Applying Security Design Analysis to a service‐based system

Risk analysis is the only effective way of making value judgments about the need for security. Established analysis methods apply to whole operational systems, taking a necessarily holistic view of security, but this makes them difficult to integrate into the design process for service‐based applications, where design and implementation are independent of operational deployment. However, the most costly mistakes occur early in the development lifecycle, and effective security can be difficult to retrofit, motivating the need for early security analysis. This paper describes SeDAn (Security Design Analysis), a security risk analysis framework that is adapted for use in the design phase of service‐based systems, and its application to a significant Grid‐based project (Distributed Aircraft Maintenance Environment—DAME). The complete lifecycle of the risk analysis is described, and the effectiveness of the process in identifying design defects validates both the need for, and the effectiveness of, this type of analysis. Copyright © 2005 John Wiley & Sons, Ltd.

[1]  Bruce Schneier,et al.  Beyond fear - thinking sensibly about security in an uncertain world , 2003 .

[2]  Lawrence Chung,et al.  Dealing with Security Requirements During the Development of Information Systems , 1993, CAiSE.

[3]  Edward Roback,et al.  SP 800-12. An Introduction to Computer Security: the NIST Handbook , 1995 .

[4]  A. Antón,et al.  Strategies for Developing Policies and Requirements for Secure Electronic Commerce Systems , 2000 .

[5]  John Mylopoulos,et al.  Representing and Using Nonfunctional Requirements: A Process-Oriented Approach , 1992, IEEE Trans. Software Eng..

[6]  Ketil Stølen,et al.  The CORAS methodology: model-based risk assessment using UML and UP , 2003 .

[7]  Jim Austin,et al.  Delivering a Grid enabled Distributed Aircraft Maintenance Environment ( DAME ) , 2003 .

[8]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.

[9]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[10]  Bashar Nuseibeh,et al.  A framework for security requirements engineering , 2006, SESS '06.

[11]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[12]  Julio Cesar Sampaio do Prado Leite,et al.  Using UML to reflect non-functional requirements , 2001, CASCON.

[13]  日本規格協会 情報セキュリティマネジメントシステム : 仕様及び利用の手引 : 英国規格 : BS7799-2:2002 = Information security management systems : specification with guidance for use : british standards : BS 7799-2:2002 , 2002 .

[14]  Jochen Ludewig,et al.  Simulation in software engineering training , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[15]  Martyn Fletcher,et al.  Applying Security Risk Analysis to a Service-Based System , 2004 .

[16]  Martin Fowler,et al.  Refactoring - Improving the Design of Existing Code , 1999, Addison Wesley object technology series.

[17]  Lawrence Chung,et al.  Dealing with Non-Functional Requirements: Three Experimental Studies of a Process-Oriented Approach , 1995, 1995 17th International Conference on Software Engineering.

[18]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[19]  R. V. van Nieuwpoort,et al.  The Grid 2: Blueprint for a New Computing Infrastructure , 2003 .

[20]  Brian Ritchie,et al.  Model based security risk analysis for web applications: the CORAS approach , 2002 .