Title :
Early security patterns: A collection of constraints to describe regulatory security requirements
Author :
Gandhi, Robin A. ; Rahmani, Mariam
Author_Institution :
Coll. of Inf. Sci. & Technol., Univ. of Nebraska Omaha, Omaha, NE, USA
Abstract :
Security engineering involves systematically applying the accumulated experience and best practices, such as regulatory security requirements, to identify a repeatable solution that is cost-effective, continuously improved, and fulfills security expectations of the stakeholders. However, security principles and regulatory requirements are rarely applied systematically during system design. We outline a stepwise process to extract domain concepts and apply a lightweight formal modeling language, Alloy, for the representation of regulatory requirements as early security patterns. These patterns, as a collection of constraints describing regulatory requirements provide a template for the systematic integration and analysis of these constraints in a system context. Each pattern defines a constrained solution space that can be enforced in subsequent phases of secure system development, testing and operation.
Keywords :
formal languages; formal specification; security of data; Alloy; constrained solution space; domain concept extraction; lightweight formal modeling language; secure system development; secure system operation; secure system testing; security engineering; security patterns; security principles; stakeholders; Abstracts; Analytical models; Context; Metals; Natural languages; Security; Unified modeling language; alloy; assurance; certification and accreditation; formal modeling; requirements; security regulations;
Conference_Titel :
Requirements Patterns (RePa), 2012 IEEE Second International Workshop on
Conference_Location :
Chicago, IL
Print_ISBN :
978-1-4673-4374-9
Electronic_ISBN :
978-1-4673-4375-6
DOI :
10.1109/RePa.2012.6359966
