A Pattern- and Component-Based Method to Develop Secure Software

We present the security engineering process using patterns (SEPP), which has a strong focus on the early phases of software development, i.e., requirements engineering, specification, and architectural design. In its rst phase, SEPP makes use of patterns for security requirements engineering. Security problem frames are patterns for structuring, characterizing, and analyzing problems that occur frequently in security engineering. Concretized security problem frames involve rst solution approaches for the problems described by security problem frames. Both frame types are arranged in a pattern system that makes dependencies between them explicit. We describe step-by-step how the pattern system can be used to analyze given security problems and how solution approaches can be found. Moreover, we present a formal foundation of (concretized) security problem frames that provides the basis for tool support. In SEPP's second phase, we develop semi-formal specications that describe the interaction of the software with its environment. Moreover, the security problems and the solution approaches that deal with confidentiality requirements are formally modeled based on patterns. The formal models serve to prove that the solution approaches are correct solutions to the security problems. Furthermore, the formal models of the solution approaches constitute a formal specification of the software to be developed. In SEPP's third phase, the security requirements are realized by generic security architectures, which constitute architectural patterns. They correspond to concretized security problem frames, and they consist of generic security components. Instantiated generic security architectures are composed to develop a global generic security architecture, which is rened to obtain a secure software architecture built from existing and/or tailor-made security components.