Selecting Security Patterns that Fulfill Security Requirements Method presentation by Ondrej Travnicek Utrecht University Method Engineering 2014.

Slides:

Advertisements

Similar presentations

Camilo Fitzgerald PhD Student UCL Computer Science

Advertisements

European Modelling Symposium 2009 EMS2009 UKSim 3 rd European Symposium on Computer Modelling and Simulation 25 – 27 November, Athens, Greece Guidelines.

1 GRL Introduction Lin Liu University of Toronto April 2001.

Mohammad Hossein Danesh

Huseyin Ergin and Eugene Syriani University of Alabama Software Modeling Lab Software Engineering Group Department of Computer Science College of Engineering.

Formalizing Security Requirements for Grids Syed Naqvi 1,2, Philippe Massonet 1, Alvaro Arenas 2 1 Centre of Excellence in Information and Communication.

Motivating software developers Dr Tracy Hall Adjunct Professor, University of Oslo Reader, Brunel University, UK.

Baltic Energy Strategy Einari Kisel Director of Energy Department.

The Literature Review in 3 Key Steps

Hüseyin Ergin University of Alabama Software Modeling Lab Software Engineering Group Department of Computer Science College of Engineering.

EuroCRIS Conference Brussels Legal Issues Heather Weaver Business & Information Technology Department Open Access – disentangling the legal conundrum Heather.

GOORE Method Engineering Presentation Sander Knape.

ICT 1 Threat modelling A short introduction and stories from end user involvement SRM Seminar Luxembourg Per Håkon Meland - SINTEF ICT, Trondheim,

June 11-13, 2003Michael Weiss, FIW 031 Feature Interactions in Web Services Michael Weiss Carleton University.

1 Regular expression matching with input compression ： a hardware design for use within network intrusion detection systems Department of Computer Science.

An Efficient and Scalable Pattern Matching Scheme for Network Security Applications Department of Computer Science and Information Engineering National.

1 Info 1409 Systems Analysis & Design Module Lecture 8 – Modelling tools and techniques HND Year /9 De Montfort University.

Peter Artz, Inge van de Weerd, Sjaak Brinkkemper & Joost Fieggen Productization Transforming from developing customer-specific software to product.

D. Pandey, A. K. Ramani and U. Suman.  D. Pandey  assistant professor at the Department of Information Technology of the BBA University in India. 

Presenter : Zamarak. Agenda Overview Related Literature Process Deliverable Diagram An Example.

Joint UNECE/Eurostat work session on statistical data confidentiality October 2013 Ottawa, Canada Improvement of access to European microdata Outcome.

QUPER Paper Outline Yuri Sprockel. Update Unfortunate CCV date pick Cost view elaboration New QUPER PDD almost finished.

CIDER 2015 Conference February 5, 2015 Blacksburg, VA

OBJECT-ROLE MODELING (ORM/NIAM)

SmartPort Erasmus Smart Port Rotterdam H.E. Haralambides Current and immediate past research

The Scrum The Scrum Development Method Vincent Blijleven Method Engineering April 13 th, 2012.

A structured legacy to SOA migration process and its evaluation in practice Method Engineering 2014 Presentation by Casper van Schuppen.

Social Networking Techniques for Ranking Scientific Publications (i.e. Conferences & journals) and Research Scholars.

CSCE 548 Secure Software Development Test 1 Review.

Research in Computing สมชาย ประสิทธิ์จูตระกูล. Success Factors in Computing Research Research Computing Knowledge Scientific MethodAnalytical Skill Funding.

Business Research for Decision Making: Managerial Decision Making + Research Design Part 2 Jeffrey Weiss Unit 2 IP MGT B-02: Business Research for.

AMA INTERNATIONAL UNIVERSITY BHARAIN SOFTWARE ENGINEERING PROJECT - SBI 302 SOFTWARE ENGINEERING PROJECT - SBI 302A SOFTWARE ENGINEERING PROJECT - SBI.

1.Introduction 2.Purpose of the Research 3.Research Framework 4.Research Methodology 5.Result of the Research 6.Conclusion and Discussion 1.Introduction.

Requirements Elicitation and Validation with Real World Scenes Peter Haumer, Klaus Pohl and Klaus Weidenhaupt Rens van Erk

Rule-Based Baseline Ontology Method for Requirement Elicitation Research paper: A Domain Ontology Building Process for Guiding Requirements Elicitation.

 The need for a formal methodology description  SPEM for describing an agent oriented methodology  PASSI: an example  The needed extension  Discussion.

Eliciting Gaps in Requirements Change Wouter Westendorp.

CRAC++ Risk-Based Confidentiality Requirements Specification for Outsourced IT Systems.

T HE F IRST R ULE OF S OFTWARE S USTAINABILITY : D O NOT TALK ABOUT S OFTWARE S USTAINABILITY The Problem Time is a facile measurement of software sustainability.

Slide 1 What the business needs  How to build it Functional requirements  + Nonfunctional requirements Performance System environment issues Problem.

Basics and Principles of Scientific Research By Ass. Prof. Dr. Majid S. Naghmash Diglah University College Department of Computer Engineering Techniques.

A Personal Data Audit Method through Requirements Engineering Thomas van Eerden.

Using Domain Ontology as Domain Knowledge for Requirements Elicitation Haruhiko Kaiya & Motoshi Saeki A model description by Roel Esten.

SOLICITING CUSTOMER REQUIREMENTS FOR PRODUCT CONCEPTUALIZATION ASSIGNMENT OF THE COURSE -METHOD ENGINEERING.

DECIDERelease Method Engineering - Presentation Maarten Huijs.

 Authors  Purpose  Main Phases  Related Literature  PDD  Examples  Conclusions.

