Building secure systems using a security engineering process and security building blocks

Andre Rein; Carsten Rudolph; Jose Fran Ruiz

Building secure systems using a security engineering process and security building blocks

Andre Rein, Carsten Rudolph, Jose Fran Ruiz

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

Abstract

In today's software development process, security related design decisions are rarely made early in the overall process. Even if security is considered early, this means that in most cases a more-or-less encompassing security requirements analysis is made. Based on this analysis best-practices, ad-hoc design decisions or individual expertise is used to integrate security during the development process or after weaknesses are found after the deployment. This paper explains the SecFutur security engineering process with a focus on Security Building Block Models which are used to build security related components, namely Security Building Blocks. These Security Building Blocks represent concrete security solutions and can be accessed via SecFutur patterns on the level of domain-specific models for particular application domains. The goal of this approach is to provide already defined and tested security related software components, which can be used early in the overall development process, to support security-design-decision already while modeling the software-system. Security Building Blocks are discussed in the context of the SecFutur Security Engineering Process with its requirement analysis and definition of security properties.

Original language	English
Title of host publication	Software Engineering 2013 - Workshopband (inkl. Doktorandensymposium)
Subtitle of host publication	Fachtagung des GI-Fachbereichs Softwaretechnik, 26.02.–01.03.2013, in Aachen [proceedings]
Editors	Stefan Wagner, Horst Lichter
Place of Publication	Bonn
Publisher	Gesellschaft fur Informatik (GI)
Pages	529-544
Number of pages	16
Volume	P-215
ISBN (Print)	9783885796091
Publication status	Published - 2013
Externally published	Yes
Event	Multi-Conference on Software Engineering, SE 2013 - Aachen, Germany Duration: 26 Feb 2013 → 1 Mar 2013

Conference

Conference	Multi-Conference on Software Engineering, SE 2013
Country/Territory	Germany
City	Aachen
Period	26/02/13 → 1/03/13

Access to Document

http://subs.emis.de/LNI/Proceedings/Proceedings215/529.pdf

Cite this

Rein, A., Rudolph, C., & Ruiz, J. F. (2013). Building secure systems using a security engineering process and security building blocks. In S. Wagner, & H. Lichter (Eds.), Software Engineering 2013 - Workshopband (inkl. Doktorandensymposium): Fachtagung des GI-Fachbereichs Softwaretechnik, 26.02.–01.03.2013, in Aachen [proceedings] (Vol. P-215, pp. 529-544). Gesellschaft fur Informatik (GI). http://subs.emis.de/LNI/Proceedings/Proceedings215/529.pdf

Rein, Andre ; Rudolph, Carsten ; Ruiz, Jose Fran. / Building secure systems using a security engineering process and security building blocks. Software Engineering 2013 - Workshopband (inkl. Doktorandensymposium): Fachtagung des GI-Fachbereichs Softwaretechnik, 26.02.–01.03.2013, in Aachen [proceedings]. editor / Stefan Wagner ; Horst Lichter. Vol. P-215 Bonn : Gesellschaft fur Informatik (GI), 2013. pp. 529-544

@inproceedings{8784bdf4f5544c668c0b1b6853a2161e,

title = "Building secure systems using a security engineering process and security building blocks",

abstract = "In today's software development process, security related design decisions are rarely made early in the overall process. Even if security is considered early, this means that in most cases a more-or-less encompassing security requirements analysis is made. Based on this analysis best-practices, ad-hoc design decisions or individual expertise is used to integrate security during the development process or after weaknesses are found after the deployment. This paper explains the SecFutur security engineering process with a focus on Security Building Block Models which are used to build security related components, namely Security Building Blocks. These Security Building Blocks represent concrete security solutions and can be accessed via SecFutur patterns on the level of domain-specific models for particular application domains. The goal of this approach is to provide already defined and tested security related software components, which can be used early in the overall development process, to support security-design-decision already while modeling the software-system. Security Building Blocks are discussed in the context of the SecFutur Security Engineering Process with its requirement analysis and definition of security properties.",

author = "Andre Rein and Carsten Rudolph and Ruiz, {Jose Fran}",

year = "2013",

language = "English",

isbn = "9783885796091",

volume = "P-215",

pages = "529--544",

editor = "Wagner, {Stefan } and Lichter, {Horst }",

booktitle = "Software Engineering 2013 - Workshopband (inkl. Doktorandensymposium)",

publisher = "Gesellschaft fur Informatik (GI)",

note = "Multi-Conference on Software Engineering, SE 2013 ; Conference date: 26-02-2013 Through 01-03-2013",

