Goal Modelling for Security Problem Matching and Pattern Enforcement

Earlier detection of security problems and implementation of solutions would be a cost- effective approach for developing secure software systems. Developing, gathering and sharing similar repeatable programming knowledge and solutions has led to the introduction of Patterns in the 90’s. The same concept has been adopted to realise recurring security knowledge and hence security patterns. Detecting a security problem using the patterns in requirements models may lead to its early prevention. In this paper, we have provided an overview of security patterns in the past two decades, followed by a summary of i*/Tropos goal modelling framework. Section 2 outlines model-driven development, meta-models and model transformation, within the context of requirements engineering. We have summarised security access control types, and formally described role-based access control (RBAC) in particular as a pattern that may occur in the stakeholder requirements models. Then we have used the i* modelling language and some elements from its constructs - model-driven queries and transformations - to describe the pattern enforcement. Applied to a number of requirements models within literature, the pattern-based transformation tool we designed has automated the detection and resolution of this security pattern in several goal-oriented stakeholder requirements. Finally, the paper also reflects on a variety of existing applications and future work

Using Security Patterns to Develop Secure Systems

The security of software systems in recent years has been transformed from a mono-dimensional technical challenge to a multi-dimensional technico-social challenge, due to the wide usage of software systems in almost every area of the human life. This situation requires a different and more holistic approach to the development of secure software systems. Software Engineering for Secure Systems: Industrial and Research Perspectives presents the most recent and innovative lines of research and industrial practice related to secure software engineering. The book provides coverage of recent advances in the area of secure software engineering that address the various stages of the development process from requirements to design to testing to implementation. Contributions offer a comprehensive understanding secure software engineering, inspire and motivate further research and development, and bridge the gap between academic research and industrial practice.https://nsuworks.nova.edu/gscis_facbooks/1031/thumbnail.jp