A Framework for Exploiting Security Expertise in Application Development

  • Theodoros Balopoulos
  • Lazaros Gymnopoulos
  • Maria Karyda
  • Spyros Kokolakis
  • Stefanos Gritzalis
  • Sokratis Katsikas
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4083)


This paper presents a framework that employs security ontologies and security patterns to provide application developers with a way to utilize security expertise. Through the development of a security ontology, developers locate the major security-related concepts relevant to their application context. Security patterns are then integrated with these concepts to provide tested solutions for accommodating security requirements.


Information Security Security Requirement Application Development Class Hierarchy Misuse Case 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Balopoulos, T., Dritsas, S., Gymnopoulos, L., Karyda, M., Kokolakis, S., Gritzalis, S.: Incorporating Security Requirements into the Software Development Process. In: Proceedings of the 4th European Conference On Information Warfare And Security (ECIW 2005), University of Glamorgan, UK (July 2005)Google Scholar
  2. 2.
    Dritsas, S., Gymnopoulos, L., Karyda, M., Balopoulos, T., Kokolakis, S., Lambrinoudakis, C., Gritzalis, S.: Employing Ontologies for the Development of Security Critical Applications: The Secure e-Poll Paradigm. In: Proceedings of the IFIP I3E International Conference on eBusiness, eCommerce, and eGovernement, Poznan, Poland, October 2005. Springer, Heidelberg (2005)Google Scholar
  3. 3.
    Karyda, M., Balopoulos, T., Dritsas, S., Gymnopoulos, L., Kokolakis, S., Lambrinoudakis, C., Gritzalis, S.: Using Security Ontologies for the development of secure e-Government applications. In: Tjoa, A., Schweighofer, E. (eds.) Proceedings of the DeSeGov 2006 Workshop on Dependability and Security in eGovernment (in conjunction with the 1st International Conference on Availability, Reliability, and Security), Vienna, Austria. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  4. 4.
    Gymnopoulos, L., Karyda, M., Balopoulos, T., Dritsas, S., Kokolakis, S., Lambrinoudakis, C., Gritzalis, S.: Developing a Security Patterns Repository for Secure Applications De-sign. In: Proceedings of the 5th European Conference on Information Warfare and Security (ECIW 2006), Helsinki, Finland (2006)Google Scholar
  5. 5.
    Jürjens, J.: Towards Development of Secure Systems Using UMLsec. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, p. 187. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Stevens, P., et al.: Using UML. Addison-Wesley, Reading (2000)Google Scholar
  7. 7.
    Raskin, V., Hempelmann, C., Triezenberg, K., Nirenburg, S.: Ontology in Information Security: A Useful Theoretical Foundation and Methodological Tool. In: Raskin, V., Hempelmann, C.F. (eds.) Proceedings of the New Security Paradigms Workshop. ACM Press, New York (2001)Google Scholar
  8. 8.
    Mouratidis, H., Giorgini, P., Manson, G.: An Ontology for Modelling Security: The Tropos Project. In: Palade, V., Howlett, R.J., Jain, L. (eds.) KES 2003. LNCS, vol. 2774. Springer, Heidelberg (2003)Google Scholar
  9. 9.
    Gruber, T.R.: Toward principles for the design of ontologies used for knowledge sharing. Padua workshop on Formal Ontology (March 1993)Google Scholar
  10. 10.
    Filman, R., Linden, T.: Communicating Security Agents. In: Proceedings of the 5th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, Stanford, CA, USA, pp. 86–91 (1996)Google Scholar
  11. 11.
    Noy, N.F., Mc Guinness, D.L.: Ontology Development 101: A Guide to Creating Your First Ontology, Stanford Knowledge Systems Laboratory Technical Report KSL-01-05 (2001)Google Scholar
  12. 12.
  13. 13.
  14. 14.
  15. 15.
    Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerland, P.: Security Patterns: Integrating Security and Systems Engineering. John Wiley & Sons, Chichester (2006)Google Scholar
  16. 16.
    Yoder, J., Barcalow, J.: Architectural Patterns for Enabling Application Security. In: Proceedings of the 4th Conference on Pattern Languages of Programs (PLoP 1997), Monticello, IL, USA (1997)Google Scholar
  17. 17.
    Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns – Elements of Reusable Object-Oriented Software. Addison-Wesley, Reading (1995)Google Scholar
  18. 18.
    Schumacher, M.: Security Engineering with Patterns: Origins, Theoretical Models, and New Applications, Paperback (2003)Google Scholar
  19. 19.
    Baskerville, R.: Information Systems Security Design Methods: Implications for Information Systems Development. ACM Computing Survey 25(4), 375–414 (1993)CrossRefGoogle Scholar
  20. 20.
    Siponen, M.T.: Analysis of modern IS security development approaches: towards the next generation of social and adaptable ISS methods. Information and Organization 15(4), 339–375 (2005)CrossRefGoogle Scholar
  21. 21.
    Sindre, G., Firesmith, D.G., Opdahl, A.L.: A Reuse-Based Approach to Determining Security Requirements. In: Proceedings of the 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ 2003), Klagenfurt/Velden, Austria (June 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Theodoros Balopoulos
    • 1
  • Lazaros Gymnopoulos
    • 1
  • Maria Karyda
    • 1
  • Spyros Kokolakis
    • 1
  • Stefanos Gritzalis
    • 1
  • Sokratis Katsikas
    • 1
  1. 1.Laboratory of Information and Communication Systems Security (Info-Sec-Lab), Department of Information and Communication Systems EngineeringUniversity of the AegeanSamosGreece

Personalised recommendations