Octopus UNIVERSITY of THE AEGEAN

Σύστημα Καταγραφής και ανάδειξης ερευνητικού έργου μελών ΔΕΠ
English
Log in

Conference

Authors: Gymnopoulos L., Karyda M., Balopoulos T., Dritsas S., Kokolakis S., Lambrinoudakis C., Gritzalis S.
Title: Developing a Security Patterns Repository for Secure Applications Design
Conference: ECIW 2006 5thEuropean Conference on Information Warfare and Security
Editors: C. Candolin et al.
Ed: No
Eds: Yes
Pages: 51-60
To appear: No
Month: June
Year: 2006
Place: Helsinki, Finland
Pubisher: ACL Academic Conferences Limited
Link: http://www.icsd.aegean.gr/publication_files/conference/167886250.pdf
File name: B11.pdf##^^&&167886250.pdf
Abstract: Application developers are often confronted with difficulties in choosing or embedding security mechanisms that are necessary for building secure applications, since this demands possessing expertise in security issues. This problem can be circumvented by involving security experts early in the development process. This practice, however, entails high costs; moreover communication between developers and security experts is usually problematic and security expertise is difficult to be captured and exploited by developers. This paper proposes that the process of building secure applications can be facilitated through the use of security patterns. It presents a security patterns repository that can provide developers with an effective mechanism to address the issue of incorporating security requirements and mechanisms in application development. The paper also specifies a list of patterns and describes their basic elements. For describing and managing the patterns, the paper proposes a structure that is especially suitable for the case of security patterns. The method followed for developing the security patterns repository entails the employment of a security ontology. Finally, the paper presents a set of exemplary cases where the repository can support the software development process. The paper’s contribution is an enhanced security patterns repository that allows application developers to benefit from the accumulated knowledge and expertise in the area of security, so that they are able to develop secure applications.