Abstract security patterns and the design of secure systems  

在线阅读下载全文

作  者:Eduardo B.Fernandez Nobukazu Yoshioka Hironori Washizaki Joseph Yoder 

机构地区:[1]Department of Electrical Engineering and Computer Science,Florida Atlantic University,Boca Raton,FL,USA [2]GRACE Center,National lnstitute of lnformatics,Tokyo,Japan [3]Waseda University,Tokyo,Japan [4]The Refactory,Inc,Urbana,IL,USA

出  处:《Cybersecurity》2022年第3期1-17,共17页网络空间安全科学与技术(英文)

基  金:This work received no external funding,but the National Institute of Informatics of Japan funded the trip of the first and fourth authors to Tokyo to participate in meetings where the idea of this paper was developed.

摘  要:During the initial stages of software development,the primary goal is to define precise and detailed requirements without concern for software realizations.Security constraints should be introduced then and must be based on the semantic aspects of applications,not on their software architectures,as it is the case in most secure development methodologies.In these stages,we need to identify threats as attacker goals and indicate what conceptual security defenses are needed to thwart these goals,without consideration of implementation details.We can consider the effects of threats on the application assets and try to find ways to stop them.These threats should be controlled with abstract security mechanisms that can be realized by abstract security patterns(ASPs),that include only the core functions of these mechanisms,which must be present in every implementation of them.An abstract security pattern describes a conceptual security mechanism that includes functions able to stop or mitigate a threat or comply with a regulation or institutional policy.We describe here the properties of ASPs and present a detailed example.We relate ASPs to each other and to Security Solution Frames,which describe families of related patterns.We show how to include ASPs to secure an application,as well as how to derive concrete patterns from them.Finally,we discuss their practical value,including their use in“security by design”and IoT systems design.

关 键 词:Security patterns Secure software development Security requirements Secure software architecture loT systems design 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象