{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,11]],"date-time":"2024-09-11T12:51:55Z","timestamp":1726059115965},"publisher-location":"Cham","reference-count":39,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030353322"},{"type":"electronic","value":"9783030353339"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-35333-9_15","type":"book-chapter","created":{"date-parts":[[2019,11,18]],"date-time":"2019-11-18T00:01:29Z","timestamp":1574035289000},"page":"203-219","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Constraining the Implementation Through Architectural Security Rules: An Expert Study"],"prefix":"10.1007","author":[{"given":"Stefanie","family":"Jasser","sequence":"first","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,11,18]]},"reference":[{"key":"15_CR1","doi-asserted-by":"publisher","unstructured":"Abi-Antoun, M.: Static extraction and conformance checking of the runtime architecture of object-oriented systems. In: Harris, G.E. (ed.) Companion to the 23rd ACM SIGPLAN Conference on Object-Oriented Programming Systems Languages and Applications, p. 911. ACM, New York (2008). \nhttps:\/\/doi.org\/10.1145\/1449814.1449904","DOI":"10.1145\/1449814.1449904"},{"key":"15_CR2","doi-asserted-by":"publisher","unstructured":"Abi-Antoun, M., Barnes, J.M.: Analyzing security architectures. In: Pecheur, C., Andrews, J., Di Nitto, E. (eds.) 25th IEEE\/ACM International Conference on Automated Software Engineering, pp. 3\u201312. ACM (2010). \nhttps:\/\/doi.org\/10.1145\/1858996.1859001","DOI":"10.1145\/1858996.1859001"},{"key":"15_CR3","doi-asserted-by":"publisher","unstructured":"Abi-Antoun, M., Wang, D., Torr, P.: Checking threat modeling data flow diagrams for implementation conformance and security. In: Stirewalt, K., Egyed, A., Fischer, B. (eds.) Proceedings of the 22nd IEEE\/ACM International Conference on Automated Software Engineering: ASE, pp. 393\u2013396. IEEE Computer Society and ACM, New York and Los Alamitos (2007). \nhttps:\/\/doi.org\/10.1145\/1321631.1321692","DOI":"10.1145\/1321631.1321692"},{"key":"15_CR4","doi-asserted-by":"publisher","unstructured":"Anand, P., Ryoo, J., Kazman, R.: Vulnerability-based security pattern categorization in search of missing patterns. In: 2014 Ninth International Conference on Availability, Reliability and Security, pp. 476\u2013483. IEEE (2014). \nhttps:\/\/doi.org\/10.1109\/ARES.2014.71","DOI":"10.1109\/ARES.2014.71"},{"key":"15_CR5","unstructured":"Arce, I., et al.: Avoiding the top 10 software security design flaws (2014). \nhttps:\/\/www.computer.org\/cms\/CYBSI\/docs\/Top-10-Flaws.pdf"},{"key":"15_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"56","DOI":"10.1007\/978-3-319-30806-7_4","volume-title":"Engineering Secure Software and Systems","author":"BJ Berger","year":"2016","unstructured":"Berger, B.J., Sohr, K., Koschke, R.: Automatically extracting threats from extended data flow diagrams. In: Caballero, J., Bodden, E., Athanasopoulos, E. (eds.) ESSoS 2016. LNCS, vol. 9639, pp. 56\u201371. Springer, Cham (2016). \nhttps:\/\/doi.org\/10.1007\/978-3-319-30806-7_4"},{"key":"15_CR7","doi-asserted-by":"publisher","unstructured":"Brunet, J., Serey, D., Figueiredo, J.: Structural conformance checking with design tests: an evaluation of usability and scalability. In: 2011 27th IEEE International Conference on Software Maintenance (ICSM), pp. 143\u2013152. IEEE, Piscataway (2011). \nhttps:\/\/doi.org\/10.1109\/ICSM.2011.6080781","DOI":"10.1109\/ICSM.2011.6080781"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Caracciolo, A.: A unified approach to architecture conformance checking. Dissertation, Universit\u00e4t Bern, Bern, M\u00e4rz 2016. \nhttp:\/\/scg.unibe.ch\/archive\/phd\/caracciolo-phd.pdf","DOI":"10.1109\/WICSA.2015.11"},{"key":"15_CR9","unstructured":"Eden, A.H., Kazman, R.: Architecture, design, implementation. In: Proceedings of the 25th International Conference on Software Engineering, ICSE 2003, pp. 149\u2013159. IEEE Computer