Using Security Patterns to Tailor Software Process

نویسندگان

  • Rosana Wagner
  • Lisandra M. Fontoura
  • Adriano Brum Fontoura
چکیده

Secure software development processes can reduce the quantity of security errors and the vulnerabilities involved in software projects. A secure development process is composed by activities that propose the insertion of security requirements in all software development phases. These activities can be based on standards and/or security models such as SSE-CMM, ISO/IEC 27001, ISO/IEC 15408. The problem is that the standards and security models describe security requirements which can be followed but do not describe how these requirements must be implemented in software processes. Security patterns describe good security practices which can be incorporated to the software process and satisfy the requirements that are described by the standards and models. This work proposes a methodology for the tailoring of software processes based on security requirements that are defined by the security practices of the Systems Security Engineering Capability Maturity Model (SSE-CMM). The tailoring has as basis a process framework that is elaborated from the Rational Unified Process (RUP) and security patterns proposed on the literature.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Developing Secure Software Using UML Patterns

This chapter presents a security engineering process based on UML security problem frames and concretized UML security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used...

متن کامل

Using Risk Analysis and Patterns to Tailor Software Processes

This paper discusses an approach to tailor software development processes and methodologies based on organizational patterns and risk criteria. The purpose of the approach is to adapt an organizational pattern language to the context of a given project. The most suitable organizational patterns to the requirements of the project should be chosen analyzing the risks and the criticality context o...

متن کامل

Securing Gang of Four Design Patterns

Software design patterns are a means to specify common solutions to reoccurring design problems. Similarly, security design patterns provide a means to encapsulate common security solutions and mechanisms which are applicable at the design phase of the software development lifecycle. Security patterns have received considerable attention from the security community to introduce concepts such as...

متن کامل

Investigation on Formability of Tailor-Welded Blanks in Incremental Forming

Steel laser tailor-welded blanks (TWBs) are produced by end-to-end joining of base sheets using different welding methods. In this article, the formability of laser TWBs of St12 and St14 with thicknesses of 1 mm and 1.5 in single point incremental forming process were experimentally and numerically investigated. First, the forming limit wall angle was experimentally determined for each of the b...

متن کامل

Amoco CD commercial polypropylene catalyst tailor-made for the Amoco-Chisso gas phase process

The commercial profile of the Amoco CD MgCl2 supported polypropylene catalyst is presented. The development, the unique method of preparation/production, with emphasis on particle morphology, and the parameters affecting particle size (PS), particle size distribution (PSD), and particle shape are discussed in detail. The outstanding performance of the catalyst, tailoredmade for the Amoco-Chisso...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011