Presentation is loading. Please wait.

Presentation is loading. Please wait.

Selecting Security Patterns that Fulfill Security Requirements Method presentation by Ondrej Travnicek Utrecht University Method Engineering 2014.

Published byChristine Meryl Daniel Modified over 8 years ago

Similar presentations

Presentation on theme: "Selecting Security Patterns that Fulfill Security Requirements Method presentation by Ondrej Travnicek Utrecht University Method Engineering 2014."— Presentation transcript:

1 Selecting Security Patterns that Fulfill Security Requirements Method presentation by Ondrej Travnicek Utrecht University Method Engineering 2014

2 Outline Introduction o Overview o Main phases Related literature o Past o Present o Future Method description Example Conclusion o Strengths / Opportunities o Weaknesses / Threats Utrecht University Method Engineering 2014

3 Introduction Purpose o To aid developers with the selection of security patterns Authors o Michael Weiss Associate professor Carleton University (Ottawa, Canada) Open source, ecosystems, mash-ups, patterns, and social network analysis o Haralambos (Haris) Mouratidis Professor University of Brighton (Brighton, UK) Software systems engineering, security requirements engineering, software engineering, information systems engineering Utrecht University Method Engineering 2014 Overview

4 Introduction Build repository o Pattern investigation & decomposition o Search engine implementation Select patterns o Input o Search engine at work o Output Utrecht University Method Engineering 2014 Main phases

5 Related literature From non-functional requirements to design through patterns (Gross & Yu, 2001) o Modeling the impact of security patterns o Non-functional requirement framework o Analysis employed by Weiss and Mouratidis (2008) Elaborating security requirements by construction of intentional anti- models (Van Lamsweerde, 2004) o Modeling, specification and analysis of security requirements o Security, not only an after thought Utrecht University Method Engineering 2014 Past

6 Related literature Building a pattern repository: Benefitting from the open, lightweight, and participative nature of wikis (Weiss & Birokou, 2007) o Effects of increasing number of security patterns o Pattern repository through wikis Using security patterns to develop secure systems (Fernandez et al., 2011) o Ongoing global collaboration o Use of patterns in development of secure systems Utrecht University Method Engineering 2014 ‘Present’

7 Related literature Legally “reasonable” security requirements: A 10- year FTC retrospective (Breaux & Baumer, 2011) o Investigation into “reasonable” security Others o Cited: 22 times o Application of the method Utrecht University Method Engineering 2014 Future

8 Method description

9 Utrecht University Method Engineering 2014 Method represented using the Process-Deliverable Diagram (Weerd & Brinkkemper, 2008).

10 Example From GRL model to Prolog facts Utrecht University Method Engineering 2014

11 Conclusion Strengths / Opportunities o Universal o Development heavy environment Weaknesses / Threats o Single project situation o Repository updates o Repository sources and builder Utrecht University Method Engineering 2014

12 References Breaux, T. D., & Baumer, D. L. (2011). Legally “reasonable” security requirements: A 10- year FTC retrospective. computers & security, 30(4), 178-193. Fernandez, E. B., Yoshioka, N., Washizaki, H., Jurjens, J., VanHilst, M., & Pernul, G. (2011). Using security patterns to develop secure systems, 2, 16-31. Gross, D., & Yu, E. (2001). From non-functional requirements to design through patterns. Requirements Engineering, 6(1), 18-36. Van Lamsweerde, A. (2004). Elaborating security requirements by construction of intentional anti- models. Proceedings of the 26th International Conference on Software Engineering (pp. 148-157). IEEE Computer Society. Weerd, I. van de, & Brinkkemper, S. (2008). Meta-modeling for situational analysis and design methods. In M.R. Syed and S.N. Syed (Eds.), Handbook of Research on Modern Systems Analysis and Design Technologies and Applications (pp. 38-58). Hershey: Idea Group Publishing. Weiss, M., & Birukou, A. (2007). Building a pattern repository: Benefitting from the open, lightweight, and participative nature of wikis. International Symposium on Wikis (WikiSym), ACM (pp. 21-23). Weiss, M., & Mouratidis, H. (2008). Selecting security patterns that fulfill security requirements. International Requirements Engineering, 2008. RE'08. 16th IEEE (pp. 169-172). Catalonia: IEEE. Utrecht University Method Engineering 2014

13 Questions?

Download ppt "Selecting Security Patterns that Fulfill Security Requirements Method presentation by Ondrej Travnicek Utrecht University Method Engineering 2014."