}

Rein, A, Rudolph, C & Ruiz, JF 2013, Building secure systems using a security engineering process and security building blocks. in S Wagner & H Lichter (eds), Software Engineering 2013 - Workshopband (inkl. Doktorandensymposium): Fachtagung des GI-Fachbereichs Softwaretechnik, 26.02.–01.03.2013, in Aachen [proceedings]. vol. P-215, Gesellschaft fur Informatik (GI), Bonn, pp. 529-544, Multi-Conference on Software Engineering, SE 2013, Aachen, Germany, 26/02/13. <http://subs.emis.de/LNI/Proceedings/Proceedings215/529.pdf>

Building secure systems using a security engineering process and security building blocks. / Rein, Andre; Rudolph, Carsten; Ruiz, Jose Fran.
Software Engineering 2013 - Workshopband (inkl. Doktorandensymposium): Fachtagung des GI-Fachbereichs Softwaretechnik, 26.02.–01.03.2013, in Aachen [proceedings]. ed. / Stefan Wagner; Horst Lichter. Vol. P-215 Bonn: Gesellschaft fur Informatik (GI), 2013. p. 529-544.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research

TY - GEN

T1 - Building secure systems using a security engineering process and security building blocks

AU - Rein, Andre

AU - Rudolph, Carsten

AU - Ruiz, Jose Fran

PY - 2013

Y1 - 2013

N2 - In today's software development process, security related design decisions are rarely made early in the overall process. Even if security is considered early, this means that in most cases a more-or-less encompassing security requirements analysis is made. Based on this analysis best-practices, ad-hoc design decisions or individual expertise is used to integrate security during the development process or after weaknesses are found after the deployment. This paper explains the SecFutur security engineering process with a focus on Security Building Block Models which are used to build security related components, namely Security Building Blocks. These Security Building Blocks represent concrete security solutions and can be accessed via SecFutur patterns on the level of domain-specific models for particular application domains. The goal of this approach is to provide already defined and tested security related software components, which can be used early in the overall development process, to support security-design-decision already while modeling the software-system. Security Building Blocks are discussed in the context of the SecFutur Security Engineering Process with its requirement analysis and definition of security properties.

AB - In today's software development process, security related design decisions are rarely made early in the overall process. Even if security is considered early, this means that in most cases a more-or-less encompassing security requirements analysis is made. Based on this analysis best-practices, ad-hoc design decisions or individual expertise is used to integrate security during the development process or after weaknesses are found after the deployment. This paper explains the SecFutur security engineering process with a focus on Security Building Block Models which are used to build security related components, namely Security Building Blocks. These Security Building Blocks represent concrete security solutions and can be accessed via SecFutur patterns on the level of domain-specific models for particular application domains. The goal of this approach is to provide already defined and tested security related software components, which can be used early in the overall development process, to support security-design-decision already while modeling the software-system. Security Building Blocks are discussed in the context of the SecFutur Security Engineering Process with its requirement analysis and definition of security properties.

UR - http://www.scopus.com/inward/record.url?scp=84922692776&partnerID=8YFLogxK

M3 - Conference Paper

AN - SCOPUS:84922692776

SN - 9783885796091

VL - P-215

SP - 529

EP - 544

BT - Software Engineering 2013 - Workshopband (inkl. Doktorandensymposium)

A2 - Wagner, Stefan

A2 - Lichter, Horst

PB - Gesellschaft fur Informatik (GI)

CY - Bonn

T2 - Multi-Conference on Software Engineering, SE 2013

Y2 - 26 February 2013 through 1 March 2013

ER -

Rein A, Rudolph C, Ruiz JF. Building secure systems using a security engineering process and security building blocks. In Wagner S, Lichter H, editors, Software Engineering 2013 - Workshopband (inkl. Doktorandensymposium): Fachtagung des GI-Fachbereichs Softwaretechnik, 26.02.–01.03.2013, in Aachen [proceedings]. Vol. P-215. Bonn: Gesellschaft fur Informatik (GI). 2013. p. 529-544

Building secure systems using a security engineering process and security building blocks

Abstract

Conference

Access to Document

Other files and links

Cite this