Abstract
In the beginning of every security analysis a Context Establishment aims at eliciting and understanding the system that shall be analyzed including its direct and indirect environment, the relevant stakeholders, other already established systems, and other entities that are directly or indirectly related to the system. For this purpose, we describe in this chapter a specific way of elicitation of the system context by introducing so-called context-patterns. The application of context-patterns helps to gather knowledge in a structured way about a specific domain such as cloud computing. These patterns contain graphical patterns and templates with elements that require consideration for a specific context. In addition, our context-pattern contains a method for eliciting domain knowledge using the graphical patterns and templates. In this chapter we present a catalog of context-pattern describing the following domains: Cloud Computing Systems, Peer-to-Peer Systems, Service-oriented Architectures, and Law. Furthermore, we distinguish our context-patterns from further existing patterns for system analysis.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Unified Modeling Language: http://www.omg.org/spec/UML/2.3/.
References
Alexander, C. (1977). A pattern language: Towns, buildings, construction. Oxford: Oxford University Press.
Beckers, K., & Faßbender, S. (2012a). Peer-to-peer driven software engineering considering security, reliability, and performance. In Proceedings of the International Conference on Availability, Reliability and Security (ARES)—2nd International Workshop on Resilience and IT-Risk in Social Infrastructures (RISI 2012) (pp. 485–494). IEEE Computer Society.
Beckers, K., & Faßbender, S. (2012b). Supporting the context establishment according to ISO 27005 using patterns. In: Software Engineering 2012—Workshopband (pp. 141–146). Berlin, Germany: GI. (Workshop Zertifizierung und modellgetriebene Entwicklung sicherer Software, Software Engineering 2012 (ZeMoSS’12)).
Beckers, K., & Heisel, M. (2012). A foundation for requirements analysis of privacy preserving software. In Proceedings of the International Cross Domain Conference and Workshop (CD-ARES 2012) (pp. 93–107). Springer.
Beckers, K., Küster, J.-C., Faßbender, S., & Schmidt, H. (2011). Pattern-based support for context establishment and asset identification of the ISO 27000 in the field of cloud computing. In: Proceedings of the International Conference on Availability, Reliability and Security (ARES) (pp. 327–333). IEEE Computer Society.
Beckers, K., Faßbender, S., Heisel, M., & Meis, R. (2012a). Pattern-based context establishment for service-oriented architectures. Software service and application engineering (pp. 81–101). Berlin: Springer.
Beckers, K., Faßbender, S., Küster, J.-C., & Schmidt, H. (2012b). A pattern-based method for identifying and analyzing laws. In Proceedings of the International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ) (pp. 256–262). Springer.
Beckers, K., Faßbender, S., & Schmidt, H. (2012c). An integrated method for pattern-based elicitation of legal requirements applied to a cloud computing example. In Proceedings of the International Conference on Availability, Reliability and Security (ARES)—2nd International Workshop on Resilience and IT-Risk in Social Infrastructures (RISI 2012) (pp. 463–472). IEEE Computer Society.
Beckers, K., Côté, I., Faßbender, S., Heisel, M., & Hofbauer, S. (2013a). A pattern based method for establishing a cloud-specific information security management system. Requirements Engineering, 18(4), 1–53.
Beckers, K., Côté, I., Goeke, L., Güler, S., & Heisel, M. (2013b). Structured pattern-based security requirements elicitation for clouds. In Proceedings of the International Conference on Availability, Reliability and Security (ARES)—7th International Workshop on Secure Software Engineering (SecSE 2013) (pp. 465–474). IEEE Computer Society.
Beckers, K., Côté, I., Goeke, L., Güler, S., & Heisel, M. (2014). A structured method for security requirements elicitation concerning the cloud computing domain. International Journal of Secure Software Engineering (IJSSE), 5(2), 20–43.
Breaux, T. D., & Antón, A. I. (2008). Analyzing regulatory rules for privacy and security requirements. IEEE Transactions on Software Engineering, 34(1), 5–20.
