Anton Uzunov is leading work into the development of a pattern-oriented approach to the engineering of secure software methodologies. Recent work in this space, accepted for publication in the Journal of Information and Software Technology, builds upon existing method engineering ideas to form a new comprehensive approach to engineering security methodologies.
Developing secure software systems is an issue of ever-growing importance. Researchers have generally come to acknowledge that to develop such systems successfully, their security features must be incorporated in the context of a systematic approach: a security methodology. There are a number of such methodologies in the literature, but no single security methodology is adequate for every situation, requiring the construction of “fit-to-purpose” methodologies or the tailoring of existing methodologies to the project specifics at hand. While a large body of research exists addressing the same requirement for development methodologies – constituting the field of Method Engineering – there is nothing comparable for security methodologies as such; in fact, the topic has never been studied before in such a context.
Our approach is embodied in three interconnected parts: a framework of interrelated security process patterns; a security-specific meta-model; and a meta-methodology to guide engineers in using the latter artefacts in a step-wise fashion. A UML-inspired notation is used for representing all pattern- based methodology models during design and construction. The approach is illustrated and evaluated by tailoring an existing, real-life security methodology to a distributed-system-specific project situation.
The paper proposes a novel pattern-oriented approach to modeling, constructing, tailoring and combining security methodologies, which is the very first and currently sole such approach in the literature. We illustrate and evaluate our approach in an academic setting, and perform a feature analysis to highlight benefits and deficiencies.
A. Uzunov, K. Falkner and E. Fernandez, A Comprehensive Pattern-Oriented Approach to Engineering Security Methodologies. Accepted for Information and Software Technology. (to appear).