{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,31]],"date-time":"2026-01-31T04:46:18Z","timestamp":1769834778104,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":62,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540332527","type":"print"},{"value":"9783540332534","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/978-3-540-33253-4_8","type":"book-chapter","created":{"date-parts":[[2007,2,6]],"date-time":"2007-02-06T19:51:08Z","timestamp":1170791468000},"page":"275-326","source":"Crossref","is-referenced-by-count":16,"title":["A Software Product Line Reference Architecture for Security"],"prefix":"10.1007","author":[{"given":"Tor Erlend","family":"F\u00e6gri","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Svein","family":"Hallsteinsen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"8_CR1_8","doi-asserted-by":"crossref","DOI":"10.21236\/ADA412014","volume-title":"Outsourcing Managed Security Services In: Security improvement module, CMU\/SEI-SIM-012","author":"J Allen","year":"2003","unstructured":"Allen J, Gabbard D, and May C (2003) Outsourcing Managed Security Services In: Security improvement module, CMU\/SEI-SIM-012. 2003, Carnegie Mellon, Software Engineering Institute: Pittsburg, PA."},{"key":"8_CR2_8","unstructured":"Bachmann F, Bass L, and Klein M (2003) Deriving Architectural Tactics: A Step toward Methodical Architectural Design Technical report, CMU\/SEI-2003-TR-004. 2003"},{"key":"8_CR3_8","unstructured":"Bass L, Clement P, and Klein M (2003) Software Architecture in Practice. 2 ed. Addison Wesley."},{"key":"8_CR4_8","volume-title":"5th Int'l Workshop on Product Family Engineering","author":"J Bayer","year":"2003","unstructured":"Bayer J (2003) Design for Quality. In: Linden FVd (ed) 5th Int'l Workshop on Product Family Engineering. Springer, Berlin Heidelberg New York"},{"key":"8_CR5_8","unstructured":"Blakley B and Heath C (2004) Security Design Patterns. The Open Group."},{"issue":"6","key":"8_CR6_8","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1109\/MS.2004.46","volume":"21","author":"T Bollinger","year":"2004","unstructured":"Bollinger T, Voas J, and Boasson M, Persistent Software Attributes. IEEE Software, 2004. 21(6): p. 16-18.","journal-title":"IEEE Software"},{"key":"8_CR7_8","unstructured":"Bosch J (2000) Design and Use of Software Architectures - Adopting and Evolving a Product-Line Approach. Addison-Wesley."},{"key":"8_CR8_8","doi-asserted-by":"crossref","unstructured":"Bosch J and Molin P (1999) Software Architecture Design: Evaluation and Transformation. In: IEEE Conference and Workshop on Engineering of Computer-Based Systems. IEEE Computer Society Press. p. 4-10.","DOI":"10.1109\/ECBS.1999.755855"},{"key":"8_CR9_8","doi-asserted-by":"crossref","unstructured":"Butler SA (2002) Security Attribute Evaluation Method: A Cost-Benefit Approach. In: International conference on software engineering. ACM Press. p. 232-240.","DOI":"10.1145\/581339.581370"},{"key":"8_CR10_8","first-page":"19","volume-title":"5th International workshop on Product Family Engineering","author":"S B\u00fchne","year":"2003","unstructured":"B\u00fchne S, Chastek G, K\u00e4k\u00f6l\u00e4 T, Knauber P, Northrop L, and Thiel S (2003) Exploring the Context of Product Line Adoption. In: Linden FVd (ed) 5th International workshop on Product Family Engineering. Springer, Berlin Heidelberg New York. p. 19-31."},{"issue":"7","key":"8_CR11_8","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1145\/1005817.1005828","volume":"47","author":"H Cavusoglu","year":"2004","unstructured":"Cavusoglu H, Mishra B, and Raghunathan S, A Model for Evaluating It Security Investments. Communications of the ACM, 2004. 47(7): p. 87-92.","journal-title":"Communications of the ACM"},{"key":"8_CR12_8","doi-asserted-by":"crossref","unstructured":"Chang S, Chen Q, and Hsu M (2003) Managing Security Policy in a Large Distributed Web Services Environment. In: 27th Annual International Computer Software and Applications Conference (COMPSAC\u201903). IEEE Computer Society Press. p. 610-621.","DOI":"10.1109\/CMPSAC.2003.1245404"},{"key":"8_CR13_8","doi-asserted-by":"crossref","unstructured":"Chung L, Nixon BA, Yu E, and Mylopoulos J, eds. Non-Functional Requirements in Software Engineering (2000). The Kluwer International Series in Software Engineering, Basili V (ed). Kluwer Academic Publishers. 