Visualizing security requirements patterns

Date

2015

Authors

Diaz Correa, Derek

Journal Title

Journal ISSN

Volume Title

Publisher

Abstract

In today's software development scene, security patterns play a huge role in the way software is currently built. With security patterns we can create better software with proven methods by reusing security patterns. As time passes more and more patterns are created that help the software engineer create better software but at the cost of making patterns harder to find due to the large amount of them. This makes it harder to find the correct pattern needed for their use case. In this thesis I address this issue by creating a visual way of finding patterns. With this method of finding patterns visually we ease the way users can find patterns and their dependencies. Currently the University of Texas at San Antonio has an up-to-date pattern repository library. This repository is unique because there are little to none security pattern repositories in the industry. So we based our research and implementation on top of this system. Since this repository is still a work in progress and One way to improve the way that we search for patterns is to introduce a method to visually see how patterns are related. Because of this we explore multiple existing proposals that show different methods of implementing pattern diagrams. Also while researching for ways to facilitate the way patterns are found on the repository multiple research papers talk on how CWE's can be used together with patterns. The end result is that we were able to create a tool called VisiPattern that visually generates pattern feature diagrams. With this tool we solve the problem of generating pattern diagrams that improve the way users locate patterns. Also the repository now supports the use of CWEs on each pattern. With the CWEs we know real use cases where the pattern can be exploited. This way we can and finally propose a way to implement this in a requirements pattern repository.

Description

Keywords

Applied sciences

Citation

Department

Computer Science