Society, Washington, DC (2003). \nhttp:\/\/dl.acm.org\/citation.cfm?id=776816.776835"},{"key":"15_CR10","doi-asserted-by":"publisher","unstructured":"Eichberg, M., Kloppenburg, S., Klose, K., Mezini, M.: Defining and continuous checking of structural program dependencies. In: Sch\u00e4fer, W. (ed.) Companion of the 30th International Conference on Software Engineering, p. 391. ACM, New York (2008). \nhttps:\/\/doi.org\/10.1145\/1368088.1368142","DOI":"10.1145\/1368088.1368142"},{"key":"15_CR11","doi-asserted-by":"publisher","unstructured":"Gasson, S.: Rigor in grounded theory research. In: Whitman, M., Woszczynski, A. (eds.) The Handbook of Information Systems Research, pp. 79\u2013102. IGI Global (2004). \nhttps:\/\/doi.org\/10.4018\/978-1-59140-144-5.ch006","DOI":"10.4018\/978-1-59140-144-5.ch006"},{"key":"15_CR12","doi-asserted-by":"publisher","unstructured":"Gerdes, S., Soliman, M., Riebisch, M.: Decision buddy: tool support for constraint-based design decisions during system evolution. In: Proceedings of the 1st International Workshop on Future of Software Architecture Design Assistants: FoSADA, pp. 13\u201318. ACM Association for Computing Machinery (2015). \nhttps:\/\/doi.org\/10.1145\/1924421.1924451","DOI":"10.1145\/1924421.1924451"},{"key":"15_CR13","doi-asserted-by":"publisher","unstructured":"Gurgel, A., et al.: Blending and reusing rules for architectural degradation prevention. In: Binder, W., Peternier, A., Ernst, E., Hirschfeld, R. (eds.) MODULARITY 2014, pp. 61\u201372. ACM Association for Computing Machinery, New York (2014). \nhttps:\/\/doi.org\/10.1145\/2577080.2577087","DOI":"10.1145\/2577080.2577087"},{"key":"15_CR14","unstructured":"Hafiz, M.: Security pattern catalog (2016). \nhttp:\/\/www.munawarhafiz.com\/securitypatterncatalog\/"},{"key":"15_CR15","doi-asserted-by":"publisher","unstructured":"Heyman, T., Yskout, K., Scandariato, R., Joosen, W.: An analysis of the security patterns landscape. In: 2007 Third International Workshop on Software Engineering for Secure Systems, pp. 3\u20139. IEEE, Piscataway (2007). \nhttps:\/\/doi.org\/10.1109\/SESS.2007.4","DOI":"10.1109\/SESS.2007.4"},{"issue":"10","key":"15_CR16","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1016\/j.infsof.2004.11.005","volume":"47","author":"L Hochstein","year":"2005","unstructured":"Hochstein, L., Lindvall, M.: Combating architectural degeneration: a survey. Inf. Softw. Technol. 47(10), 643\u2013656 (2005). \nhttps:\/\/doi.org\/10.1016\/j.infsof.2004.11.005","journal-title":"Inf. Softw. Technol."},{"key":"15_CR17","unstructured":"Howard, M., Lipner, S.: The security development lifecycle: SDL, a process for developing demonstrably more secure software. Microsoft Secure Software Development Series, Microsoft Press, Redmond, Washington (2006). \nhttp:\/\/site.ebrary.com\/lib\/alltitles\/docDetail.action?docID=10762138"},{"key":"15_CR18","unstructured":"Jackson Higgins, K.: 10 common software security design flaws.pdf (2014). \nhttp:\/\/www.darkreading.com\/application-security\/10-common-software-security-design-flaws\/d\/d-id\/1306776"},{"key":"15_CR19","unstructured":"Jasser, S.: Security conformance checking for the detection of vulnerabilities. In: Proceedings of the 20th International Conference on Product-Focused Software Process Improvement, submitted (2019)"},{"key":"15_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"412","DOI":"10.1007\/3-540-45800-X_32","volume-title":"$$<<$$UML$$>>$$ 2002\u2014The Unified Modeling Language","author":"J J\u00fcrjens","year":"2002","unstructured":"J\u00fcrjens, J.: UMLsec: extending UML for secure systems development. In: J\u00e9z\u00e9quel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 412\u2013425. Springer, Heidelberg (2002). \nhttps:\/\/doi.org\/10.1007\/3-540-45800-X_32"},{"issue":"4","key":"15_CR21","doi-asserted-by":"publisher","first-page":"336","DOI":"10.1109\/32.385971","volume":"21","author":"DC Luckham","year":"1995","unstructured":"Luckham, D.C., Kenney, J.J., Augustin, L.M., Vera, J., Bryan, D., Mann, W.: Specification and analysis of system architecture using rapide. IEEE Trans. Softw. Eng. 21(4), 336\u2013354 (1995). \nhttps:\/\/doi.org\/10.1109\/32.385971","journal-title":"IEEE Trans. Softw. Eng."