Similar presentations

Camilo Fitzgerald PhD Student UCL Computer Science

Camilo Fitzgerald PhD Student UCL Computer Science
European Modelling Symposium 2009 EMS2009 UKSim 3 rd European Symposium on Computer Modelling and Simulation 25 – 27 November, Athens, Greece Guidelines.

European Modelling Symposium 2009 EMS2009 UKSim 3 rd European Symposium on Computer Modelling and Simulation 25 – 27 November, Athens, Greece Guidelines.
1 GRL Introduction Lin Liu University of Toronto April 2001.

1 GRL Introduction Lin Liu University of Toronto April 2001.
Mohammad Hossein Danesh

Mohammad Hossein Danesh
Huseyin Ergin and Eugene Syriani University of Alabama Software Modeling Lab Software Engineering Group Department of Computer Science College of Engineering.

Huseyin Ergin and Eugene Syriani University of Alabama Software Modeling Lab Software Engineering Group Department of Computer Science College of Engineering.
Formalizing Security Requirements for Grids Syed Naqvi 1,2, Philippe Massonet 1, Alvaro Arenas 2 1 Centre of Excellence in Information and Communication.

Formalizing Security Requirements for Grids Syed Naqvi 1,2, Philippe Massonet 1, Alvaro Arenas 2 1 Centre of Excellence in Information and Communication.
Motivating software developers Dr Tracy Hall Adjunct Professor, University of Oslo Reader, Brunel University, UK.

Motivating software developers Dr Tracy Hall Adjunct Professor, University of Oslo Reader, Brunel University, UK.
Baltic Energy Strategy Einari Kisel Director of Energy Department.

Baltic Energy Strategy Einari Kisel Director of Energy Department.
The Literature Review in 3 Key Steps

The Literature Review in 3 Key Steps
Hüseyin Ergin University of Alabama Software Modeling Lab Software Engineering Group Department of Computer Science College of Engineering.

Hüseyin Ergin University of Alabama Software Modeling Lab Software Engineering Group Department of Computer Science College of Engineering.
EuroCRIS Conference Brussels Legal Issues Heather Weaver Business & Information Technology Department Open Access – disentangling the legal conundrum Heather.

EuroCRIS Conference Brussels Legal Issues Heather Weaver Business & Information Technology Department Open Access – disentangling the legal conundrum Heather.
GOORE Method Engineering Presentation Sander Knape.

GOORE Method Engineering Presentation Sander Knape.
ICT 1 Threat modelling A short introduction and stories from end user involvement SRM Seminar Luxembourg 22.06.2010 Per Håkon Meland - SINTEF ICT, Trondheim,

ICT 1 Threat modelling A short introduction and stories from end user involvement SRM Seminar Luxembourg Per Håkon Meland - SINTEF ICT, Trondheim,
June 11-13, 2003Michael Weiss, FIW 031 Feature Interactions in Web Services Michael Weiss Carleton University.

June 11-13, 2003Michael Weiss, FIW 031 Feature Interactions in Web Services Michael Weiss Carleton University.
1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.

1 Regular expression matching with input compression : a hardware design for use within network intrusion detection systems Department of Computer Science.
An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.

An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.
1 Info 1409 Systems Analysis & Design Module Lecture 8 – Modelling tools and techniques HND Year 1 2008/9 De Montfort University.

1 Info 1409 Systems Analysis & Design Module Lecture 8 – Modelling tools and techniques HND Year /9 De Montfort University.
Peter Artz, Inge van de Weerd, Sjaak Brinkkemper & Joost Fieggen 22-06-2010 Productization Transforming from developing customer-specific software to product.

Peter Artz, Inge van de Weerd, Sjaak Brinkkemper & Joost Fieggen Productization Transforming from developing customer-specific software to product.
D. Pandey, A. K. Ramani and U. Suman.  D. Pandey  assistant professor at the Department of Information Technology of the BBA University in India. 

D. Pandey, A. K. Ramani and U. Suman.  D. Pandey  assistant professor at the Department of Information Technology of the BBA University in India. 
Presenter : Zamarak. Agenda Overview Related Literature Process Deliverable Diagram An Example.

Presenter : Zamarak. Agenda Overview Related Literature Process Deliverable Diagram An Example.

Similar presentations

Ads by Google