439pp.","DOI":"10.1007\/978-1-4615-5269-7"},{"key":"8_CR14_8","unstructured":"Clements P, Kazman R, and Klein M (2002) Evaluating Software Architectures: Methods and Case Studies. Addison Wesley."},{"key":"8_CR15_8","unstructured":"Clements P and Northrop L (2002) Software Product Lines: Practices and Patterns. The Sei Series in Software Engineering Addison Wesley."},{"key":"8_CR16_8","doi-asserted-by":"crossref","unstructured":"Covingtony MJ, Fogla P, Zhan Z, and Ahamad M (2002) A Context-Aware Security Architecture for Emerging Applications. In: 18th Annual Computer Security Applications Conference (ACSAC\u201902). IEEE Computer Society. p. 249-258.","DOI":"10.1109\/CSAC.2002.1176296"},{"issue":"3","key":"8_CR17_8","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1145\/356778.356782","volume":"11","author":"DE Denning","year":"1979","unstructured":"Denning DE and Denning PJ, Data Security. ACM Computing Surveys, 1979. 11(3). p. 227-249.","journal-title":"ACM Computing Surveys"},{"issue":"5","key":"8_CR18_8","doi-asserted-by":"publisher","first-page":"643","DOI":"10.1016\/j.comnet.2003.10.003","volume":"44","author":"C Douligeris","year":"2004","unstructured":"Douligeris C and Mitrokotsa A, Ddos Attacks and Defense Mechanisms: Classification and State-of-the-Art. Computer Networks, 2004. 44(5): p. 643-666.","journal-title":"Computer Networks"},{"issue":"5","key":"8_CR19_8","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1145\/274946.274961","volume":"41","author":"P Duchessi","year":"1998","unstructured":"Duchessi P and Chengalur-Smith I, Client\/Server Benefits, Problems, Best Practices. Communications of the ACM, 1998. 41(5): p. 87-94.","journal-title":"Communications of the ACM"},{"key":"8_CR20_8","unstructured":"Eguiluz HR and Barbacci MR (2003) Interactions among Techniques Addressing Quality Attributes In: Technical report, CMU\/SEI-2003-TR-003. 2003."},{"key":"8_CR21_8","unstructured":"Fernandez EB and Pan R (2001) A Pattern Language for Security Models. In: PLoP 2001."},{"key":"8_CR22_8","doi-asserted-by":"crossref","unstructured":"Firesmith DG (2003) Common Concepts Underlying Safety, Security, and Survivability Engineering Technical note, CMU\/SEI-2003-TN-033. 2003, Software Engineering Institute, Carnegie Mellon University","DOI":"10.21236\/ADA421683"},{"key":"8_CR23_8","doi-asserted-by":"crossref","unstructured":"Gates C and Slonim J (2003) Owner-Controlled Information. In: New security paradigms workshop. ACM Press. p. 103-111.","DOI":"10.1145\/986655.986670"},{"issue":"4","key":"8_CR24_8","doi-asserted-by":"publisher","first-page":"438","DOI":"10.1145\/581271.581274","volume":"5","author":"LA Gordon","year":"2002","unstructured":"Gordon LA and Loeb MP, The Economics of Information Security Investment. ACM Transactions on information and system security, 2002. 5(4): p. 438-457.","journal-title":"ACM Transactions on information and system security"},{"key":"8_CR25_8","unstructured":"Hallsteinsen S, F\u00e6gri TE, and Syrstad M (2003) Patterns in Product Family Architecture Design. In: Linden FVd (ed) PFE-5. Springer Verlag. p. 261-268."},{"key":"8_CR26_8","first-page":"261","volume-title":"5th International workshop on Product Family Engineering","author":"S Hallsteinsen","year":"2003","unstructured":"Hallsteinsen S, F\u00e6gri TE, and Syrstad M (2003) Patterns in Product Family Architecture Design. In: Linden FVd (ed) 5th International workshop on Product Family Engineering. Springer, Berlin Heidelberg New York. p. 261-268."},{"key":"8_CR27_8","unstructured":"IEEE (2000) Ieee Standard No. 1471-2000: Recommended Practice for Architectural Description of Software-Intensive Systems. IEEE: http:\/\/shop.ieee.org\/store\/ ."},{"key":"8_CR28_8","unstructured":"ISO\/IEC (1999) 15408 Common Criteria for Information Technology Security Evaluation. v2.0 ed. Nat\u2019l Inst. Standards and Technology Washington, DC."