Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Connecting security requirements analysis and secure design using patterns and UMLsec

: Schmidt, H.; Jürjens, J.


Mouratidis, H.:
Advanced information systems engineering. 23rd international conference, CAiSE 2011 : London, UK, June 20-24, 2011; proceedings
Berlin: Springer, 2011 (Lecture Notes in Computer Science 6741)
ISBN: 3-642-21639-0
ISBN: 978-3-642-21639-8
ISSN: 0302-9743
International Conference on Advanced Information Systems Engineering (CAiSE) <23, 2011, London>
Conference Paper
Fraunhofer ISST ()

Existing approaches only provide informal guidelines for the transition from security requirements to secure design. Carrying out this transition is highly non-trivial and error-prone, leaving the risk of introducing vulnerabilities. This paper presents a pattern-oriented approach to connect security requirements analysis and secure architectural design. Following the divide & conquer principle, a software development problem is divided into simpler subproblems based on security requirements analysis patterns. We complement each of these patterns with architectural security patterns tailored to solve classes of security subproblems. We use UMLsec together with the advanced modeling possibilities for software architectures of UML 2.3 to equip the architectural security patterns with security properties, and to allow tool-supported analysis and composition of instances of these patterns. We validate our approach using two case studies and illustrate its support for Common Criteria certifications.