The Security Twin Peaks

The feedback from architectural decisions to the elaboration of requirements is an established concept in the software engineering community. However, pinpointing the nature of this feedback in a precise way is a largely open problem. Often, the feedback is generically characterized as additional qualities that might be affected by an architect’s choice. This paper provides a practical perspective on this problem by leveraging architectural security patterns. The contribution of this paper is the Security Twin Peaks model, which serves as an operational framework to co-develop security in the requirements and the architectural artifacts

SoSPa: A System of Security Design Patterns for Systematically Engineering Secure Systems

Model-Driven Security (MDS) for secure systems development still has limitations to be more applicable in practice. A recent systematic review of MDS shows that current MDS approaches have not dealt with multiple security concerns systematically. Besides, catalogs of security patterns which can address multiple security concerns have not been applied efficiently. This paper presents an MDS approach based on a unified System of Security design Patterns (SoSPa). In SoSPa, security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically addressing multiple security concerns. SoSPa consists of not only interrelated security design patterns but also a refinement process towards their application. We applied SoSPa to design the security of crisis management systems. The result shows that multiple security concerns in the case study have been addressed by systematically integrating different security solutions

Connecting Security Requirements and Software Architecture with Patterns (Beveiligingsvereisten en softwarearchitectuur verbinden met patronen)

Recurring solutions to software engineering problems are often captured in patterns, which describe, in a generic but reusable manner, a specific problem and a corresponding solution. This thesis develops a deeper understanding about how pattern catalogs can help a software architect to reconcile the software's requirements and the architecture in the context of security. To achieve this goal, we follow an empirical approach.Two aspects of development are taken into account, namely (1) the construction of the software, and (2) its evolution over time. An analysis of the security patterns landscape shows that sufficient security patterns exist for the construction of secure software, but organization is needed to make them more usable. With a controlled empirical experiment, we investigate the effect of such organization from the viewpoint of the software architect.Regarding patterns for secure co-evolution, we observe that no patterns have been defined. Therefore, we propose a framework for precisely describing such patterns (called change patterns), together with a process for applying them. We illustrate the concepts with patterns for handling evolving trust requirements and access control. The approach is validated by means of two empirical studies, and implemented in a proof of concept tool.status: publishe

Towards a platform for empirical software design studies

© 2017 IEEE. The process of empirical research is founded on careful study design, sound instantiation and planning of the study, and the systematic collection and processing of data. These activities require extensive expertise and know-how, are repetitive, laborious and error-prone, and adequate tool support is currently lacking, particularly in support of empirical software engineering research. In this paper, we outline our vision of an integrated end-to-end tool platform that supports these activities and we elaborate on what it would take for such a platform to become a (re)usable platform for the research community.status: publishe

Does organizing security patterns focus architectural choices?

Security patterns can be a valuable vehicle to design secure software. Several proposals have been advanced to improve the usability of security patterns. They often describe extra annotations to be included in the pattern documentation. This paper presents an empirical study that validates whether those proposals provide any real benefit for software architects. A controlled experiment has been executed with 90 master students, who have performed several design tasks involving the hardening of a software architecture via security patterns. The results show that annotations produce benefits in terms of a reduced number of alternatives that need to be considered during the selection of a suitable pattern. However, they do not reduce the time spent in the selection process.status: publishe

Using change patterns to incorporate evolving trust relationships into a software architecture

When designing a secure software architecture, the architect must take possible evolution of the system and its environment into account. Inevitably, during the lifetime of the application, changes will occur that reduce the security of the system. It is crucial that these changes are anticipated, and that they can be accomodated with minimal impact on the architecture. This report introduces the concept of `change patterns', providing guidance to the architect to achieve this goal. A change pattern guides the architect in designing an architecture that is resistant against certain foreseen evolutions of the requirements and assumptions. It explicitly records the change of requirements or assumptions it supports. After the architect has selected appropriate change patterns, applying a pattern consists of two steps. First, the architecture needs to be prepared up-front for the evolution (even though it has not yet occurred), based on a likelihood and importance analysis of the evolution. Second, once the evolution occurs, the architect is triggered to perform the necessary steps to update the application such that it conforms to the new situation. These two steps are reflected in the solutions that belong to the change pattern: architectural patterns for the up-front preparation, and change guidance for performing the actual update of the application. This report contains a description of a change pattern, an outline of a process to use change patterns, and a catalogue of eight change patterns for evolving trust relationships, and an illustration of their use.nrpages: 54status: publishe

Change patterns: Co-evolving requirements and architecture

Emerging classes of systems are more and more subject to changes in their requirements and environment assumptions. Such changes have a far-reaching impact across several artifacts. This paper argues that patterns of co-evolution (or change patterns) can be observed between ``privileged'' pairs of artifacts, like the requirements specification and the architectural design. The paper introduces change patterns as a precise framework to systematically capture and handle change. The approach is based on model-driven engineering concepts and is accompanied by a tool-supported process. Changing trust assumptions are presented as an example of security-related evolution, and are used to illustrate the approach.status: publishe