An Ontological Interface for Software Developers to Select Security Patterns - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2008

An Ontological Interface for Software Developers to Select Security Patterns

Paul El Khoury
  • Fonction : Auteur
Emmanuel Coquery
Mohand-Said Hacid

Résumé

In the software development lifecycle, security expertise is one common missing quality that needs to be addressed on a stronger footing, by taking advantage of the scaling effect of security patterns. Security patterns capture security experts’ knowledge for a given security problem. Hence, they are produced by experts in security and consumed by novice security users, such as software developers. In this paper we present an ontology based approach to find an eligible set of security patterns requested by software developers. We adopt the formal description of security properties presented in the Serenity EU project for defining our ground security requirements. We distinguish between two profiles for software developers and define a corresponding ontological interface. This ontological interface contains a mapping between security requirements from one side and threat models, security bugs, security errors on another side taking into consideration their contexts of applicability. We describe the current status of this work in progress where results are quite promising.
Fichier non déposé

Dates et versions

hal-01581161 , version 1 (04-09-2017)

Identifiants

Citer

Paul El Khoury, Amine Mokhtari, Emmanuel Coquery, Mohand-Said Hacid. An Ontological Interface for Software Developers to Select Security Patterns. 2nd International Workshop on Secure systems methodologies using patterns (SPattern'08) in conjunction with the 19th International Conference on Database and Expert Systems Application, 2008. DEXA '08., Sep 2008, Turin, Italy. pp.297-301, ⟨10.1109/DEXA.2008.110⟩. ⟨hal-01581161⟩
62 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More