Loading [a11y]/accessibility-menu.js
Early security patterns: A collection of constraints to describe regulatory security requirements | IEEE Conference Publication | IEEE Xplore

Early security patterns: A collection of constraints to describe regulatory security requirements


Abstract:

Security engineering involves systematically applying the accumulated experience and best practices, such as regulatory security requirements, to identify a repeatable so...Show More

Abstract:

Security engineering involves systematically applying the accumulated experience and best practices, such as regulatory security requirements, to identify a repeatable solution that is cost-effective, continuously improved, and fulfills security expectations of the stakeholders. However, security principles and regulatory requirements are rarely applied systematically during system design. We outline a stepwise process to extract domain concepts and apply a lightweight formal modeling language, Alloy, for the representation of regulatory requirements as early security patterns. These patterns, as a collection of constraints describing regulatory requirements provide a template for the systematic integration and analysis of these constraints in a system context. Each pattern defines a constrained solution space that can be enforced in subsequent phases of secure system development, testing and operation.
Date of Conference: 24-24 September 2012
Date Added to IEEE Xplore: 24 November 2012
ISBN Information:
Conference Location: Chicago, IL, USA

References

References is not available for this document.