Title :
Effective Security Impact Analysis with Patterns for Software Enhancement
Author :
Okubo, Takao ; Kaiya, Haruhiko ; Yoshioka, Nobukazu
Author_Institution :
Secure Comput. Dept., Fujitsu Labs. Ltd., Kawasaki, Japan
Abstract :
Unlike functional implementations, it is difficult to analyze the impact software enhancements on security. One of the difficulties is identifying the range of effects by new security threats, and the other is developing proper countermeasures. This paper proposes an analysis process that uses two kinds of security pattern: security requirements patterns (SRP) for identifying threats and security design patterns (SDP) for identifying countermeasures at an action class level. With these two patterns and the conventional traceability methodology, developers can estimate and compare the amounts of modifications needed by multiple security countermeasures.
Keywords :
object-oriented programming; program diagnostics; security of data; security design pattern; security impact analysis; security requirements pattern; software enhancement; threat identification; traceability methodology; Context; Credit cards; Programming; Reverse engineering; Security; Software; Unified modeling language; application security; software pattern; software requirements engineering;
Conference_Titel :
Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
Conference_Location :
Vienna
Print_ISBN :
978-1-4577-0979-1
Electronic_ISBN :
978-0-7695-4485-4
DOI :
10.1109/ARES.2011.79