Abstract
Recently, there has been a growing interest in identifying security patterns in software-intensive systems since they provide techniques for considering, detecting and solving security issues from the beginning of its development life-cycle. This paper describes how security architectural patterns lack of a comprehensive and complete well-structured documentation that conveys essential information of its logical structure, run-time behaviour, deployment-time and monitoring configuration, and so on. Thus we propose a set of security viewpoints to describe software-intensive security patterns adhered to ANSI/IEEE 1471-2000. In order to maximize comprehensibility, we make use of well-known language notations such as UML to represent all the necessary information for defining a software-intensive architectural security pattern conforming to the IEEE 1471-2000 standard. We investigate security architectural patterns from several IEEE 1471-2000 compliant viewpoints.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Steel, C., Nagappan, R., Lai, R.: Core Security Patterns, p. 1088. Prentice Hall, Englewood Cliffs (2005)
Bachmann, F., Bass, L., Clements, P., Garlan, D., Ivers, J., Little, R., Nord, R., Stafford, J.: Documenting Software Architectures: Organization of Documentation Package, Software Engineering Institute (2001)
Cheng, B.H.C., Konrad, S., Campbell, L.A., Wassermann, R.: Using Security Patterns to Model and Analyze Security Requirements. Monterey Bay, CA, USA, pp. 13–22 (2003)
Schumacher, M., Fernandez, E.B., Hybertson, D., Buschmann, F.: Security Patterns, 1st edn., pages. 512. John Wiley & Sons, Chichester (2005)
Schumacher, M., Roedig, U.: Security Engineering with Patterns. In: 8th Conference on Patterns Lnaguages of Programs, PLoP 2001, Monticello, Illinois, USA (2001)
Yoder, J., Barcalow, J.: Architectural Patterns for Enabling Application Security, Monticello, Illinois, USA (1997)
IEEE, Recommended Practice for Architectural Description of Software-Intensive Systems (IEEE Std 1471-2000). Institute of Electrical and Electronics Engineers: New York, NY, p. 29 (2000), http://standards.ieee.org/reading/ieee/std_public/description/se/1471-2000_desc.html
Kruchten, P.: Architectural Blueprints - The “4+1” View Model of Software Architecture. IEEE Software 12(6), 42–50 (1995)
Rozanski, N., Woods, E.i.: Software Systems Architecture: Working With Stakeholders Using Viewpoints and Perspectives, 1st edn., p. 576. Addison Wesley, Reading (2005)
Berry, C.A., Carnell, J., Juric, M.B., Kunnumpurath, M.M., Nashi, N., Romanosky, S.: Patterns Applied to Manage Security, in J2EE Design Patterns Applied, Ch. 5 (2002)
Kienzle, D.M., Elder, M.C.: Final Technical Report: Security Patterns for web Application Development (2005)
Firesmith, D.G.: Commom Concepts Underlying Safety, Security, and Survivability Engineering CMU/SEI-2003-TN-033. SEI (2003)
Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: Pattern-Oriented Software Architecture: A System of Patterns, p. 476. John Wiley & Sons, Chichester (1996)
Fernandez, E.B., Pan, R.: A pattern language for security models. In: 8th Conference on Pattern Languages of Programs, PLoP 2001. Allerton Park, Illinois, USA (2001)
Security Design Patterns (2001), Available on: http://www.cgisecurity.com/lib/securityDesignPatterns.html
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading (1994)
AGCS, AG Communication System. Template Pattern (1996)
Rosado, D.G., Gutiérrez, C., Fernandez-Medina, E., Piattini, M. (eds.): A Study of Security Architectural Patterns, Vienna, Austria, pp. 358–365. IEEE Computer Society, Los Alamitos (2006)
Software Architecture Document (SAD) (2006) Available on: www.sei.cmu.edu/architecture/SAD_template2.dot
Jurjens, J.: Towards Secure Systems Development with UMLsec. In: Hussmann, H. (ed.) ETAPS 2001 and FASE 2001. LNCS, vol. 2029, pp. 187–200. Springer, Heidelberg (2001)
Jurjens, J.: UMLsec: Extending UML for Secure Systems Development. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412–425. Springer, Heidelberg (2002)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
CockBurn, A.: Writing Effective Use Cases, p. 270. Addison-Wesley Professional, Reading (2000)
Deubler, M., Grünbauer, J., Jürjens, J., Wimmel, G.: Sound Development of Secure Service-based Systems. In: Second International Conference on Service Oriented Computing (ICSOC), ACM Press, New York (2004)
Garlan, J., Anthony, R.: Large-Scale Software Architecture, p. 278. John Wiley & Sons, Chichester (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rosado, D.G., Gutiérrez, C., Fernández-Medina, E., Piattini, M. (2007). Defining Security Architectural Patterns Based on Viewpoints. In: Gervasi, O., Gavrilova, M.L. (eds) Computational Science and Its Applications – ICCSA 2007. ICCSA 2007. Lecture Notes in Computer Science, vol 4707. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74484-9_23
Download citation
DOI: https://doi.org/10.1007/978-3-540-74484-9_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74482-5
Online ISBN: 978-3-540-74484-9
eBook Packages: Computer ScienceComputer Science (R0)