TY - GEN
T1 - Early security patterns
T2 - A collection of constraints to describe regulatory security requirements
AU - Gandhi, Robin A.
AU - Rahmani, Mariam
N1 - Copyright:
Copyright 2013 Elsevier B.V., All rights reserved.
PY - 2012
Y1 - 2012
N2 - Security engineering involves systematically applying the accumulated experience and best practices, such as regulatory security requirements, to identify a repeatable solution that is cost-effective, continuously improved, and fulfills security expectations of the stakeholders. However, security principles and regulatory requirements are rarely applied systematically during system design. We outline a stepwise process to extract domain concepts and apply a lightweight formal modeling language, Alloy, for the representation of regulatory requirements as early security patterns. These patterns, as a collection of constraints describing regulatory requirements provide a template for the systematic integration and analysis of these constraints in a system context. Each pattern defines a constrained solution space that can be enforced in subsequent phases of secure system development, testing and operation.
AB - Security engineering involves systematically applying the accumulated experience and best practices, such as regulatory security requirements, to identify a repeatable solution that is cost-effective, continuously improved, and fulfills security expectations of the stakeholders. However, security principles and regulatory requirements are rarely applied systematically during system design. We outline a stepwise process to extract domain concepts and apply a lightweight formal modeling language, Alloy, for the representation of regulatory requirements as early security patterns. These patterns, as a collection of constraints describing regulatory requirements provide a template for the systematic integration and analysis of these constraints in a system context. Each pattern defines a constrained solution space that can be enforced in subsequent phases of secure system development, testing and operation.
KW - alloy
KW - assurance
KW - certification and accreditation
KW - formal modeling
KW - requirements
KW - security regulations
UR - http://www.scopus.com/inward/record.url?scp=84871592622&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84871592622&partnerID=8YFLogxK
U2 - 10.1109/RePa.2012.6359966
DO - 10.1109/RePa.2012.6359966
M3 - Conference contribution
AN - SCOPUS:84871592622
SN - 9781467343763
T3 - 2012 2nd IEEE International Workshop on Requirements Patterns, RePa 2012 - Proceedings
SP - 17
EP - 22
BT - 2012 2nd IEEE International Workshop on Requirements Patterns, RePa 2012 - Proceedings
ER -