Towards a Systematic Development of Secure Systems

Ruth Breu, Klaus Burger, Michael Hafner, Gerhard Popp

Abstract

In this paper we outline a new process model for security engineering. This process model extends object oriented, use case driven software development by the systematic treatment of security related issues. We introduce the notion of security aspects describing security relevant requirements and measures at a certain level of abstraction. We define a micro-process for security analysis supporting the systematic development of secure components within iterative systems development.

References

  1. I. Jacobson, G. Booch, J. Rumbaugh: The Unified Software Development Process. AddisonWesley, 1999.
  2. P. Kruchten: The Rational Unified Process. Addison-Wesley, 1999.
  3. D. DSouza, A. Wills: Components and Frameworks with UML - The Catalysis Approach. Addison-Wesley, 1999.
  4. R. Breu, K. Burger, M. Hafner, G. Popp, J. Jürjens, G. Wimmel: Security-Critical System Development with Extended Use Cases. Accepted for APSEC03.
  5. D. Basin, J. Doser, T. Lodderstedt: Model Driven Security for Process-Oriented Systems. In 8th ACM Symposium on Access Control Models and Technologies. ACM Press, 2003.
  6. D. Firesmith: Security Use Cases. In: Journal of Object Technology 2(3), 2003. http://www.jot.fm/issues/issue_2003_05/column6
  7. T. Lodderstedt, D. Basin, J. Doser: Secureuml: A uml-based modeling language for modeldriven security. In: J.-M. Jézéquel, H. Hussmann, S. Cook (eds.): UML 2002. Lecture Notes in Computer Science, vol. 2460, Springer, 2002.
  8. www.v-modell.iabg.de
  9. R. Breu, K. Burger, M.Hafner, G. Popp: Core Concepts of a Process Model for Security Engineering. Accepted for Icssea 2003.
  10. G. Popp: Vorgehensmodelle für die Entwicklung sicherer Systeme. Dissertation, Munich University of Technology, to appear.
  11. R. Breu, G. Popp: Actor-Centric Modeling of Access Rights. Submitted for publication.
  12. J. Yoder, J. Barcalow: Architectural Patterns for Enabling Application Security . 4th Conference of Pattern Languages of Programs (PloP), 1997.
  13. E. Fernandez, R. Pan: A Pattern Language for Security Models. 8th Conference of Pattern Languages of Programs (PloP), 2001.
  14. B. Blakley: Securtiy Design Patterns. The OpenGroup. 2002. http://www.opengroup.org/security/gsp.htm
  15. M. Schumacher: Security Engineering with Patterns. PhD Thesis, Lecture Notes in Computer Science, LNCS 2754, Springer, 2003.
  16. M. Kis: Information Security Antipatterns in Software requirements Engineering. 9th Conference of Pattern Languages of Programs (PloP), 2002.
  17. J.D. Meier et al.:, Improving Web Application Security, Threats and Countermeasures. Microsoft Corporation, 2003.
  18. Bundesamt für Sicherheit in der Informationstechnologie: IT Baseline Protection Manual. Bonn, 2001. http://www.bsi.de/gshb/english/menue.htm
  19. T. R. Peltier: Information Security Risk Analysis. Auerbach, 2001.
  20. http://java.sun.com/j2ee/
  21. R. Anderson: Security Engineering. John Wiley, 2001.
  22. J. Jürjens: Secure Systems Development with UML. Springer, to appear.
  23. G. Sindre, A. Opdahl: Templates for misuse case description.In: Proc. Seventh International Workshop on Requirements Engineering: Foundation of Software Quality (REFSQ'2001), 2001.
  24. E.B. Fernandez, J.C. Hawkins: Determining Role Rights from Use Cases. Proc. ACM Workshop on Role-Based Access Control. Proceedings of the second ACM workshop on Rolebased access control, United States, 1997.
  25. R. Breu, M. Hafner, B. Weber: Modeling and Realizing Security-Critical InterOrganizational Workflow. Submitted for Publication.
Download


Paper Citation


in Harvard Style

Breu R., Burger K., Hafner M. and Popp G. (2004). Towards a Systematic Development of Secure Systems . In Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004) ISBN 972-8865-07-4, pages 1-12. DOI: 10.5220/0002654300010012


in Bibtex Style

@conference{wosis04,
author={Ruth Breu and Klaus Burger and Michael Hafner and Gerhard Popp},
title={Towards a Systematic Development of Secure Systems},
booktitle={Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)},
year={2004},
pages={1-12},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002654300010012},
isbn={972-8865-07-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)
TI - Towards a Systematic Development of Secure Systems
SN - 972-8865-07-4
AU - Breu R.
AU - Burger K.
AU - Hafner M.
AU - Popp G.
PY - 2004
SP - 1
EP - 12
DO - 10.5220/0002654300010012