A Pattern-Based General Security Framework: An eBusiness Case Study

Security and domain specific regulations are critical for any organization. Unfortunately, achieving these prerequisites in a socio-technical environment is a difficult task. For example, let us consider the aspect of computer security: neither software developers nor regulatory authorities are security experts. Therefore, it is important that security experts´ knowledge is captured and made available to software developers. Security patterns are a suitable prescription to capture experts´ solutions to commonly recurring security problems. In this paper, we present the application of a general framework, based on security patterns, used to develop secure applications. It covers the entire process of solution development: defining organizational security requirements using SECURE TROPOS, formalizing the pattern using SI*, implementing the pattern, integrating it into the final application, and monitoring the runtime. All these phases are discussed and illustrated with an eBusiness case study: the loan origination process.