论文信息 - An Approach : Constructing the Grammar from Security Pattern

An Approach : Constructing the Grammar from Security Pattern

Security requirement is one of essential requirements for the currently information system. Since, the system without security is risk to attack or fail. Consequently, stakeholders and developers must concern with security requirements. However, the security requirement is rather difficult to define correctly and completely because it requires experience and knowledge from stakeholders and developers with security background. In order to avoid the miss-configuration of system from requirements that gather from stakeholders. One of alternative solutions is security patterns which are guidance that include security requirements of a common security system. We propose an approach to construct a grammar in an extended-BNF form which helps to create security requirements of a system. A prototyping tool based on our proposed grammar is also presented.

K. Supaporn | N. Prompoon | Thongchai Rojkangsadan | Nakornthip Prompoon

[1] Ralph Johnson,et al. design patterns elements of reusable object oriented software , 2019 .

[2] Joseph W. Yoder,et al. Architectural Patterns for Enabling Application Security , 1998 .

[3] Eric Maiwald,et al. Security Planning & Disaster Recovery , 2002 .

[4] Markus Schumacher,et al. Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.

[5] Donald Firesmith. Analyzing and Specifying Reusable Security Requirements , 2003 .

[6] Peter Sommerlad,et al. Security Patterns: Integrating Security and Systems Engineering , 2006 .

[7] Nancy R. Mead,et al. Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[8] Paul Montague,et al. Translation of Rights Expressions , 2005, ACSW.

[9] Robin A. Gandhi,et al. Building problem domain ontology from security requirements in regulatory documents , 2006, SESS '06.

[10] Bashar Nuseibeh,et al. A framework for security requirements engineering , 2006, SESS '06.

[11] Mira Mezini,et al. Pi: a Pattern Language , 2009, OOPSLA.