Security Engineering Using Problem Frames

Hatebur, Denis; Heisel, Maritta; Schmidt, Holger

doi:10.1007/11766155_17

Denis Hatebur^17,18,
Maritta Heisel¹⁸ &
Holger Schmidt¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3995))

Included in the following conference series:

International Conference on Emerging Trends in Information and Communication Security

1756 Accesses
35 Citations

Abstract

We present a method for security engineering, which is based on two special kinds of problem frames that serve to structure, characterize, analyze, and finally solve software development problems in the area of software and system security. Both kinds of problem frames constitute patterns for representing security problems, variants of which occur frequently in practice. We present security problem frames, which are instantiated in the initial step of our method. They explicitly distinguish security problems from their solutions. To prepare the solution of the security problems in the next step, we employ concretized security problem frames capturing known approaches to achieve security. Finally, the last step of our method results in a specification of the system to be implemented given by concrete security mechanisms and instantiated generic sequence diagrams. We illustrate our approach by the example of a secure remote display system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Anderson, R.: Security Engineering. Wiley, Chichester (2001)
Google Scholar
Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice. Addison-Wesley, Reading (1998)
Google Scholar
Blakley, B., Heath, C.: Technical Guide: Security Design Patterns. The Open Group (April 2004), http://www.opengroup.org/publications/catalog/g031.htm
Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: Pattern-Oriented Software Architecture: A System of Patterns. John Wiley & Sons, Chichester (1996)
Google Scholar
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns – Elements of Reusable Object-Oriented Software. Addison Wesley, Reading (1995)
MATH Google Scholar
Hatebur, D., Heisel, M.: Problem Frames and Architectures for Security Problems. In: Winther, R., Gran, B.A., Dahll, G. (eds.) SAFECOMP 2005. LNCS, vol. 3688, pp. 390–404. Springer, Heidelberg (2005)
Chapter Google Scholar
Hatebur, D., Heisel, M., Schmidt, H.: Using problem frames for security engineering. Technical report, Universität Duisburg-Essen (2006), http://swe.uni-duisburg-essen.de/intern/seceng06.pdf
International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). Common criteria 2.3. ISO/IEC 15408 (2005), http://www.commoncriteriaportal.org
International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). Common evaluation methodology 2.3. ISO/IEC 18405 (2005), http://www.commoncriteriaportal.org
Jackson, M.: Problem Frames. Analyzing and structuring software development problems. Addison-Wesley, Reading (2001)
Google Scholar
Jackson, M., Zave, P.: Deriving specifications from requirements: an example. In: Proceedings 17th Int. Conf. on Software Engineering, Seattle, USA, pp. 15–24. ACM Press, New York (1995)
Google Scholar
Lin, L., Nuseibeh, B., Ince, D., Jackson, M., Moffett, J.: Introducing abuse frames for analysing security requirements. In: Proceedings of 11th IEEE International Requirements Engineering Conference (RE 2003), pp. 371–372 (2003) (poster paper)
Google Scholar
Pfleeger, C.P.: Security in Computing, 3rd edn. Prentice Hall, Englewood Cliffs (2003)
Google Scholar
Schäfer, G.: Security in Fixed and Wireless Networks. John Wiley & Sons, Ltd, Chichester (2003)
Book Google Scholar
UML Revision Task Force. OMG Unified Modeling Language: Superstructure (August 2005), http://www.uml.org
Weisstein, E.W.: RSA-576 factored. MathWorld Headline News (2003), http://mathworld.wolfram.com/news/2003-12-05/rsa/

Download references

Author information

Authors and Affiliations

Institut für technische Systeme GmbH, Germany
Denis Hatebur
Faculty of Engineering, Department of Computer Science, Workgroup Software Engineering, University Duisburg-Essen, Germany
Denis Hatebur, Maritta Heisel & Holger Schmidt

Authors

Denis Hatebur
View author publications
You can also search for this author in PubMed Google Scholar
Maritta Heisel
View author publications
You can also search for this author in PubMed Google Scholar
Holger Schmidt
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Institut für Informatik und Gesellschaft, Abt. Telematik, Albert-Ludwigs-Universität Freiburg, Friedrichstr. 50, 79098, Freiburg, Germany
Günter Müller

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hatebur, D., Heisel, M., Schmidt, H. (2006). Security Engineering Using Problem Frames. In: Müller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_17

Download citation

DOI: https://doi.org/10.1007/11766155_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34640-1
Online ISBN: 978-3-540-34642-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics