Skip to main content
SpringerLink
Log in

Pattern-Based Confidentiality-Preserving Refinement

  • Conference paper
Engineering Secure Software and Systems (ESSoS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5429))

Included in the following conference series:

Abstract

We present an approach to security requirements engineering, which makes use of special kinds of problem frames that serve to structure, characterize, analyze, and solve software development problems in the area of software and system security.

In this paper, we focus on confidentiality problems. We enhance previously published work by formal behavioral frame descriptions, which enable software engineers to unambiguously specify security requirements. Consequently, software engineers can prove that the envisaged solutions provide functional correctness and that the solutions fulfill the specified security requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Picking battles: The impact of trust assumptions on the elaboration of security requirements. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 347–354. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  2. Haley, C.B., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Transactions on Software Engineering 34(1), 133–153 (2008)

    Article  Google Scholar 

  3. Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: Arguing security: Validating security requirements using structured argumentation. In: Proceedings of the 3rd Symposium on Requirements Engineering for Information Security (SREIS 2005) held in conjunction with the 13th International Requirements Engineering Conference (RE 2005) (2005)

    Google Scholar 

  4. Hatebur, D., Heisel, M., Schmidt, H.: Security engineering using problem frames. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 238–253. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Hatebur, D., Heisel, M., Schmidt, H.: A pattern system for security requirements engineering. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS), pp. 356–365. IEEE, Los Alamitos (2007)

    Chapter  Google Scholar 

  6. Hatebur, D., Heisel, M., Schmidt, H.: A security engineering process based on patterns. In: Proceedings of the International Workshop on Secure Systems Methodologies using Patterns (SPatterns), pp. 734–738. IEEE, Los Alamitos (2007)

    Google Scholar 

  7. Hatebur, D., Heisel, M., Schmidt, H.: Analysis and component-based realization of security requirements. In: Proceedings of the International Conference on Availability, Reliability and Security (AReS). IEEE Transactions, pp. 195–203. IEEE, Los Alamitos (2008)

    Google Scholar 

  8. Hatebur, D., Heisel, M., Schmidt, H.: A formal metamodel for problem frames. In: Czarnecki, K., Ober, I., Bruel, J.-M., Uhl, A., Völter, M. (eds.) MODELS 2008. LNCS, vol. 5301, pp. 68–82. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  9. Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1986)

    MATH  Google Scholar 

  10. Jackson, D.: Micromodels of software: Lightweight modelling and analysis with Alloy, http://softwareabstractions.org/

  11. Jackson, M.: Problem Frames. Analyzing and structuring software development problems. Addison-Wesley, Reading (2001)

    Google Scholar 

  12. Lai, L., Lai, L., Sanders, J.W.: A refinement calculus for communicating processes with state. In: 1st Irish Workshop on Formal Methods: Proceedings, Electronic Workshops in Computing. Springer, Heidelberg (1997)

    Google Scholar 

  13. Li, Z., Hall, J.G., Rapanotti, L.: From requirements to specifications: a formal approach. In: Proceedings of the International Workshop on Advances and Applications of Problem Frames (IWAAPF 2006), pp. 65–70. ACM, New York (2006)

    Chapter  Google Scholar 

  14. F. S. E. Limited. Failures-divergence refinement, FDR2 (2008)

    Google Scholar 

  15. Mantel, H.: A Uniform Framework for the Formal Specification and Verification of Information Flow Security. PhD thesis, Universität des Saarlandes, Saarbrücken, Germany (July 2003)

    Google Scholar 

  16. Mouratidis, H., Giorgini, P.: Secure Tropos: A security-oriented extension of the Tropos methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)

    Article  Google Scholar 

  17. Nelson, M., Nelson, T., Alencar, P., Cowan, D.: Exploring problem-frame concerns using formal analysis. In: Proceedings of the International Workshop on Advances and Applications of Problem Frames (IWAAPF 2004), Edinburgh, Scotland, pp. 61–68. IET (2004)

    Google Scholar 

  18. Santen, T.: Preservation of probabilistic information flow under refinement. Information and Computation 206(2-4), 213–249 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  19. van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proceedings of the 26th International Conference on Software Engineering (ICSE), pp. 148–157. IEEE Computer Society Press, Los Alamitos (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Engineering, Department of Computer Science and Applied Cognitive Science, Workgroup Software Engineering, University Duisburg-Essen, Germany

    Holger Schmidt

Authors
  1. Holger Schmidt
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Trento, Povo (Trento), Italy

    Fabio Massacci

  2. Department of Computer Science, James Madison University, VA 22807, Harrisonburg, USA

    Samuel T. Redwine Jr.

  3. Department of Computer Science, University of Toronto, ON, Canada

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Schmidt, H. (2009). Pattern-Based Confidentiality-Preserving Refinement. In: Massacci, F., Redwine, S.T., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2009. Lecture Notes in Computer Science, vol 5429. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00199-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00199-4_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00198-7

  • Online ISBN: 978-3-642-00199-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation