Information Technology Reference
In-Depth Information
Connecting Security Requirements Analysis and
Secure Design Using Patterns and UMLsec
Holger Schmidt
1
and Jan Jurjens
1
,
2
1
Software Engineering, Department of Computer Science, TU Dortmund, Germany
2
Fraunhofer ISST, Germany
{
holger.schmidt,jan.jurjens
}
@cs.tu-dortmund.de
Abstract.
Existing approaches only provide informal guidelines for the
transition from security requirements to secure design. Carrying out this
transition is highly non-trivial and error-prone, leaving the risk of intro-
ducing vulnerabilities.
This paper presents a
pattern-oriented
approach to connect
security
requirements analysis
and
secure architectural design
. Following the di-
vide & conquer principle, a software development problem is divided
into simpler subproblems based on
security requirements analysis pat-
terns
. We complement each of these patterns with
architectural security
patterns
tailored to solve classes of security subproblems. We use
UMLsec
together with the advanced modeling possibilities for software architec-
tures of UML 2.3 to equip the architectural security patterns with se-
curity properties, and to allow
tool-supported
analysis and composition
of instances of these patterns. We validate our approach using two case
studies and illustrate its support for Common Criteria certifications.
Keywords:
security requirement, secure design, architectural pattern.
1
Introduction
When building
secure systems
, it is instrumental to take
security requirements
into account right from the beginning of the development process to reach the
best possible match between the expressed requirements and the developed soft-
ware product, and to eliminate any source of error as early as possible. Knowing
that building secure systems is a highly sensitive process, it is important to
reuse
the experience of commonly encountered challenges in this field. This idea
of using
patterns
has proved to be of value in software engineering, and it is
also a promising approach in
secure software engineering
.Moreover,
tool support
greatly increases the practical applicability of secure software engineering ap-
proaches. Tools not only guide software developers in their daily activities, they
also help to make the construction of complex secure systems feasible and less
error-prone.
In fact, there already exist a number of approaches to security requirements
analysis and secure design. Although this can be considered a positive develop-
ment, the different approaches are mostly not integrated with each other. In par-
ticular, relatively little work has been done on bridging the gap between security