Yu, Y., Kaiya, H., Yoshioka, N., Hu, Z., Washizaki, H., Xiong, Y. and Hosseinian-Far, A. (2018) Goal modelling for security problem matching and pattern enforcement. International Journal of Secure Software Engineering (IJSSE). 8(3), pp. 42-57. 1947-3036.
The files below are currently restricted to repository staff only.
They may be awaiting processing or under a publisher's embargo.
Items under embargo will be available for download from the date noted.
![[img]](http://nectar.northampton.ac.uk/style/images/fileicons/text.png) Untitled (91kB) |
Untitled (566kB) |
| Item Type: | Article |
|---|---|
| Abstract: | This article describes how earlier detection of security problems and the implementation of solutions would be a cost-effective approach for developing secure software systems. Developing, gathering and sharing similar repeatable programming knowledge and solutions has led to the introduction of Patterns in the 90's. The same concept has been adopted to realise reoccurring security knowledge and hence security patterns. Detecting a security problem using the patterns in requirements models may lead to its early prevention. In this article, the authors have provided an overview of security patterns in the past two decades, followed by a summary of i*/Tropos goal modelling framework. Section 2 outlines model-driven development, meta-models and model transformation, within the context of requirements engineering. They have summarised security access control types, and formally described role-based access control (RBAC) in particular as a pattern that may occur in the stakeholder requirements models. Then the authors used the i* modelling language and some elements from its constructs - model-driven queries and transformations - to describe the pattern enforcement. This is applied to a number of requirements models within the literature, and the pattern-based transformation tool they designed has automated the detection and resolution of this security pattern in several goal-oriented stakeholder requirements. Finally, the article also reflects on a variety of existing applications and future work. |
| Uncontrolled Keywords: | Security patterns, access control, RBAC, goal models, model transformations |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science > QA76.9.A25 Computer security |
| Creators: | Yu, Yijun, Kaiya, Haruhiko, Yoshioka, Nobukazu, Hu, Zhenjiang, Washizaki, Hironori, Xiong, Yingfei and Hosseinian-Far, Amin |
| Publisher: | IGI Global |
| Faculties, Divisions and Institutes: |
University Faculties, Divisions and Research Centres - OLD > Faculty of Business & Law > Business Faculties > Faculty of Arts, Science & Technology > Computing Faculties > Faculty of Business & Law > International Strategy & Business |
| Date: | 20 February 2018 |
| Date Type: | Published Online |
| Page Range: | pp. 42-57 |
| Journal or Publication Title: | International Journal of Secure Software Engineering (IJSSE) |
| Volume: | 8 |
| Number: | 3 |
| Language: | English |
| DOI: | https://doi.org/10.4018/IJSSE.2017070103 |
| ISSN: | 1947-3036 |
| Status: | Published / Disseminated |
| Refereed: | Yes |
| URI: | http://nectar.northampton.ac.uk/id/eprint/10207 |
Actions (login required)
 |
Edit Item |
Altmetric
Altmetric