Validating Security Design Pattern Applications by Testing Design Models

Software developers are not necessarily security experts, confirming potential threats and vulnerabilities at an early stage of the development process (e.g., in the requirementand design-phase) is insufficient. Additionally, even if designed software considers security at an early stage, whether the software really satisfies the security requirements must be confirmed. To realize secure design, this work proposes an application to validate security patterns using model testing. Its method provides extended security patterns, which include requirementand design-level patterns as well as a new model testing process using these patterns. After a developer specifies threats and vulnerabilities in the target system during an early stage of development, this method can validate whether the security patterns are properly applied and assess if these vulnerabilities are resolved. Validating Security Design Pattern Applications by Testing Design Models

[1]  Yun Jiang,et al.  Formal Analysis for Network Security Properties on a Trace Semantics , 2008, 2008 International Conference on Advanced Computer Theory and Engineering.

[2]  Byoungju Choi,et al.  Performance testing based on test-driven development for mobile applications , 2009, ICUIMC '09.

[3]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[4]  Martin Gogolla,et al.  USE: A UML-based specification environment for validating UML and OCL , 2007, Sci. Comput. Program..

[5]  Nobukazu Yoshioka,et al.  Misuse Cases + Assets + Security Goals , 2009, 2009 International Conference on Computational Science and Engineering.

[6]  Ralph E. Johnson,et al.  Organizing Security Patterns , 2007, IEEE Software.

[7]  Jing Dong,et al.  Automated verification of security pattern compositions , 2010, Inf. Softw. Technol..

[8]  Nobukazu Yoshioka,et al.  Effective Security Impact Analysis with Patterns for Software Enhancement , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[9]  Barry W. Boehm,et al.  Discipline and practices of TDD: (test driven development) , 2003, OOPSLA '03.

[10]  Qing Li,et al.  Unified Modeling Language , 2009 .

[11]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[12]  Thomas Heyman,et al.  An Analysis of the Security Patterns Landscape , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).