An Ontological Interface for Software Developers to Select Security Patterns

Abstract : In the software development lifecycle, security expertise is one common missing quality that needs to be addressed on a stronger footing, by taking advantage of the scaling effect of security patterns. Security patterns capture security experts’ knowledge for a given security problem. Hence, they are produced by experts in security and consumed by novice security users, such as software developers. In this paper we present an ontology based approach to find an eligible set of security patterns requested by software developers. We adopt the formal description of security properties presented in the Serenity EU project for defining our ground security requirements. We distinguish between two profiles for software developers and define a corresponding ontological interface. This ontological interface contains a mapping between security requirements from one side and threat models, security bugs, security errors on another side taking into consideration their contexts of applicability. We describe the current status of this work in progress where results are quite promising.
Document type :
Conference papers
Complete list of metadatas

https://hal.archives-ouvertes.fr/hal-01581161
Contributor : Équipe Gestionnaire Des Publications Si Liris <>
Submitted on : Monday, September 4, 2017 - 2:02:49 PM
Last modification on : Friday, January 11, 2019 - 4:52:20 PM

Identifiers

Citation

Paul El Khoury, Amine Mokhtari, Emmanuel Coquery, Mohand-Said Hacid. An Ontological Interface for Software Developers to Select Security Patterns. 2nd International Workshop on Secure systems methodologies using patterns (SPattern'08) in conjunction with the 19th International Conference on Database and Expert Systems Application, 2008. DEXA '08., Sep 2008, Turin, Italy. pp.297-301, ⟨10.1109/DEXA.2008.110⟩. ⟨hal-01581161⟩

Share

Metrics

Record views

73