Early security patterns: A collection of constraints to describe regulatory security requirements

Robin A. Gandhi, Mariam Rahmani

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Security engineering involves systematically applying the accumulated experience and best practices, such as regulatory security requirements, to identify a repeatable solution that is cost-effective, continuously improved, and fulfills security expectations of the stakeholders. However, security principles and regulatory requirements are rarely applied systematically during system design. We outline a stepwise process to extract domain concepts and apply a lightweight formal modeling language, Alloy, for the representation of regulatory requirements as early security patterns. These patterns, as a collection of constraints describing regulatory requirements provide a template for the systematic integration and analysis of these constraints in a system context. Each pattern defines a constrained solution space that can be enforced in subsequent phases of secure system development, testing and operation.

Original languageEnglish (US)
Title of host publication2012 2nd IEEE International Workshop on Requirements Patterns, RePa 2012 - Proceedings
Pages17-22
Number of pages6
DOIs
StatePublished - 2012

Publication series

Name2012 2nd IEEE International Workshop on Requirements Patterns, RePa 2012 - Proceedings

Keywords

  • alloy
  • assurance
  • certification and accreditation
  • formal modeling
  • requirements
  • security regulations

ASJC Scopus subject areas

  • Computer Vision and Pattern Recognition

Fingerprint Dive into the research topics of 'Early security patterns: A collection of constraints to describe regulatory security requirements'. Together they form a unique fingerprint.

Cite this