The Pros and Cons of Cloud Computing 2 Papers: The Case for Cloud Computing by Robert L. Grossman (2009) – Professor of Mathematics, Statistics and Computer.

A Use Case Based Approach to Feature Models’ Construction Jeroen Eissens

Toward Open-source Compilers in a Cloud-based Environment: The Need and Current Challenges Presenting Author: Contact: Taher Ahmed Ghaleb

The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors ： Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser.

By Ramesh Mannava.  Overview  Introduction  10 secure software engineering topics  Agile development with security development activities  Conclusion.

Software Architecture Exercise 3 System Architecture © Ingo Arnold Department Computer Science University of Basel Introduction.

Digital Evidence Acquisition Using Cyberforensics Tools Oral Paper Presentation Graduate Student Research Development Day Virtual Conference October 25,

SECURE TROPOS Michalis Pavlidis 8 May Seminar Agenda  Secure Tropos  History and Foundation  Tropos  Basics  Secure Tropos  Concepts / Modelling.

Page 1 An Overview of The COTS-Aware Requirements Engineering and Software Architecting Project (CARE/SA) The University of Texas at Dallas Department.

Process 4 Hours.

Product Support BCA Exercise – JRATS/JTAMS

ICT meeting Business needs

SWOT Analysis Use this space for description of Strengths: Point 1

کنکور کارشناسی ارشد 93 مدیریت

The Charity Sector Today: Changes and Challenges of the 21st Century

A Framework of Remote Biometric Authentication on the Open Network

KS4 SDL Summer Project Name of student(s).

“Қазіргі таңда жастарға ақпараттық технологиямен байланысты әлемдік стандартқа сай мүдделі жаңа білім беру өте-мөте қажет” Н.Ә. Назарбаев.

The Computer as a Medium for Sharing Knowledge

Research Paper Overview.

Noel Drake Kufaine PhD University of Malawi

Feasibility Report.

Presented By Student1 name - Roll no Student2 name - Roll no

Joint Application Development (JAD)

Presentation transcript:

Selecting Security Patterns that Fulfill Security Requirements Method presentation by Ondrej Travnicek Utrecht University Method Engineering 2014

Outline Introduction o Overview o Main phases Related literature o Past o Present o Future Method description Example Conclusion o Strengths / Opportunities o Weaknesses / Threats Utrecht University Method Engineering 2014

Introduction Purpose o To aid developers with the selection of security patterns Authors o Michael Weiss Associate professor Carleton University (Ottawa, Canada) Open source, ecosystems, mash-ups, patterns, and social network analysis o Haralambos (Haris) Mouratidis Professor University of Brighton (Brighton, UK) Software systems engineering, security requirements engineering, software engineering, information systems engineering Utrecht University Method Engineering 2014 Overview

Introduction Build repository o Pattern investigation & decomposition o Search engine implementation Select patterns o Input o Search engine at work o Output Utrecht University Method Engineering 2014 Main phases

Related literature From non-functional requirements to design through patterns (Gross & Yu, 2001) o Modeling the impact of security patterns o Non-functional requirement framework o Analysis employed by Weiss and Mouratidis (2008) Elaborating security requirements by construction of intentional anti- models (Van Lamsweerde, 2004) o Modeling, specification and analysis of security requirements o Security, not only an after thought Utrecht University Method Engineering 2014 Past

Related literature Building a pattern repository: Benefitting from the open, lightweight, and participative nature of wikis (Weiss & Birokou, 2007) o Effects of increasing number of security patterns o Pattern repository through wikis Using security patterns to develop secure systems (Fernandez et al., 2011) o Ongoing global collaboration o Use of patterns in development of secure systems Utrecht University Method Engineering 2014 ‘Present’

Related literature Legally “reasonable” security requirements: A 10- year FTC retrospective (Breaux & Baumer, 2011) o Investigation into “reasonable” security Others o Cited: 22 times o Application of the method Utrecht University Method Engineering 2014 Future

Method description

Utrecht University Method Engineering 2014 Method represented using the Process-Deliverable Diagram (Weerd & Brinkkemper, 2008).

Example From GRL model to Prolog facts Utrecht University Method Engineering 2014

Conclusion Strengths / Opportunities o Universal o Development heavy environment Weaknesses / Threats o Single project situation o Repository updates o Repository sources and builder Utrecht University Method Engineering 2014

References Breaux, T. D., & Baumer, D. L. (2011). Legally “reasonable” security requirements: A 10- year FTC retrospective. computers & security, 30(4), Fernandez, E. B., Yoshioka, N., Washizaki, H., Jurjens, J., VanHilst, M., & Pernul, G. (2011). Using security patterns to develop secure systems, 2, Gross, D., & Yu, E. (2001). From non-functional requirements to design through patterns. Requirements Engineering, 6(1), Van Lamsweerde, A. (2004). Elaborating security requirements by construction of intentional anti- models. Proceedings of the 26th International Conference on Software Engineering (pp ). IEEE Computer Society. Weerd, I. van de, & Brinkkemper, S. (2008). Meta-modeling for situational analysis and design methods. In M.R. Syed and S.N. Syed (Eds.), Handbook of Research on Modern Systems Analysis and Design Technologies and Applications (pp ). Hershey: Idea Group Publishing. Weiss, M., & Birukou, A. (2007). Building a pattern repository: Benefitting from the open, lightweight, and participative nature of wikis. International Symposium on Wikis (WikiSym), ACM (pp ). Weiss, M., & Mouratidis, H. (2008). Selecting security patterns that fulfill security requirements. International Requirements Engineering, RE'08. 16th IEEE (pp ). Catalonia: IEEE. Utrecht University Method Engineering 2014

Questions?