Connecting security requirements analysis and secure design using patterns and UMLsec

Existing approaches only provide informal guidelines for the transition from security requirements to secure design. Carrying out this transition is highly non-trivial and error-prone, leaving the risk of introducing vulnerabilities. This paper presents a pattern-oriented approach to connect security requirements analysis and secure architectural design. Following the divide & conquer principle, a software development problem is divided into simpler subproblems based on security requirements analysis patterns. We complement each of these patterns with architectural security patterns tailored to solve classes of security subproblems. We use UMLsec together with the advanced modeling possibilities for software architectures of UML 2.3 to equip the architectural security patterns with security properties, and to allow tool-supported analysis and composition of instances of these patterns. We validate our approach using two case studies and illustrate its support for Common Criteria certifications.