DEFINING VIEWPOINTS FOR SECURITY ARCHITECTURAL PATTERNS

David G. Rosado, Carlos Gutiérrez, Eduardo Fernández-Medina, Mario Piattini

Abstract

For decades, the security community has undertaken detailed research into specific areas of security, while largely ignoring the design process. Software architecture has emerged as an important sub-discipline of software engineering, particularly in the realm of large system development. This paper describes how security architectural patterns lack of a comprehensive and complete well-structured documentation that conveys essential information of their logical structure, deployment-time, run-time behaviour, monitoring configuration, and so on. Thus we will propose a viewpoints model for describing security architectural patterns. We will investigate security architectural patterns from several IEEE 1471-2000 compliant viewpoints and develop an example that demonstrates how to describe a security architectural pattern with viewpoints. We will make use of well-known language notations such as UML to maximize comprehensibility.

References

  1. Artelsmair, C. and Wagner, R. (2003). Towards a Security Engineering Process. The 7th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, Florida, USA.
  2. Bachmann, F., Bass, L., et al. (2000). Software Architecture Documentation in Practice: Documenting Architectural Layers: Pgs. 46.March 2000
  3. Bass, L., Clements, P., et al., Eds. (2003). Software Architecture in Practice, Addison-Wesley.
  4. Berry, C. A., Carnell, J., et al. (2002). Chapter 5: Patterns Applied to Manage Security. J2EE Design Patterns Applied.
  5. Buschmann, F., Meunier, R., et al. (1996). PatternOriented Software Architecture: A System of Patterns, John Wiley & Sons.
  6. CockBurn, A. (2000). Writing Effective Use Cases, Addison-Wesley Professional.
  7. Cheng, B. H. C., Konrad, S., et al. (2003). Using Security Patterns to Model and Analyze Security Requirements. High Assurance Systems Workshop (RHAS 03) as part of the IEEE Joint International Conference on Requirements Engineering (RE 03), Monterey Bay, CA, USA.
  8. Deubler, M., Grünbauer, J., et al. (2004). Sound Development of Secure Service-based Systems. Second International Conference on Service Oriented Computing (ICSOC), New York City, USA, ACM Press.
  9. Garlan, J. and Anthony, R. (2002). Large-Scale Software Architecture, John Wiley & Sons.
  10. IEEE (2000). Recommended Practice for Architectural Description of Software-Intensive Systems (IEEE Std 1471-2000). New York, NY, Institute of Electrical and Electronics Engineers: Pgs. 29.01-May-2000
  11. IEEE. (2006, last saved: March 21, 2006). "Software Architecture Document (SAD)." from www.sei.cmu.edu/architecture/SAD_template2.dot.
  12. Jürjens, J. (2001). Towards Secure Systems Development with UMLsec. International Conference of Fundamental Approaches to Software Engineering (FASE/ETAPS), Genoa, Italy, Springer-Verlag.
  13. Jürjens, J. (2002). UMLsec: Extending UML for Secure Systems Development. 5th International Conference on the Unified Modeling Language (UML), 2002, Dresden, Germany, Springer.
  14. Kruchten, P. (1995). "Architectural Blueprints - The "4+1" View Model of Software Architecture." IEEE Software 12(6): 42-50.
  15. Lodderstedt, T., Basin, D., et al. (2002). SecureUML: A UML-Based Modeling Language for Model-Driven Security. 5th International Conference on the Unified Modeling Language (UML), 2002, Dresden, Germany, Springer.
  16. Rozanski, N. and Woods, E. (2005). Software Systems Architecture: Working With Stakeholders Using Viewpoints and Perspectives, Addison Wesley Professional.
  17. Schumacher, M., Fernandez, E. B., et al. (2005). Security Patterns, John Wiley & Sons.
  18. Schumacher, M. and Roedig, U. (2001). Security Engineering with Patterns. 8th Conference on Patterns Lnaguages of Programs, PLoP 2001, Monticello, Illinois, USA.
  19. Steel, C., Nagappan, R., et al. (2005). Core Security Patterns, Prentice Hall PTR.
  20. Yoder, J. and Barcalow, J. (1997). Architectural Patterns for Enabling Application Security. 4th Conference on Patterns Language of Programming, PLop 1997, Monticello, Illinois, USA.
Download


Paper Citation


in Harvard Style

G. Rosado D., Gutiérrez C., Fernández-Medina E. and Piattini M. (2006). DEFINING VIEWPOINTS FOR SECURITY ARCHITECTURAL PATTERNS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 419-424. DOI: 10.5220/0002103204190424


in Bibtex Style

@conference{secrypt06,
author={David G. Rosado and Carlos Gutiérrez and Eduardo Fernández-Medina and Mario Piattini},
title={DEFINING VIEWPOINTS FOR SECURITY ARCHITECTURAL PATTERNS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={419-424},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002103204190424},
isbn={978-972-8865-63-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - DEFINING VIEWPOINTS FOR SECURITY ARCHITECTURAL PATTERNS
SN - 978-972-8865-63-4
AU - G. Rosado D.
AU - Gutiérrez C.
AU - Fernández-Medina E.
AU - Piattini M.
PY - 2006
SP - 419
EP - 424
DO - 10.5220/0002103204190424