The ISDF Framework: Integrating Security Patterns and Best Practices

The rapid growth of communication and globalization has changed the software engineering process. Security has become a crucial component of any software system. However, software developers often lack the knowledge and skills needed to develop secure software. Clearly, the creation of secure software requires more than simply mandating the use of a secure software development lifecycle, the components produced by each stage of the lifecycle must be correctly implemented for the resulting system to achieve its intended goals. In this paper, we demonstrate that a more effective approach to the development of secure software can result from the integration of carefully selected security patterns into appropriate stages of the software development lifecycle to ensure that security designs are correctly implemented. The goal of this work is to provide developers with an Integrated Security Development Framework (ISDF) that can assist them in building more secure software intuitively.

[1]  Till Dörges,et al.  From security patterns to implementation using petri nets , 2008, SESS '08.

[2]  Jan Jürjens,et al.  Overview of the 3 rd International Workshop on Software Patterns and Quality ( SPAQu ’ 09 ) , 2009 .

[3]  FrazerKen Building secure software , 2002 .

[4]  Michael Howard,et al.  Inside the Windows Security Push , 2003, IEEE Secur. Priv..

[5]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[6]  Gary Mcgraw Software security , 2004, IEEE Security & Privacy Magazine.

[7]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[8]  Axelle Apvrille,et al.  Secure software development by example , 2005, IEEE Security & Privacy Magazine.

[9]  Eduardo B. Fernández,et al.  A Methodology for Secure Software Design , 2004, Software Engineering Research and Practice.

[10]  Michael Howard,et al.  The security development lifecycle : SDL, a process for developing demonstrably more secure software , 2006 .

[11]  Max Jacobson,et al.  A Pattern Language: Towns, Buildings, Construction , 1981 .

[12]  Thomas Heyman,et al.  An Analysis of the Security Patterns Landscape , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[13]  Ralph E. Johnson,et al.  Organizing Security Patterns , 2007, IEEE Software.

[14]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[15]  S.T. Redwine,et al.  Processes for producing secure software , 2004, IEEE Security & Privacy Magazine.

[16]  Hironori Washizaki,et al.  A survey on security patterns , 2008 .

[17]  Maritta Heisel,et al.  Security Engineering Using Problem Frames , 2006, ETRICS.

[18]  Michael Howard,et al.  Building More Secure Software with Improved Development Processes , 2004, IEEE Secur. Priv..

[19]  Marius Iulian Mihailescu,et al.  Security Design Patterns , 2010 .

[20]  Eduardo B. Fernandez,et al.  A pattern language for security models , 2001 .