Eclipse Foundation. (2011a). Eclipse—An open development platform (http://www.eclipse.org/).
Eclipse Foundation. (2011b). Eclipse graphical modeling framework (GMF). (http://www.eclipse.org/modeling/gmf/).
Eclipse Foundation. (2012a). Eclipse modeling framework project (EMF). (http://www.eclipse.org/modeling/emf/).
Eclipse Foundation. (2012b). Graphical editing framework project (GEF). (http://www.eclipse.org/gef/).
Fabian, B., Gürses, S., Heisel, M., Santen, T., & Schmidt, H. (2010). A comparison of security requirements engineering methods. Requirements Engineering—Special Issue on Security Requirements Engineering, 15(1), 7–40.
Fernandez, E. B., & Pan, R. (2001). A pattern language for security models. In 8th Conference of Pattern Languages of Programs (PLoP).
Fernandez, E. B., Pelaez, J. C., & Larrondo-Petrie, M. M. (2007). Security patterns for voice over ip networks. In Proceedings of the International Multiconference on Computing in the Global Information Technology (pp. 19–29). IEEE Computer Society.
Fowler, M. (1996). Analysis patterns: Reusable object models. Boston: Addison-Wesley.
Fowler, M. (2002). Patterns of enterprise application architecture. Boston: Addison-Wesley Longman Publishing Co., Inc.
Gamma, E., Helm, R., Johnson, R., & Vlissides, J. (1994). Design patterns: Elements of reusable object-oriented software. Boston: Addison-Wesley.
Hafiz, M. (2006). A collection of privacy design patterns. In Proceedings of the 2006 Conference on Pattern Languages of Programs (pp. 1–13). ACM.
Hafiz, M., Adamczyk, P., & Johnson, R. E. (2012). Growing a pattern language (for security). In Proceedings of the ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (pp. 139–158). ACM.
Hatebur, D., & Heisel, M. (2009). A foundation for requirements analysis of dependable software. In Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP) (p. 311–325). Springer.
ISO/IEC. (2005). Information technology—Security techniques—Information security management systems—Requirements (ISO/IEC 27001). Geneva, Switzerland: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
ISO/IEC. (2008). Information technology—Security techniques—Information security risk management (ISO/IEC 27005). Geneva, Switzerland: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
ISO/IEC. (2009). Information technology—Security techniques—Information security management systems—Overview and Vocabulary (ISO/IEC 27000). Geneva, Switzerland: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC).
Jackson, M. (2001). Problem frames. Analyzing and structuring software development problems. Boston: Addison-Wesley.
Lua, E. K., Crowcroft, J., Pias, M., Sharma, R., & Lim, S. (2005). A survey and comparison of peer-to-peer overlay network schemes. IEEE Communications Surveys and Tutorials, 7, 72–93.
Niknafs, A., & Berry, D. M. (2012). The impact of domain knowledge on the effectiveness of requirements idea generation during requirements elicitation. In Proceedings of the 20th IEEE International Requirements Engineering Conference (RE), (pp. 181–190). IEEE Computer Society.
Schmidt, H. (2010). A pattern—and component-based method to develop secure software. Deutscher Wissenschafts-Verlag (DWV) Baden-Baden.
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., & Sommerlad, P. (2006). Security patterns: Integrating security and systems engineering. New York: Wiley.
UML Revision Task Force. (2010, May). OMG unified modeling language: Superstructure [Computer software manual].
Withall, S. (2007). Software requirement patterns. Redmond: Microsoft Press.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Beckers, K. (2015). A Catalog of Context-Patterns. In: Pattern and Security Requirements. Springer, Cham. https://doi.org/10.1007/978-3-319-16664-3_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-16664-3_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-16663-6
Online ISBN: 978-3-319-16664-3
eBook Packages: Computer ScienceComputer Science (R0)