Information Technology Reference
In-Depth Information
requirements analysis and design, and existing approaches only provide informal
guidelines for the transition from security requirements to design. Carrying out
the transition manually at the hand of these guidelines is highly non-trivial and
error-prone, which leaves the risk of inadvertently introducing vulnerabilities in
the process. Ultimately, this would lead to the security requirements not to be
enforced in the system design (and later its implementation).
This paper presents an integrated and pattern-oriented approach connecting
security requirements analysis and secure architectural design. We use a security
requirement analysis method [14] that makes extensive use of different kinds of
patterns for structuring, characterizing, analyzing, and finally realizing security
requirements. We extend this approach by
architectural security patterns
to con-
struct
platform-independent secure software architectures
that realize previously
specified security requirements. We specify structural and behavioral views of
these architectural security patterns using
UML
1
(
Unified Modeling Language
)
class diagrams
,
composite structure diagrams
,and
sequence diagrams
.Wean-
notate these diagrams based on an improved version of the security extension
UMLsec
[8] named
UMLsec4UML2
[15] to represent results from security re-
quirements analysis in the architectural security patterns. More specifically, we
apply the advanced modeling possibilities of UML2.3 and UMLsec4UML2 to
architectural design to construct the architectural security patterns presented
in this paper. Moreover, our approach allows the tool-supported analysis of in-
stances of these patterns with respect to security.
The rest of the paper is organized as follows: we present background about
the patterns for security requirements engineering in Sect. 2. In Sect. 3, we first
give an overview of the UMLsec4UML2-profile that adopts UMLsec to support
UML2.3. Then, we use this profile to specify security patterns for software com-
ponents and architectures. Furthermore, we generally discuss the application of
these patterns yielding global secure software architectures. In Sect. 4, we vali-
date our approach using two case studies and illustrate its support for Common
Criteria certifications. We consider related work in Sect. 5. In Sect. 6, we give a
summary and directions for future research.
2 Pattern-Oriented Security Requirements Analysis
SEPP
(
Security Engineering Process using Patterns
) (see [14] for a comprehen-
sive overview) is a pattern-based approach to construct secure software systems
that especially deals with the early software development phases. SEPP makes
use of
security problem frames
(SPF) and
concretized security problem frames
(CSPF), which constitute
patterns
for security requirements analysis. (C)SPFs
are inspired by
problem frames
invented by Jackson [7] for functional require-
ments. SPFs are patterns for structuring, characterizing, and analyzing prob-
lems that occur frequently in secure software engineering. Following the divide
& conquer principle, SPFs are used to decompose an initially large software de-
velopment problem into smaller subproblems. Then, for each instantiated SPF,
1
http://www.omg.org/spec/UML/2.3/Superstructure/PDF/
