Octopus: University of The Aegean Research & Project Outputs System

Συνέδριο

Συγγραφείς:	Gymnopoulos L., Karyda M., Balopoulos T., Dritsas S., Kokolakis S., Lambrinoudakis C., Gritzalis S.
Τίτλος:	Developing a Security Patterns Repository for Secure Applications Design
Συνέδριο:	ECIW 2006 5thEuropean Conference on Information Warfare and Security
Editors:	C. Candolin et al.
Ed:	Όχι
Eds:	Ναι
Σελίδες:	51-60
Να εμφανιστεί:	Όχι
Μήνας:	Ιούνιος
Έτος:	2006
Τόπος:	Helsinki, Finland
Εκδότης:	ACL Academic Conferences Limited
Δεσμός:	http://www.icsd.aegean.gr/publication_files/conference/167886250.pdf
Όνομα αρχείου:	B11.pdf##^^&&167886250.pdf
Περίληψη:	Application developers are often confronted with difficulties in choosing or embedding security mechanisms that are necessary for building secure applications, since this demands possessing expertise in security issues. This problem can be circumvented by involving security experts early in the development process. This practice, however, entails high costs; moreover communication between developers and security experts is usually problematic and security expertise is difficult to be captured and exploited by developers. This paper proposes that the process of building secure applications can be facilitated through the use of security patterns. It presents a security patterns repository that can provide developers with an effective mechanism to address the issue of incorporating security requirements and mechanisms in application development. The paper also specifies a list of patterns and describes their basic elements. For describing and managing the patterns, the paper proposes a structure that is especially suitable for the case of security patterns. The method followed for developing the security patterns repository entails the employment of a security ontology. Finally, the paper presents a set of exemplary cases where the repository can support the software development process. The paper’s contribution is an enhanced security patterns repository that allows application developers to benefit from the accumulated knowledge and expertise in the area of security, so that they are able to develop secure applications.