Defining Security Architectural Patterns Based on Viewpoints

Recently, there has been a growing interest in identifying security patterns in software-intensive systems since they provide techniques for considering, detecting and solving security issues from the beginning of its development life-cycle. This paper describes how security architectural patterns lack of a comprehensive and complete well-structured documentation that conveys essential information of its logical structure, run-time behaviour, deployment-time and monitoring configuration, and so on. Thus we propose a set of security viewpoints to describe software-intensive security patterns adhered to ANSI/IEEE 1471-2000. In order to maximize comprehensibility, we make use of well-known language notations such as UML to represent all the necessary information for defining a software-intensive architectural security pattern conforming to the IEEE 1471-2000 standard. We investigate security architectural patterns from several IEEE 1471-2000 compliant viewpoints.

[1]  B. J. Ferro Castro,et al.  Pattern-Oriented Software Architecture: A System of Patterns , 2009 .

[2]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[3]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[4]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture: A System of Patterns: John Wiley & Sons , 1987 .

[5]  Richard Anthony,et al.  Large-Scale Software Architecture: A Practical Guide using UML , 2002 .

[6]  Jan Jürjens,et al.  Sound development of secure service-based systems , 2004, ICSOC '04.

[7]  B. F. Castro Buschmann, Frank; Meunier, Regine; Rohnert, Hans; Sommerlad, Peter; Stal, Michael. Pattern-oriented software architecture: a system of patterns, John Wiley & Sons Ltd, 1996 , 1997 .

[8]  Paul Clements,et al.  Documenting Software Architectures: Organization of Documentation Package , 2001 .

[9]  Eoin Woods,et al.  Software Systems Architecture: Working with Stakeholders Using Viewpoints and Perspectives , 2005 .

[10]  Markus Schumacher,et al.  Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.

[11]  Donald Firesmith,et al.  Common Concepts Underlying Safety, Security, and Survivability Engineering , 2003 .

[12]  Peter Sommerlad,et al.  Pattern-Oriented Software Architecture , 1996 .

[13]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[14]  Eduardo B. Fernandez,et al.  A pattern language for security models , 2001 .

[15]  Philippe Kruchten,et al.  The 4+1 View Model of Architecture , 1995, IEEE Softw..

[16]  Alistair Cockburn,et al.  Writing Effective Use Cases , 2000 .

[17]  Mario Piattini,et al.  A study of security architectural patterns , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[18]  Philippe Kruchten,et al.  Architecture blueprints—the “4+1” view model of software architecture , 1995, TRI-Ada '95.

[19]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[20]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[21]  Jeff Garland,et al.  Large-Scale Software Architecture , 2002 .

[22]  Jan Jürjens,et al.  Towards Development of Secure Systems Using UMLsec , 2001, FASE.

[23]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[24]  Philippe Krutchen,et al.  Architectural blueprints--the '4+1' view model of software architecture , 1995 .