Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Engineering Secure Software and Systems

ESSoS 2011: Engineering Secure Software and Systems pp 167–180Cite as

The Security Twin Peaks

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6542))

Abstract

The feedback from architectural decisions to the elaboration of requirements is an established concept in the software engineering community. However, pinpointing the nature of this feedback in a precise way is a largely open problem. Often, the feedback is generically characterized as additional qualities that might be affected by an architect’s choice. This paper provides a practical perspective on this problem by leveraging architectural security patterns. The contribution of this paper is the Security Twin Peaks model, which serves as an operational framework to co-develop security in the requirements and the architectural artifacts.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bandara, A., Shinpei, H., Jürjens, J., Kaiya, H., Kubo, A., Laney, R., Mouratidis, H., Nhlabatsi, A., Nuseibeh, B., Tahara, Y., Tun, T., Washizaki, H., Yoshioka, N., Yu, Y.: Security patterns: Comparing modeling approaches. Technical Report 2009/06 (2009)

    Google Scholar 

  2. Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice, 1st edn. Addison-Wesley, Reading (1998)

    Google Scholar 

  3. Blakley, B., Heath, C., Members of The Open Group Security Forum: Security design patterns. The Open Group (2004)

    Google Scholar 

  4. Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: Pattern-Oriented Software Architecture: A system of Patterns. Wiley, Chichester (1996)

    Google Scholar 

  5. Côté, I., Heisel, M., Wentzlaff, I.: Pattern-based Exploration of Design Alternatives for the Evolution of Software Architectures. International Journal of Cooperative Information Systems, World Scientific Publishing Company Special Issue of the Best Papers of the ECSA 2007 (December 2007)

    Google Scholar 

  6. Dougherty, C., Sayre, K., Seacord, R.C., Svoboda, D., Togashi, K.: Secure design patterns. Tech. Rep. CMU/SEI-2009-TR-010, Carnegie Mellon Software Engineering Institute (2009)

    Google Scholar 

  7. Fernandez, E.B., Larrondo-Petrie, M.M., Sorgente, T., Vanhilst, M.: A Methodology to Develop Secure Systems Using Patterns. In: Integrating Security and Software Engineering: Advances and Future Visions, pp. 107–126 (2007)

    Google Scholar 

  8. Giorgini, P., Mouratidis, H.: Secure tropos: A security-oriented extension of the tropos methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)

    Article  Google Scholar 

  9. Haley, C.B., Laney, C.R., Moffett, D.J., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Transactions on Software Engineering 34(1), 133–153 (2008)

    Article  Google Scholar 

  10. Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: A framework for security requirements engineering. In: Proceedings of the International Workshop on Software Engineering for Secure Systems (SESS), pp. 35–42. ACM Press, New York (2006)

    Google Scholar 

  11. Haley, C.B., Nuseibeh, B.: Bridging requirements and architecture for systems of systems. In: Proceedings of the International Symposium on Information Technology (ITSim), vol. 4, pp. 1–8 (2008)

    Google Scholar 

  12. Hall, J.G., Rapanotti, L., Jackson, M.: Problem oriented software engineering: Solving the package router control problem. IEEE Transactions on Software Engineering 34(2), 226–241 (2008)

    Article  Google Scholar 

  13. Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: An analysis of the security patterns landscape. In: Proceedings of the International Workshop on Software Engineering for Secure Systems (SESS), pp. 3–10. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  14. Islam, S., Mouratidis, H., Jürjens, J.: A framework to support alignment of secure software engineering with legal regulations. Journal of Software and Systems Modeling (March 2010) (published online first)

    Google Scholar 

  15. Jackson, M.: Problem Frames. Analyzing and structuring software development problems. Addison-Wesley, Reading (2001)

    Google Scholar 

  16. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  17. Kienzle, D.M., Elder, M.C., Tyree, D., Edwards-Hewitt, J.: Security patterns repository (2002)

    Google Scholar 

  18. Mouratidis, H., Jürjens, J.: From goal-driven security requirements engineering to secure design. International Journal of Intelligent Systems – Special Issue on Goal-Driven Requirements Engineering 25(8), 813–840 (2010)

    Google Scholar 

  19. Mouratidis, H., Jürjens, J., Fox, J.: Towards a comprehensive framework for secure systems development. In: Dubois, E., Pohl, K. (eds.) CAiSE 2006. LNCS, vol. 4001, pp. 48–62. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  20. Mouratidis, H., Weiss, M., Giorgini, P.: Modelling secure systems using an agent oriented approach and security patterns. International Journal of Software Engineering and Knowledge Engineering (IJSEKE) 16(3), 471–498 (2006)

    Article  Google Scholar 

  21. Nhlabatsi, A., Nuseibeh, B., Yu, Y.: Security requirements engineering for evolving software systems: A survey. Journal of Secure Software Engineering 1(1), 54–73 (2009)

    Article  Google Scholar 

  22. Nuseibeh, B.: Weaving together requirements and architectures. Computer 34(3), 115–117 (2001)

    Article  Google Scholar 

  23. Schmidt, H.: A Pattern- and Component-Based Method to Develop Secure Software. Deutscher Wissenschafts-Verlag (DWV), Baden-Baden (April 2010)

    Google Scholar 

  24. Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley & Sons, Chichester (2005)

    Google Scholar 

  25. Steel, C., Nagappan, R., Lai, R.: Core security patterns: Best practices and strategies for J2EE, web services, and identity management (2005)

    Google Scholar 

  26. van Lamsweerde, A.: From system goals to software architecture. In: Bernardo, M., Inverardi, P. (eds.) SFM 2003. LNCS, vol. 2804, pp. 25–43. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  27. van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software Specifications. Wiley, Chichester (March 2009)

    Google Scholar 

  28. Weiss, M.: Modeling security patterns using NFR analysis. In: Integrating Security and Software Engineering, pp. 127–141. Idea Group, USA (2007)

    Chapter  Google Scholar 

  29. Weiss, M., Mouratidis, H.: Selecting security patterns that fulfill security requirements. In: IEEE International Requirements Engineering Conference (2008)

    Google Scholar 

  30. Yoder, J., Barcalow, J.: Architectural patterns for enabling application security. In: Proceedings of the International Patterns Language of Programming (PLoP) Conference (1997)

    Google Scholar 

  31. Yskout, K., Scandariato, R., De Win, B., Joosen, W.: Transforming security requirements into architecture. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp. 1421–1428. IEEE Computer Society, Washington, DC (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBBT-DistriNet, Katholieke Universiteit Leuven, Belgium

    Thomas Heyman, Koen Yskout & Riccardo Scandariato

  2. Technische Universität Dortmund, Germany

    Holger Schmidt

  3. Open University, United Kingdom

    Yijun Yu

Authors
  1. Thomas Heyman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Koen Yskout
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Riccardo Scandariato
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Holger Schmidt
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yijun Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Google Inc., 1288 Pear Ave, 94043, Mountain View, CA, USA

    Úlfar Erlingsson

  2. Computer Science Department, University of Twente, Drienerlolaan 5, 7522 NB, Enschede, The Netherlands

    Roel Wieringa

  3. Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Den Dolech 2, 5612 AZ, Eindhoven, The Netherlands

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Heyman, T., Yskout, K., Scandariato, R., Schmidt, H., Yu, Y. (2011). The Security Twin Peaks. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2011. Lecture Notes in Computer Science, vol 6542. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19125-1_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-19125-1_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-19124-4

  • Online ISBN: 978-3-642-19125-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation