Embedding Security Patterns into a Domain Model

Incorporating security patterns at every stage of software development process is one of the most effective ways to build secure software. But how early in the software development process is it possible to apply security patterns? We present here an approach to define security requirements in order to identify security patterns in the very early stages of the software development process, we also show an experience with the method in a limited environment. We use natural language to express requirements (understandable to the Requirements Engineer as well as to the Domain Expert), from which it is possible to identify the security requirements and the corresponding security patterns. Language Extended Lexicon (LEL) and scenarios allow to understand, study, and model the security domain and to represent security patterns. To them we apply the Baseline Mentor Workbench (BMW) for deriving CRC (Class Responsibility Collaboration) cards that represent the security patterns and their contextual model domain. BMW is a tool to assist the domain expert during the requirements engineering stage.