Abstract
We present a method for security engineering, which is based on two special kinds of problem frames that serve to structure, characterize, analyze, and finally solve software development problems in the area of software and system security. Both kinds of problem frames constitute patterns for representing security problems, variants of which occur frequently in practice. We present security problem frames, which are instantiated in the initial step of our method. They explicitly distinguish security problems from their solutions. To prepare the solution of the security problems in the next step, we employ concretized security problem frames capturing known approaches to achieve security. Finally, the last step of our method results in a specification of the system to be implemented given by concrete security mechanisms and instantiated generic sequence diagrams. We illustrate our approach by the example of a secure remote display system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R.: Security Engineering. Wiley, Chichester (2001)
Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice. Addison-Wesley, Reading (1998)
Blakley, B., Heath, C.: Technical Guide: Security Design Patterns. The Open Group (April 2004), http://www.opengroup.org/publications/catalog/g031.htm
Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: Pattern-Oriented Software Architecture: A System of Patterns. John Wiley & Sons, Chichester (1996)
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns – Elements of Reusable Object-Oriented Software. Addison Wesley, Reading (1995)
Hatebur, D., Heisel, M.: Problem Frames and Architectures for Security Problems. In: Winther, R., Gran, B.A., Dahll, G. (eds.) SAFECOMP 2005. LNCS, vol. 3688, pp. 390–404. Springer, Heidelberg (2005)
Hatebur, D., Heisel, M., Schmidt, H.: Using problem frames for security engineering. Technical report, Universität Duisburg-Essen (2006), http://swe.uni-duisburg-essen.de/intern/seceng06.pdf
International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). Common criteria 2.3. ISO/IEC 15408 (2005), http://www.commoncriteriaportal.org
International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). Common evaluation methodology 2.3. ISO/IEC 18405 (2005), http://www.commoncriteriaportal.org
Jackson, M.: Problem Frames. Analyzing and structuring software development problems. Addison-Wesley, Reading (2001)
Jackson, M., Zave, P.: Deriving specifications from requirements: an example. In: Proceedings 17th Int. Conf. on Software Engineering, Seattle, USA, pp. 15–24. ACM Press, New York (1995)
Lin, L., Nuseibeh, B., Ince, D., Jackson, M., Moffett, J.: Introducing abuse frames for analysing security requirements. In: Proceedings of 11th IEEE International Requirements Engineering Conference (RE 2003), pp. 371–372 (2003) (poster paper)
Pfleeger, C.P.: Security in Computing, 3rd edn. Prentice Hall, Englewood Cliffs (2003)
Schäfer, G.: Security in Fixed and Wireless Networks. John Wiley & Sons, Ltd, Chichester (2003)
UML Revision Task Force. OMG Unified Modeling Language: Superstructure (August 2005), http://www.uml.org
Weisstein, E.W.: RSA-576 factored. MathWorld Headline News (2003), http://mathworld.wolfram.com/news/2003-12-05/rsa/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hatebur, D., Heisel, M., Schmidt, H. (2006). Security Engineering Using Problem Frames. In: Müller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_17
Download citation
DOI: https://doi.org/10.1007/11766155_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34640-1
Online ISBN: 978-3-540-34642-5
eBook Packages: Computer ScienceComputer Science (R0)