A Framework for Exploiting Security Expertise in Application Development

This paper presents a framework that employs security ontologies and security patterns to provide application developers with a way to utilize security expertise. Through the development of a security ontology, developers locate the major security-related concepts relevant to their application context. Security patterns are then integrated with these concepts to provide tested solutions for accommodating security requirements.

[1]  N. F. Noy,et al.  Ontology Development 101: A Guide to Creating Your First Ontology , 2001 .

[2]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.

[3]  Sergei Nirenburg,et al.  Ontology in information security: a useful theoretical foundation and methodological tool , 2001, NSPW '01.

[4]  Thomas R. Gruber,et al.  Toward principles for the design of ontologies used for knowledge sharing? , 1995, Int. J. Hum. Comput. Stud..

[5]  Costas Lambrinoudakis,et al.  Employing Ontologies for the Development of Security Critical Applications , 2005, I3E.

[6]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[7]  Mikko T. Siponen,et al.  Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods , 2005, Inf. Organ..

[8]  Costas Lambrinoudakis,et al.  An ontology for secure e-government applications , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[9]  Robert E. Filman,et al.  Communicating security agents , 1996, Proceedings of WET ICE '96. IEEE 5th Workshop on Enabling Technologies; Infrastucture for Collaborative Enterprises.

[10]  Markus Schumacher,et al.  Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[11]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[12]  Stefanos Gritzalis,et al.  Incorporating Security Requirements Into the Software Development Process , 2005, ECIW.

[13]  Jan Jürjens,et al.  Towards Development of Secure Systems Using UMLsec , 2001, FASE.

[14]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .