "State of Practice in Secure Software: Experts' Views on Best Ways Ahead;" In Mouratidis, H. (Ed.), Software Engineering for Secure Systems, IGI Global, (2011), 1-14.
246. Wooldridge, M.: "Agent-based software engineering;" IEEE Proc. Softw. 144(1), (1997), 26-37.
247. Yoder, J., Barcalow, J.: "Architectural patterns for enabling application security;" In Procs. of the 4th Conference on Patterns Languages of Programs (PLoP), Monticello, Illinois, (1997).
248. Yskout, K., Heyman, T., Scandariato, R., Joosen, W.: "A system of security patterns;" CW Reports vol. CW469, Dept. of Computer Science, KU Leuven, (2006).
249. Yskout, K., Heyman, T., Scandariato, R., Joosen, W.: "Security patterns: 10 years later;" CW Reports vol. CW514, Dept. of Computer Science, KU Leuven, (2008).
250. Yu, H., He, X., Gao, S., Deng, Y.: "Formal Software Architecture Design of Secure Distributed Systems;" In Proceedings of the 15th International Conference on Software Engineering and Knowledge Engineering (SEKE), (2003), 450-457.
251. Yu, H., He, X., Deng, Y., Mo, L.: "A formal approach to designing secure software architectures;" In Procs. of the 8th IEEE International Symposium on High Assurance Systems Engineering (HASE), IEEE Computer Society, (2004), 289-290.
252. Yu, H., Liu, D., He, X., Yang, L., Gao, S.: "Secure software architectures design by aspect orientation;" In Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS), IEEE, (2005), 47-55.
253. Zhang, Q., Cheng, L., Boutaba, R.: "Cloud computing: state-of-the-art and research challenges;" J. Internet Serv. Appl. 1(1), (2010), 7-18.