Improvement of Security Patterns strategy for Information Security Audit Applications

Lyazzat Atymtayeva, Mahmoud Abdel-Aty

Abstract

In the growing influence of information security level onto the business processes at the companies and organizations and their functioning by applying the software applications there is a necessity to develop systems with demanding level of security. Application developers are often confronted with difficulties in choosing or embedding security mechanisms that are necessary for building software secure applications, since this demands possessing expertise in security issues. This problem can be circumvented by involving security experts early in the development process. Usually it is accompanied with very high costs: experts in information security (IS) area are quite expensive specialists. An automation of some security implementation and evaluation tasks can reduce these costs and potentially increase the quality of IS strategies being developed and quality of IS audit processes. We believe that expert systems approach can be beneficial in achieving this automation. Though information security is a very broad field, encompassing many complex concepts, we are trying to develop a methodology of formalizing of IS knowledge to build a knowledge base for expert system that can serve as IS audit expert. With developing the special security patterns repository as a part of common framework for application development we can accumulate knowledge and expertise in the area of security, and help to software developers as well as IS audit stakeholders to have benefits from the processes of automation.

References

  1. Akerman, A. and Tyree, J. 2006. Using ontology to support development of software architectures. IBM Sys. Journal, vol. 45, N0 4, pp. 813-825.
  2. Atymtayeva L., Kozhakhmet K., Bortsova G., Inoue A. 2012. Expert System for Security Audit Using Fuzzy Logic. Proc of MAICS, April 21-22, 2012, Cincinnati, USA, ??. 146-151
  3. Atymtayeva L., K. Kozhakhmet, G. Bortsova, 2014, Building a Knowledge Base for Expert System in Information Security. Soft Computing in Artificial Intelligence Advances in Intelligent Systems and Computing Volume 270, pp 57-76
  4. Balopoulos Th. , et.al., 2006. A Framework for Exploiting Security Expertise in Application Development. In Lecture Notes in Computer Science, Volume 4083, pp 62-70
  5. Basin, D.A., Doser, J., and Lodderstedt, T. 2006. Model driven security: From UML models to access control infrastructures. ACM Trans. on Software Engineering and Methodology, vol. 15, No 1,pp. 39-49
  6. Biham, E. Boyer M., Boykin P. O., Mor T., and Roychowdhury V. 2000. A Proof of the Security of Quantum Key Distribution. Procs of the 32'nd Ann. ACM Symposium STOC'00, ACM Press, pp. 715-724.
  7. Braz, F., Fernandez, E.B.,and VanHilst, M. 2008. Eliciting security requirements through misuse activities. Procs. of the 2nd Int. Workshop SPattern'07, Turin, Italy, September 1-5, 2008, pp.328-333.
  8. Buschmann, F., et al. 1996. Pattern- oriented software architecture, Wiley.
  9. Dritsas,S., Gymnopoulos, L., Karyda, M., Balopoulos, T., Kokolakis, S., Lambridounakis, C., and Gritzalis, S. 2005. Employing ontologies for the development of security critical applications. Procs, of the IFIP I3E Conf., Oct. 2005, pp.187-201.
  10. Fenz S. and Ekelhart A. 2009. Formalizing information security knowledge, ASIACCS 7809, ACM.
  11. Fernandez, E.B., Larrondo-Petrie, M.M., Sorgente, T., and VanHilst, M., 2006. A methodology to develop secure systems using patterns, Chapter 5 in "Integrating security and software engineering: Advances and future vision", H. Mouratidis and P. Giorgini (Eds.), IDEA Press, pp. 107-126.
  12. Fernandez, E.B. and X.Yuan. 2010. Semantic analysis patterns and secure semantic analysis patterns", in revision for the IJICS, Inderscience Publishers.
  13. Gamma E., 2001. Design patterns ten years later. In Broy, M., Denert, E., eds.: Software Pioneers: Contributions to Software Engineering, Springer-Verlag. pp. 689- 699.
  14. Lazaros Gymnopoulos1, et.al., 2006 Developing a Security Patterns Repository for Secure Applications Design
  15. Lipner, S. and Howard, M. 2005. The Trustworthy Computing Security Development Lifecycle, MSDN Library
  16. Maljuk A.A. 2010. Information Security: Contemporary Issues, Security Information technology; ? 1, pp.5-9.
  17. Mouratidis H., and Giorgini, P. 2004 Analysing security in information systems. Procs. of the 2nd Int. Workshop ICEIS 2004, Porto, Portugal.
  18. Nagaratnam, N., Nadalin, A., Hondo, M., McIntosh, M., and Austel, P. 2005. Business-driven application security: from modeling to managing secure applications. IBM Systems Journal, vol. 44, No 4, pp.847-867
  19. Protsenko N., Atymtayeva L., Kozhakhmet K. 2012. Using FRIL in Development of Expert System Applications, Proc. ICITM 2012, Riga, Latvia, p. 98.
  20. Shor P. W. 1994 Algorithms for quantum computation: Discrete logarithms and factoring. In Procs of the 35nd Annual Symposium on FCS IEEE CSP. pp. 124- 134.
  21. Schumacher M., Fernandez E.B., et.al., 2006. Security Patterns: Integrating Security And Systems Engineering, John Wiley&Sons Inc.
  22. Taylor, R.N., Medvidovic, N., and Dashofy, N. 2010. Software architecture: Foundation, theory, and practice, Wiley.
  23. Voroviev, A. and Bekmamedova, N. 2010. An ontologydriven approach applied to information security. J. of Research and Practice in Information Tech., vol. 42, No 1, pp.61-76.
Download


Paper Citation


in Harvard Style

Atymtayeva L. and Abdel-Aty M. (2015). Improvement of Security Patterns strategy for Information Security Audit Applications . In Proceedings of the Fifth International Symposium on Business Modeling and Software Design - Volume 1: BMSD, ISBN 978-989-758-111-3, pages 199-204. DOI: 10.5220/0005887101990204


in Bibtex Style

@conference{bmsd15,
author={Lyazzat Atymtayeva and Mahmoud Abdel-Aty},
title={Improvement of Security Patterns strategy for Information Security Audit Applications},
booktitle={Proceedings of the Fifth International Symposium on Business Modeling and Software Design - Volume 1: BMSD,},
year={2015},
pages={199-204},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005887101990204},
isbn={978-989-758-111-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Fifth International Symposium on Business Modeling and Software Design - Volume 1: BMSD,
TI - Improvement of Security Patterns strategy for Information Security Audit Applications
SN - 978-989-758-111-3
AU - Atymtayeva L.
AU - Abdel-Aty M.
PY - 2015
SP - 199
EP - 204
DO - 10.5220/0005887101990204