},{"key":"15_CR22","unstructured":"Meldal, S., Luckham, D.C.: Defining a security reference architecture. \nhttp:\/\/i.stanford.edu\/pub\/cstr\/reports\/csl\/tr\/97\/728\/CSL-TR-97-728.pdf"},{"issue":"3","key":"15_CR23","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1109\/TSE.2015.2479217","volume":"42","author":"M Mirakhorli","year":"2016","unstructured":"Mirakhorli, M., Cleland-Huang, J.: Detecting, tracing, and monitoring architectural tactics in code. IEEE Trans. Softw. Eng. 42(3), 205\u2013220 (2016). \nhttps:\/\/doi.org\/10.1109\/TSE.2015.2479217","journal-title":"IEEE Trans. Softw. Eng."},{"key":"15_CR24","doi-asserted-by":"publisher","unstructured":"Moor, O.d., Verbaere, M., Hajiyev, E., Avgustinov, P., Ekman, T., Ongkingco, N., Sereni, D., Tibble, J.: Keynote address: .QL for source code analysis. In: Korel, B. (ed.) 2007 Seventh IEEE International Working Conference on Source Code Analysis and Manipulation, pp. 3\u201316. IEEE Computer Society, Los Alamitos (2007). \nhttps:\/\/doi.org\/10.1109\/SCAM.2007.31","DOI":"10.1109\/SCAM.2007.31"},{"issue":"4","key":"15_CR25","doi-asserted-by":"publisher","first-page":"364","DOI":"10.1109\/32.917525","volume":"27","author":"GC Murphy","year":"2001","unstructured":"Murphy, G.C., Notkin, D., Sullivan, K.J.: Software reflexion models: bridging the gap between design and implementation. IEEE Trans. Softw. Eng. 27(4), 364\u2013380 (2001)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"5","key":"15_CR26","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1109\/MS.2009.117","volume":"27","author":"L Passos","year":"2010","unstructured":"Passos, L., Terra, R., Valente, M.T., Diniz, R., das Chagas Mendonca, N., et al.: Static architecture-conformance checking an illustrative overview. IEEE Softw. 27(5), 82\u201389 (2010)","journal-title":"IEEE Softw."},{"issue":"4","key":"15_CR27","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1145\/141874.141884","volume":"17","author":"DE Perry","year":"1992","unstructured":"Perry, D.E., Wolf, A.L.: Foundations for the study of software architecture. ACM SIGSOFT Softw. Eng, Not. 17(4), 40\u201352 (1992). \nhttps:\/\/doi.org\/10.1145\/141874.141884","journal-title":"ACM SIGSOFT Softw. Eng, Not."},{"key":"15_CR28","doi-asserted-by":"publisher","unstructured":"Rosado, D.G., Gutierrez, C., Fernandez-Medina, E., Piattini, M.: A study of security architectural patterns. In: Proceedings of the 1st International Conference on Availability, Reliability and Security: ARES, pp. 358\u2013365. IEEE Computer Society, Los Alamitos (2006). \nhttps:\/\/doi.org\/10.1109\/ARES.2006.18","DOI":"10.1109\/ARES.2006.18"},{"key":"15_CR29","doi-asserted-by":"publisher","unstructured":"Sachitano, A., Chapman, R.O., Hamilton, J.A.: Security in software architecture: a case study. In: From the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 370\u2013376. IEEE Computer Society (2004). \nhttps:\/\/doi.org\/10.1109\/IAW.2004.1437841","DOI":"10.1109\/IAW.2004.1437841"},{"key":"15_CR30","volume-title":"The Coding Manual for Qualitative Researchers","author":"J Salda\u00f1a","year":"2013","unstructured":"Salda\u00f1a, J.: The Coding Manual for Qualitative Researchers, 2nd edn. SAGE Publications, Los Angeles (2013)","edition":"2"},{"key":"15_CR31","doi-asserted-by":"publisher","unstructured":"Sangal, N., Jordan, E., Sinha, V., Jackson, D.: Using dependency models to manage complex software architecture. In: Johnson, R. (ed.) Proceedings of the 20th Annual ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, p. 167. ACM, New York (2005). \nhttps:\/\/doi.org\/10.1145\/1094811.1094824","DOI":"10.1145\/1094811.1094824"},{"key":"15_CR32","doi-asserted-by":"publisher","unstructured":"Schaad, A., Borozdin, M.: