Security Concepts as Add-On for Process Models

Development processes for software construction are common knowledge and widely used in most development organizations. Unfortunately, these processes often offer only little or no support in order to meet security requirements. In our work, we propose a methodology to enhance these process models with security concepts, backed by a security-oriented process model specification language. The methodology supports existing process models, which will be extended by established security approaches, as well as information security risk management standards, to fulfill the demand for secure software engineering. The methodology and the process modeling language we propose, have been successfully evaluated by the TERESA project for specifying development processes for trusted applications and integrating security concepts into existing process models.