A methodology to develop secure systems using patterns

Integrating Security and Software Engineering: Advances and Future Visions

Volumn , Issue , 2006, Pages 107-126

  Fernandez, E B ^a   Larrondo Petrie, M M ^b   Sorgente, T ^a   Vanhilst, M ^a  

^a Florida Atlantic Univ   (United States)

^b FLORIDA ATLANTIC UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84899175349     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.4018/978-1-59904-147-6.ch005     Document Type: Chapter

References (55)

1. Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., & Stal, M. (1996). Pattern-oriented software architecture: A system of patterns (Vol. 1). Wiley.
2. CERT Coordination Center Statistics. (2005). http://www.cert.org/stats/cert_stats.html
3. Curphey, M. (2004, October). Software security testing: Let's get back to basics. Software Magazine. Retrieved from http://www.softwaremag.com/L.cfm?Doc=2004-09software-security-testing
4. Delessy-Gassant, N., Fernandez, E. B., Rajput, S., & Larrondo-Petrie, M. M. (2004). Patterns for application firewalls. Proceedings of the Pattern Languages of Programs Conference (PLoP2004). Retrieved from http://hillside.net/plop/2004/
5. th International Workshop on Database and Expert Systems Applications (pp. 837-841). Retrieved from http://www.cse.fau.edu/~ed/Coordinationsecurity4.pdf
6. Fernandez, E. B. (2003, May 10-15). Layers and non-functional patterns. Proceedings of ChiliPLoP, 2003. Phoenix, AZ. Retrieved from http://hillside.net/chiliplop/2003/
7. Fernandez, E. B. (2004, June 21-24). A methodology for secure software design. Proceedings 2004 International Conference on Software Engineering Research and Practice (SERP'04), (pp. 130-136). Las Vegas, NV.
8. st IEEE International Conference on Eng. of Complex Computer Systems (pp. 342-348). Fort Lauderdale, FL.
9. Fernandez, E. B., Gudes, E., & Olivier, M. (2006). The design of Secure Systems. Addison-Wesley.
10. nd ACM Workshop on Role-Based Access Control (pp. 121-125). ACM. Retrieved from http://www.cse.fau.edu/~ed/RBAC.pdf
11. Fernandez, E. B., Larrondo-Petrie, M. M., Sorgente, T., & VanHilst, M. (2006). UML-based access control models. Submitted for publication.
12. Fernandez, E. B., & Pan, R. (2001). A pattern language for security models. Proceedings of PLoP 2001. Retrieved from http://jerry.cs.uiuc.edu/~plop/plop2001/accepted_submissions
13. rd International Workshop on Security in Information Systems (WOSIS-2005), (pp. 207-216), Miami, FL.
14. Fernandez, E. B., VanHilst, M., Larrondo-Petrie, M. M., & Huang, S. (2006, August 20-25). Defining security requirements through misuse actions. Accepted for hte International Workshop on Advanced Software Engineering (IWASE 2006), Santiago, Chile.
15. Fernandez, E. B., & Yuan, X. (1999). An analysis pattern for reservation and use of entities. Proceedings of PLoP99. Retrieved from http://st-www.cs.uiuc.edu/~plop/plop99
16. th International Conference on Conceptual Modeling, ER2000 (pp. 183-195). Retrieved from http://www.cse.fau.edu/~ed/SAPpaper2.pdf
17. Fowler, M. (1997). Analysis patterns: Reusable object models. Addison-Wesley.
18. Georg, G., France, R., & Ray, I. (2003). Creating security mechanism aspect models from abstract security aspect models. Proceedings Workshop on Critical Systems Development with UML.
19. Gramm-Leach-Bliley Act. (1999, November). Senate Banking Committee. Retrieved from http://www.senate.gov/~banking/conf/fincon.pdf
20. rd International Conference on Aspect-Oriented Software Development (AOSD'04). ACM.
21. Hamza, H. S., & Fayad, M. E. (2004). The negotiation analysis pattern. Proceedings of the Pattern Languages of Programs Conference (PLoP2004). Retrieved from http://hillside.net/plop/2004/
22. He, Q., & Anton, A. I. (2004). Deriving access control policies from requirements specifications and database design. North Carolina State University CS Tech. Rept. TR-2004-24.
23. HIPAA. http://www.hipaa.org
24. Hoglund, G., & McGraw, G. (2004). Exploiting software. Addison-Wesley.
25. nd ed.). Microsoft Press.
26. Koch, M., & Parisi-Presicce, F. (2002). Access control policy specification in UML. Proceedings of Critical Systems Development with UML, Satellite Workshop of UML 2002 (pp. 63-78). UM-I0208.
