Security patterns and requirements for internet-based applications

Purpose – The purpose of this paper is that of linking security requirements for web services with security patterns, both at the architectural and the design level, obtaining in a systematic way a web services security software architecture that contains a set of security patterns, thus ensuring that the security requirements of the internet‐based application that have been elicited are fulfilled. Additionally, the security patterns are linked with the most appropriate standards for their implementation.Design/methodology/approach – To develop secure WS‐based applications, one must know the main security requirements specified that applications have to fulfil and find appropriate security patterns that assure, through combination or relationships between them, the fulfilment of the implicated security requirements. That is why a possible link or connection between requirements and patterns will have to be found, attempting to select for a determined security requirement the best security patterns that so...

[1]  Donald Firesmith,et al.  Specifying Reusable Security Requirements , 2004, J. Object Technol..

[2]  Mario Piattini,et al.  Web services enterprise security architecture: a case study , 2005, SWS '05.

[3]  Max Jacobson,et al.  A Pattern Language: Towns, Buildings, Construction , 1981 .

[4]  Giovanni Della-Libera,et al.  Web Services Trust Language (WS-Trust) , 2002 .

[5]  Murray Silverstein,et al.  A Pattern Language , 1977 .

[6]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[7]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture: A System of Patterns: John Wiley & Sons , 1987 .

[8]  B. F. Castro Buschmann, Frank; Meunier, Regine; Rohnert, Hans; Sommerlad, Peter; Stal, Michael. Pattern-oriented software architecture: a system of patterns, John Wiley & Sons Ltd, 1996 , 1997 .

[9]  Jay Ramachandran,et al.  Designing Security Architecture Solutions , 2002 .

[10]  Mario Piattini,et al.  Web Services Security: Is the Problem Solved? , 2004, Inf. Secur. J. A Glob. Perspect..

[11]  Francisco Curbera,et al.  Web Services: Why and How , 2001 .

[12]  Zhang Yazhong XML Key Management Specification , 2004 .

[13]  Donald Firesmith,et al.  Engineering Security Requirements , 2003, J. Object Technol..

[14]  Javier López,et al.  A metadata-based access control model for web services , 2005, Internet Res..

[15]  Paul Ashley,et al.  E-P3P privacy policies and privacy authorization , 2002, WPES '02.

[16]  Jerry Schwarz,et al.  Security Challenges, Threats and Countermeasures Version 1.0 , 2005 .

[17]  Sami Lehtonen,et al.  Pattern Language for Cryptographic Key Management , 2002, EuroPLoP.