The Open UniversitySkip to content
 

Goal Modelling for Security Problem Matching and Pattern Enforcement

Yu, Yijun; Kaiya, Haruhiko; Yoshioka, Nobukazu; Hu, Zhenjiang; Washizaki, Hironori; Xiong, Yingfei and Hosseinian Far, Amin (2017). Goal Modelling for Security Problem Matching and Pattern Enforcement. International Journal of Secure Software Engineering (In press).

Full text available as:
Full text not publicly available
Due to copyright restrictions, this file is not available for public download
Click here to request a copy from the OU Author.
Google Scholar: Look up in Google Scholar

Abstract

Earlier detection of security problems and implementation of solutions would be a cost- effective approach for developing secure software systems. Developing, gathering and sharing similar repeatable programming knowledge and solutions has led to the introduction of Patterns in the 90’s. The same concept has been adopted to realise recurring security knowledge and hence security patterns. Detecting a security problem using the patterns in requirements models may lead to its early prevention. In this paper, we have provided an overview of security patterns in the past two decades, followed by a summary of i*/Tropos goal modelling framework. Section 2 outlines model-driven development, meta-models and model transformation, within the context of requirements engineering. We have summarised security access control types, and formally described role-based access control (RBAC) in particular as a pattern that may occur in the stakeholder requirements models. Then we have used the i* modelling language and some elements from its constructs - model-driven queries and transformations - to describe the pattern enforcement. Applied to a number of requirements models within literature, the pattern-based transformation tool we designed has automated the detection and resolution of this security pattern in several goal-oriented stakeholder requirements. Finally, the paper also reflects on a variety of existing applications and future work.

Item Type: Journal Item
Copyright Holders: 2017 Not known
ISSN: 1947-3044
Project Funding Details:
Funded Project NameProject IDFunding Body
Adaptive Security And PrivacyASAPERC Advanced Grant
Not SetNII-Grace CenterNII
Not SetNot SetRoyal Society
Keywords: security patterns; goal models; iStar; role-based access control; separation of duty
Academic Unit/School: Faculty of Science, Technology, Engineering and Mathematics (STEM) > Computing and Communications
Faculty of Science, Technology, Engineering and Mathematics (STEM)
Research Group: Centre for Research in Computing (CRC)
Item ID: 52692
Depositing User: Yijun Yu
Date Deposited: 18 Dec 2017 09:25
Last Modified: 20 Dec 2017 16:53
URI: http://oro.open.ac.uk/id/eprint/52692
Share this page:

Actions (login may be required)

Policies | Disclaimer

© The Open University   contact the OU