27. Konrad, S., Cheng, B. H. C., Campbell, L. A., & Wassermann, R. (2003). Using security patterns to model and analyze security requirements. Proceedings of the International Workshop on Requirements for High Assurance Systems, RHAS'03 (pp. 13-22).
28. Koved, L., Nadalin, A., Nagarathan, N., Pistoia, M., & Schrader, T. (2001). Security challenges for Enterprise Java in an e-business environment. IBM Systems Journal, 40(1), 130-152.
29. rd ed.). Prentice-Hall.
30. Liu, L., Yu, E., & Mylopoulos, J. (2003, September). Security and privacy requirements analysis within a social setting. Proceedings of the International Conference on Requirements Engineering (RE'03), Monterey, CA.
31. McGregor, J., & Sykes, D. (2001). A practical guide to testing object-oriented software. Addison-Wesley.
32. nd International Workshop on Security in Information Systems at ICEIS 2004, Porto, Portugal.
33. th Conference on Advanced Information Systems (CAiSE'03).
34. Mouratidis, H., Giorgini, P., & Manson, G. (2004). Using security attack scenarios to analise security during information systems design. Proceedings of ICEIS 2004.
35. Neumann, P. G. (1993, May). The role of software engineering. Communications of the ACM, 36(5), 114.
36. The OWASP Testing Project. (2004). Retrieved from http://www.modsecurity.org/archive/OWASPTesting_phaseOne.pdf
37. rd ed.). Prentice-Hall.
38. Ray, I., France, R. B., Li, N., & Georg, G. (2004, July). An aspect-based approach to modeling access control concerns. Journal of Information and Software Technology, 46(9), 575-587.
39. Saltzer J. H., & Schroeder, M. D. (1975). The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1278-1308. Retrieved from http://web.mit.edu/Saltzer/www/publications/protection/index.html
40. Sarbanes-Oxley Act of 2002. (2002, January). One Hundred Seventh Congress of the United States of America. Retrieved from http://news.findlaw.com/hdocs/docs/gwbush/sarbanesoxley072302.pdf
41. Schneier, B. (1999, December). Attack trees. Dr. Dobb's Journal, 21-29.
42. Schumacher, M. (2003). Security engineering with patterns. PhD Thesis, Lecture Notes in Computer Science. LNCS 2754. Springer-Verlag.
43. Schumacher, M., & Roedig, U. (2001). Security engineering with patterns. Proceedings of the PLoP 2001 Conference.
44. Schumacher, M., Fernandez, E. B., Hybertson, D., Buschmann, F., & Sommerlad, P. (2006). Security patterns. John Wiley & Sons.
45. Sorgente, T., & Fernandez, E. B. (2004). Analysis patterns for patient treatment. Proceedings of PLoP 2004. Retrieved from http://jerry.cs.uiuc.cs.uiuc.edu/~plop/plop2004/accepted_submissions
46. Steffan J., & Schumacher, M. (2002). Collaborative attack modeling. Proceedings of SAC 2002, Madrid, Spain. Retrieved from http://www.ito.tu-darmstadt.de/publs/pdf/sac2002.pdf
47. Trusted Computing Group, Infrastrcure Work Group. Retrieved from https://www.trustedcomputinggroup.org/groups/infrastructure
48. th International Conference on Software Engineering (pp. 148-157). Edinburgh: ACM-IEEE.
49. Vetterling, M., & Wimmel, G. (2002, November) Secure systems development based on the common criteria: The PaIME project. Proceedings of ACM SIGSOFT 2002/FSE-10.
50. Viega, J. (2005, May). Building security requirements with CLASP. Proceedings of the 2005 Workshop on Software Engineering for Secure Systems & Mdash; Building Trustworthy Applications, SESS'05, St. Louis, MO (pp. 1-7). New York: ACM Press. Retrieved from http://doi.acm.org/10.1145/1083200.1083207
51. Viega, J., & McGraw, G. (2001). Building secure software: How to avid security problems the right way. Addison-Wesley.
52. nd ed.). Addison-Wesley.
53. Whitmore, J. J. (2001). A method for designing secure solutions. IBM Systems Journal, 40(3), 747-768. Retrieved from http://www.research.ibm.com/journal.sj
54. Yuan, X., & Fernandez, E. B. (2003). An analysis pattern for course management. Proceedings of EuroPLoP 2003. Retrieved from http://hillside.net/europlop
55. Zuccato, A. (2004). Holistic security requirement engineering for electronic commerce. Computers & Security, 23, 63-76.