Building Secure Systems Using a Security Engineering Process and Security Building Blocks

In today’s software development process, security related design decisions are rarely made early in the overall process. Even if security is considered early, this means that in most cases a more-or-less encompassing security requirements analysis is made. Based on this analysis best-practices, ad-hoc design decisions or individual expertise is used to integrate security during the development process or after weaknesses are found after the deployment. This paper explains the SecFutur security engineering process with a focus on Security Building Block Models which are used to build security related components, namely Security Building Blocks. These Security Building Blocks represent concrete security solutions and can be accessed via SecFutur patterns on the level of domain-specific models for particular application domains. The goal of this approach is to provide already defined and tested security related software components, which can be used early in the overall development process, to support security-design-decision already while modeling the software-system. Security Building Blocks are discussed in the context of the SecFutur Security Engineering Process with its requirement analysis and definition of security properties.

[1]  Bertrand Meyer,et al.  Applying 'design by contract' , 1992, Computer.

[2]  Jose Fran. Ruiz,et al.  A security-focused engineering process for systems of embedded components , 2011, S&D4RCES '11.

[3]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[4]  Wouter Joosen,et al.  Architecting software with security patterns , 2008 .

[5]  Markus Schumacher,et al.  Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.

[6]  Siani Pearson Trusted Computing Platforms , the Next Security Solution , 2002 .

[7]  Chris I. Dalton,et al.  Trusted Computing Platforms , 2014, Springer International Publishing.

[8]  Carlos Gershenson,et al.  Information and Computation , 2013, Handbook of Human Computation.

[9]  Luca Cardelli,et al.  A Semantics of Multiple Inheritance , 1984, Inf. Comput..

[10]  Haralambos Mouratidis,et al.  Security Patterns for Agent Systems , 2003 .

[11]  Hans Albrecht Schmid,et al.  Software Reuse through Building Blocks , 1987, IEEE Software.

[12]  Ahmad-Reza Sadeghi,et al.  Patterns for Secure Boot and Secure Storage in Computer Systems , 2010, 2010 International Conference on Availability, Reliability and Security.