Abstract
Development processes for software construction are common knowledge and widely used in most development organizations. Unfortunately, these processes often offer only little or no support in order to meet security requirements. In our work, we propose a methodology to build domain specific process models with security concepts on the foundations of industry-relevant security approaches, backed by a security-oriented process model specification language. Instead of building domain specific security-oriented process models from the ground, the methodology allows process designers to fall back on existing well established security approaches and add domain relevant concepts and repository-centric approaches, as well as supplementary information security risk management standards (e.g., Common Criteria), to fulfill the demand for secure software engineering. Supplementary and/or domain specific concepts can be added trough our process modeling language in an easy and direct way. The methodology and the process modeling language we propose have been successfully evaluated by the TERESA project for specifying development processes for trusted applications and integrating security concepts into existing process models used in the railway domain.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Common Criteria: common criteria for information technology security evaluation v3.1r4. Technical report CCMB-2012-09-001/002/003, Common Criteria (2012)
Die Beauftragte der Bundesregierung für Informationstechnik. V-modell XT (2005)
Forsberg, K., Mooz, H., Cotterman, H.: Visualizing Project Management. A Model for Business and Technical Success, 2nd edn. Wiley, New york (2000)
Geisel, J., Hamid, B., Bruel, J.-M.: Repository-centric process modeling – example of a pattern based development process. In: Lee, L. (ed.) Software Engineering Research, Management and Applications. Studies in Computational Intelligence, vol. 496, pp. 247–261. Springer, Switzerland (2014)
Gonzalez-Perez, C., Henderson-Sellers, B.: Modelling software development methodologies: a conceptual foundation. J. Syst. Softw. 80(11), 1778–1796 (2007)
Hamid, B., Geisel, J., Ziani, A., Gonzalez, D.: Safety lifecycle development process modeling for embedded systems - example of railway domain. In: Avgeriou, P. (ed.) SERENE 2012. LNCS, vol. 7527, pp. 63–75. Springer, Heidelberg (2012)
Hug, C., Front, A., Rieu, D., Henderson-Sellers, B.: A method to build information systems engineering process metamodels. J. Syst. Softw. 82(10), 1730–1742 (2009)
Kruchten, P.: The Rational Unified Process: An Introduction, 3rd edn. Addison-Wesley Longman Publishing Co., Inc., Boston (2003)
McGraw, G.: Software Security: Building Security, 3rd edn. Addison-Wesley Professional, Boston (2006)
Microsoft: Microsoft Security Development Lifecycle (SDL) process guidance - version 5.2 (2012)
OBEO: Acceleo (2014). http://www.eclipse.org/acceleo/
OMG: Software and systems process engineering metamodel specification (SPEM) version 2.0. Technical report, Object Management Group Inc. (2008)
OWASP: OWASP CLASP V1.2. OWASP, November 2007
Selic, B.: The pragmatics of model-driven development. IEEE Softw. 20(5), 19–25 (2003)
SEMCO: System and software engineering for embedded systems applications with multi-concerns support (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Geisel, J., Hamid, B., Gonzales, D., Bruel, JM. (2016). Towards a Methodological Tool Support for Modeling Security-Oriented Processes. In: Bellatreche, L., Pastor, Ó., Almendros Jiménez, J., Aït-Ameur, Y. (eds) Model and Data Engineering. MEDI 2016. Lecture Notes in Computer Science(), vol 9893. Springer, Cham. https://doi.org/10.1007/978-3-319-45547-1_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-45547-1_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45546-4
Online ISBN: 978-3-319-45547-1
eBook Packages: Computer ScienceComputer Science (R0)