Article

Software Architectural Design Meets Security Engineering

Authors:

Stephan Bode,

Anja Fischer,

Winfried Kühnhauser,

Matthias RiebischAuthors Info & Claims

ECBS '09: Proceedings of the 2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems

Pages 109 - 118

https://doi.org/10.1109/ECBS.2009.17

Published: 14 April 2009 Publication History

Publisher Site

Abstract

Security requirements strongly influence the architectural design of complex IT systems in a similar way as other non-functional requirements. Both security engineering as well as software engineering provide methods to deal with such requirements. However, there is still a critical gap concerning the integration of the methods of these separate fields. In this paper we close this gap with respect to security requirements by proposing a method that combines software engineering approaches with state-of-the-art security engineering principles. This method establishes an explicit alignment between the non-functional goal, the principles in the field of security engineering, and the implementation of a security architecture. The method aims at designing a system's security architecture based on a small, precisely defined, and application-specific trusted computing base. We illustrate this method by means of a case study which describes distributed enterprise resource planning systems using web services to implement business processes across company boundaries.

Cited By

View all

Riebisch MBode SBrcina RCleve ARobbes R(2011)Problem-solution mapping for forward and reengineering on architectural levelProceedings of the 12th International Workshop on Principles of Software Evolution and the 7th annual ERCIM Workshop on Software Evolution10.1145/2024445.2024466(106-115)Online publication date: 5-Sep-2011
https://dl.acm.org/doi/10.1145/2024445.2024466
Bode SRiebisch M(2010)Impact evaluation for quality-oriented architectural decisions regarding evolvabilityProceedings of the 4th European conference on Software architecture10.5555/1887899.1887916(182-197)Online publication date: 23-Aug-2010
https://dl.acm.org/doi/10.5555/1887899.1887916

Recommendations

A systematic review of security requirements engineering

One of the most important aspects in the achievement of secure software systems in the software development process is what is known as Security Requirements Engineering. However, very few reviews focus on this theme in a systematic, thorough and ...
Secure Tropos framework for software product lines requirements engineering

Security and requirements engineering are two of the most important factors of success in the development of a software product line (SPL). Goal-driven security requirements engineering approaches, such as Secure Tropos, have been proposed as a suitable ...
Security Engineering Approach to Support Software Security
SERVICES '10: Proceedings of the 2010 6th World Congress on Services

As information security and privacy become increasingly important to organizations, the demand grows for software development processes that assure information integrity, availability, and confidentiality. Unfortunately, despite the investments made in ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ECBS '09: Proceedings of the 2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems

April 2009

323 pages

ISBN:9780769536026

Publisher

IEEE Computer Society

United States

Publication History

Published: 14 April 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Riebisch MBode SBrcina RCleve ARobbes R(2011)Problem-solution mapping for forward and reengineering on architectural levelProceedings of the 12th International Workshop on Principles of Software Evolution and the 7th annual ERCIM Workshop on Software Evolution10.1145/2024445.2024466(106-115)Online publication date: 5-Sep-2011
https://dl.acm.org/doi/10.1145/2024445.2024466
Bode SRiebisch M(2010)Impact evaluation for quality-oriented architectural decisions regarding evolvabilityProceedings of the 4th European conference on Software architecture10.5555/1887899.1887916(182-197)Online publication date: 23-Aug-2010
https://dl.acm.org/doi/10.5555/1887899.1887916

Abstract

Cited By

Recommendations

A systematic review of security requirements engineering

Secure Tropos framework for software product lines requirements engineering

Security Engineering Approach to Support Software Security

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations