Connecting Security Requirements Analysis and Secure Design Using Patterns and UMLsec

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6741)


Existing approaches only provide informal guidelines for the transition from security requirements to secure design. Carrying out this transition is highly non-trivial and error-prone, leaving the risk of introducing vulnerabilities.

This paper presents a pattern-oriented approach to connect security requirements analysis and secure architectural design. Following the divide & conquer principle, a software development problem is divided into simpler subproblems based on security requirements analysis patterns. We complement each of these patterns with architectural security patterns tailored to solve classes of security subproblems. We use UMLsec together with the advanced modeling possibilities for software architectures of UML 2.3 to equip the architectural security patterns with security properties, and to allow tool-supported analysis and composition of instances of these patterns. We validate our approach using two case studies and illustrate its support for Common Criteria certifications.


security requirement secure design architectural pattern 


  1. 1.
    Bryl, V., Massacci, F., Mylopoulos, J., Zannone, N.: Designing security requirements models through planning. In: Martinez, F.H., Pohl, K. (eds.) CAiSE 2006. LNCS, vol. 4001, pp. 33–47. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Choppy, C., Hatebur, D., Heisel, M.: Component composition through architectural patterns for problem frames. In: Proceedings of the Asia Pacific Software Engineering Conference (APSEC), pp. 27–34. IEEE Computer Society, Washington, DC, USA (2006)Google Scholar
  3. 3.
    Giorgini, P., Mouratidis, H.: Secure tropos: A security-oriented extension of the tropos methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)CrossRefGoogle Scholar
  4. 4.
    Hall, J.G., Jackson, M., Laney, R.C., Nuseibeh, B., Rapanotti, L.: Relating software requirements and architectures using problem frames. In: Proceedings of the IEEE International Requirements Engineering Conference (RE), pp. 137–144. IEEE Computer Society, Los Alamitos (2002)CrossRefGoogle Scholar
  5. 5.
    Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: An analysis of the security patterns landscape. In: Proceedings of the International Workshop on Software Engineering for Secure Systems (SESS), pp. 3–10. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  6. 6.
    Heyman, T., Yskout, K., Scandariato, R., Schmidt, H., Yu, Y.: The security twin peaks. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 167–180. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Jackson, M.: Problem Frames. In: Analyzing and structuring software development problems. Addison-Wesley, Reading (2001)Google Scholar
  8. 8.
    Jürjens, J.: Principles for Secure Systems Design. PhD thesis, University of Oxford (2002)Google Scholar
  9. 9.
    Massacci, F., Mylopoulos, J., Zannone, N.: An Ontology for Secure Socio-Technical Systems. Information Science Reference. In: Ontologies for Business Interaction, pp. 188–207 (2007)Google Scholar
  10. 10.
    Mouratidis, H., Jürjens, J.: From goal-driven security requirements engineering to secure design. International Journal of Intelligent Systems – Special issue on Goal-Driven Requirements Engineering 25(8), 813–840 (2010)Google Scholar
  11. 11.
    Pérez-Martínez, J.E., Sierra-Alonso, A.: UML 1.4 versus UML 2.0 as languages to describe software architectures. In: Oquendo, F., Warboys, B.C., Morrison, R. (eds.) EWSA 2004. LNCS, vol. 3047, pp. 88–102. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Pfleeger, C.P., Pfleeger, S.L.: Security In Computing, 3rd edn. Prentice Hall PTR, Englewood Cliffs (2003)zbMATHGoogle Scholar
  13. 13.
    Rapanotti, L., Hall, J.G., Jackson, M., Nuseibeh, B.: Architecture-driven problem decomposition. In: Proceedings of the IEEE International Requirements Engineering Conference (RE), pp. 80–89. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  14. 14.
    Schmidt, H.: A Pattern- and Component-Based Method to Develop Secure Software. Deutscher Wissenschafts-Verlag (DWV) Baden-Baden (April 2010)Google Scholar
  15. 15.
    Schmidt, H., Jürjens, J.: UMLsec4UML2 - adopting UMLsec to support UML2. Technical Report 838, Technical University of Dortmund (February 2011),
  16. 16.
    Shaw, M., Garlan, D.: Software Architecture. Perspectives on an Emerging Discipline. Prentice Hall PTR, Englewood Cliffs (1996)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  1. 1.Software Engineering, Department of Computer ScienceTU DortmundGermany
  2. 2.Fraunhofer ISSTGermany

Personalised recommendations