Information Technology Reference
In-Depth Information
6 Conclusions and Future Work
We presented in this paper a novel
pattern-oriented
and
tool-supported
approach
to bridge the gap between security requirements analysis and secure architectural
design. Its main benefit is that the construction of global secure software archi-
tectures based on results from security requirements engineering becomes more
feasible, systematic, less error-prone, and a more routine engineering activity.
In the future, we plan to develop new UMLsec4UML2 stereotypes to specify
assumptions and facts about the operational environment of the software. More-
over, we intend to develop patterns that support the systematic composition of
different GSA instances thereby preserving the associated security requirements.
References
[1] Bryl, V., Massacci, F., Mylopoulos, J., Zannone, N.: Designing security require-
ments models through planning. In: Martinez, F.H., Pohl, K. (eds.) CAiSE 2006.
LNCS, vol. 4001, pp. 33-47. Springer, Heidelberg (2006)
[2] Choppy, C., Hatebur, D., Heisel, M.: Component composition through architec-
tural patterns for problem frames. In: Proceedings of the Asia Pacific Software
Engineering Conference (APSEC), pp. 27-34. IEEE Computer Society, Washing-
ton, DC, USA (2006)
[3] Giorgini, P., Mouratidis, H.: Secure tropos: A security-oriented extension of the
tropos methodology. International Journal of Software Engineering and Knowl-
edge Engineering 17(2), 285-309 (2007)
[4] Hall, J.G., Jackson, M., Laney, R.C., Nuseibeh, B., Rapanotti, L.: Relating soft-
ware requirements and architectures using problem frames. In: Proceedings of
the IEEE International Requirements Engineering Conference (RE), pp. 137-144.
IEEE Computer Society, Los Alamitos (2002)
[5] Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: An analysis of the security
patterns landscape. In: Proceedings of the International Workshop on Software
Engineering for Secure Systems (SESS), pp. 3-10. IEEE Computer Society, Los
Alamitos (2007)
[6] Heyman, T., Yskout, K., Scandariato, R., Schmidt, H., Yu, Y.: The security twin
peaks. In: Erlingsson, U., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS,
vol. 6542, pp. 167-180. Springer, Heidelberg (2011)
[7] Jackson, M.: Problem Frames. In: Analyzing and structuring software develop-
ment problems. Addison-Wesley, Reading (2001)
[8] Jurjens, J.: Principles for Secure Systems Design. PhD thesis, University of Oxford
(2002)
[9] Massacci, F., Mylopoulos, J., Zannone, N.: An Ontology for Secure Socio-
Technical Systems. Information Science Reference. In: Ontologies for Business
Interaction, pp. 188-207 (2007)
[10] Mouratidis, H., Jurjens, J.: From goal-driven security requirements engineering
to secure design. International Journal of Intelligent Systems - Special issue on
Goal-Driven Requirements Engineering 25(8), 813-840 (2010)
[11] Perez-Martınez, J.E., Sierra-Alonso, A.: UML 1.4 versus UML 2.0 as languages
to describe software architectures. In: Oquendo, F., Warboys, B.C., Morrison, R.
(eds.) EWSA 2004. LNCS, vol. 3047, pp. 88-102. Springer, Heidelberg (2004)
