• DocumentCode
    1832159
  • Title

    Effective Security Impact Analysis with Patterns for Software Enhancement

  • Author

    Okubo, Takao ; Kaiya, Haruhiko ; Yoshioka, Nobukazu

  • Author_Institution
    Secure Comput. Dept., Fujitsu Labs. Ltd., Kawasaki, Japan
  • fYear
    2011
  • fDate
    22-26 Aug. 2011
  • Firstpage
    527
  • Lastpage
    534
  • Abstract
    Unlike functional implementations, it is difficult to analyze the impact software enhancements on security. One of the difficulties is identifying the range of effects by new security threats, and the other is developing proper countermeasures. This paper proposes an analysis process that uses two kinds of security pattern: security requirements patterns (SRP) for identifying threats and security design patterns (SDP) for identifying countermeasures at an action class level. With these two patterns and the conventional traceability methodology, developers can estimate and compare the amounts of modifications needed by multiple security countermeasures.
  • Keywords
    object-oriented programming; program diagnostics; security of data; security design pattern; security impact analysis; security requirements pattern; software enhancement; threat identification; traceability methodology; Context; Credit cards; Programming; Reverse engineering; Security; Software; Unified modeling language; application security; software pattern; software requirements engineering;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
  • Conference_Location
    Vienna
  • Print_ISBN
    978-1-4577-0979-1
  • Electronic_ISBN
    978-0-7695-4485-4
  • Type

    conf

  • DOI
    10.1109/ARES.2011.79
  • Filename
    6045972
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1832159