Tam$${}^{\\text{2}}$$: automated threat analysis. In: Proceedings of the ACM Symposium on Applied Computing, SAC 2012, Riva, Trento, Italy, 26\u201330 March 2012, pp. 1103\u20131108 (2012). \nhttps:\/\/doi.org\/10.1145\/2245276.2231950","DOI":"10.1145\/2245276.2231950"},{"key":"15_CR33","doi-asserted-by":"publisher","unstructured":"Schr\u00f6der, S., Riebisch, M.: An ontology-based approach for documenting and validating architecture rules. In: Proceedings of the 12th European Conference on Software Architecture, pp. 52:1\u201352:7 (2018). \nhttps:\/\/doi.org\/10.1145\/3241403.3241457","DOI":"10.1145\/3241403.3241457"},{"key":"15_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/978-3-319-48992-6_19","volume-title":"Software Architecture","author":"S Schr\u00f6der","year":"2016","unstructured":"Schr\u00f6der, S., Riebisch, M., Soliman, M.: Architecture enforcement concerns and activities - an expert study. In: Tekinerdogan, B., Zdun, U., Babar, A. (eds.) ECSA 2016. LNCS, vol. 9839, pp. 247\u2013262. Springer, Cham (2016). \nhttps:\/\/doi.org\/10.1007\/978-3-319-48992-6_19"},{"key":"15_CR35","unstructured":"Schumacher, M.: Security Patterns: Integrating Security and Systems Engineering. Wiley Series in Software Design Patterns. Wiley, Chichester, England and Hoboken (2006), \nhttp:\/\/search.ebscohost.com\/login.aspx?direct=true&scope=site&db=nlebk&db=nlabk&AN=159644"},{"key":"15_CR36","doi-asserted-by":"publisher","unstructured":"Serrano, D., Ma\u00f1a, A., Sotirious, A.D.: Towards precise security patterns. In: Tjoa, A.M., Wagner, R.R. (eds.) Proceedings of the 19th International Conference on Database and Expert Systems Applications: DEXA, pp. 287\u2013291. IEEE Computer Society, Los Alamitos (2008). \nhttps:\/\/doi.org\/10.1109\/DEXA.2008.36","DOI":"10.1109\/DEXA.2008.36"},{"key":"15_CR37","doi-asserted-by":"crossref","unstructured":"de Silva, L.: Towards controlling software architecture erosion through runtime conformance monitoring. Dissertation, University of St. Andrews, St. Andrews (2014)","DOI":"10.1109\/ICIINFS.2015.7398983"},{"key":"15_CR38","unstructured":"Yoder, J., Barcalow, J.: Architectural patterns for enabling application security. In: 4th Pattern Languages of Programming Conference (1997)"},{"issue":"5","key":"15_CR39","doi-asserted-by":"publisher","first-page":"35","DOI":"10.2201\/NiiPi.2008.5.5","volume":"5","author":"N Yoshioka","year":"2008","unstructured":"Yoshioka, N., Washizaki, H., Maruyama, K.: A survey on security patterns. Prog. Inform. 5(5), 35\u201347 (2008). \nhttps:\/\/doi.org\/10.2201\/NiiPi.2008.5.5","journal-title":"Prog. Inform."}],"container-title":["Lecture Notes in Computer Science","Product-Focused Software Process Improvement"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-35333-9_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,18]],"date-time":"2019-11-18T00:14:27Z","timestamp":1574036067000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-35333-9_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030353322","9783030353339"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-35333-9_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"18 November 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"PROFES","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Product-Focused Software Process Improvement","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Barcelona","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 November 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 November 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"profes2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/profes2019.upc.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"65","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"11","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"37% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The 11 short papers were selected from 30 submissions.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}