论文信息 - Using Security Patterns to Model and Analyze Security Requirements

Using Security Patterns to Model and Analyze Security Requirements

Recently, there has been growing interest in identifying patterns for the domain of system security, termed security patterns. Currently, those patterns lack comprehensive structure that conveys essential information inherent to security engineering. This paper describes research into investigating an appropriate template for security patterns that is tailored to meet the needs of secure systems development. In order to maximize comprehensibility, we make use of well-known notations such as the Unified Modeling Language (UML) to represent structural and behavioral information. Furthermore, we investigate how verification of requirements properties can be enabled by adding formal constraints to the patterns.

[1] George S. Avrunin,et al. Property specification patterns for finite-state verification , 1998, FMSP '98.

[2] Joseph W. Yoder,et al. Architectural Patterns for Enabling Application Security , 1998 .

[3] Betty H. C. Cheng,et al. A general framework for formalizing UML with formal languages , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[4] Eduardo B. Fernandez,et al. A pattern language for security models , 2001 .

[5] Ken Frazer,et al. Building secure software: how to avoid security problems the right way , 2002, SOEN.

[6] B. Cheng,et al. Security Patterns , 2003 .

[7] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[8] Gerard J. Holzmann,et al. The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[9] D. Elliott Bell,et al. Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[10] Betty H. C. Cheng,et al. Automatically Detecting and Visualising Errors in UML Diagrams , 2002, Requirements Engineering.

[11] Ralph Johnson,et al. design patterns elements of reusable object oriented software , 2019 .

[12] Martin Fowler,et al. Analysis patterns - reusable object models , 1996, Addison-Wesley series in object-oriented software engineering.

[13] Markus Schumacher,et al. Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.