},{"key":"8_CR29_8","unstructured":"ISO\/IEC (1991) Fcd 9126-1.2: Information Technology - Software Product Quality. Part 1: Quality Model."},{"issue":"5","key":"8_CR30_8","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1109\/MS.2004.1331309","volume":"21","author":"H-W Jung","year":"2004","unstructured":"Jung H-W, Kim S-G, and Chung C-S, Measuring Software Product Quality: A Survey of Iso\/Iec 9126. IEEE Software, 2004. 21(5): p. 88-92.","journal-title":"IEEE Software"},{"key":"8_CR31_8","doi-asserted-by":"crossref","unstructured":"Klein M and Kazman R (1999) Attribute-Based Architectural Styles. In: SEI Technical Report, CMU\/SEI-99-TR-022. 1999.","DOI":"10.21236\/ADA371802"},{"key":"8_CR32_8","doi-asserted-by":"crossref","unstructured":"Kristol D and Montulli L(2000) Http State Management Mechanism(Rfc2965). http:\/\/www . watersprings.org\/pub\/rfc\/rfc2965.txt.","DOI":"10.17487\/rfc2965"},{"issue":"1","key":"8_CR33_8","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/s102070100003","volume":"1","author":"CE Landwehr","year":"2001","unstructured":"Landwehr CE, Computer Security. International Journal of Information Security, 2001. 1(1): p. 3-13.","journal-title":"International Journal of Information Security"},{"issue":"4","key":"8_CR34_8","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1109\/MS.2002.1020286","volume":"19","author":"Linden Fvd","year":"2002","unstructured":"Linden Fvd, Software Product Families in Europe: The Esaps and Caf\u00e9 Projects. IEEE Software, 2002. 19 (4): p. 41-49.","journal-title":"IEEE Software"},{"key":"8_CR35_8","doi-asserted-by":"crossref","unstructured":"Lindqvist U and Jonsson E, A Map of Security Risks Associated with Using Cots, in IEEE Computer. 1998. p. 60-66.","DOI":"10.1109\/2.683009"},{"issue":"3","key":"8_CR36_8","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1109\/MSECP.2003.1203221","volume":"1","author":"V Maty\u00e1s","year":"2003","unstructured":"Maty\u00e1s V and R\u00edha Z, Towards Reliable User Authentication through Biometrics. IEEE Security & Privacy, 2003.1(3): p. 45-49.","journal-title":"IEEE Security & Privacy"},{"issue":"1","key":"8_CR37_8","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1007\/s102070100001","volume":"1","author":"J McHugh","year":"2001","unstructured":"McHugh J, Intrusion and Intrusion Detection. International Journal of Information Security, 2001. 1(1). p.14-35.","journal-title":"International Journal of Information Security"},{"key":"8_CR38_8","unstructured":"Microsoft (2002) Building Secure Asp.Net Applications. Microsoft: www.microsoft.com ."},{"key":"8_CR39_8","unstructured":"Microsoft (2003) Enterprise Solution Patterns Using Microsoft .Net. Microsoft Corp.: http:\/\/msdn . microsoft.com\/library\/default.asp?url=\/library\/en-us\/dnpatterns\/html\/Esp.asp."},{"key":"8_CR40_8","first-page":"174","volume-title":"Information Security Applications, 4th International Workshop","author":"BJ Min","year":"2003","unstructured":"Min BJ, Kim SK, and Choi J-S (2003) Secure System Architecture Based on Dynamic Resource Reallocation. In: Chae K and Yung M (eds) Information Security Applications, 4th International Workshop, WISA 2003. Springer. p. 174-187."},{"issue":"3","key":"8_CR41_8","doi-asserted-by":"publisher","first-page":"202","DOI":"10.1109\/TITB.2003.816562","volume":"7","author":"GHMB Motta","year":"2003","unstructured":"Motta GHMB and Furuie SS, A Contextual Role-Based Access Control Authorization Model for Electronic Patient Record. IEEE Transactions on information technology in biomedicine, 2003. 7(3): p. 202-207.","journal-title":"IEEE Transactions on information technology in biomedicine"},{"key":"8_CR42_8","doi-asserted-by":"crossref","unstructured":"O'Gorman L, Comparing Passwords, Tokens, and Biometrics for User Authentication. Proceedings of the IEEE, 2003. 91(12).","DOI":"10.1109\/JPROC.2003.819611"},{"key":"8_CR43_8","doi-asserted-by":"crossref","unstructured":"Oppliger R and Rytz R, Digtal Evidence: Dream and Reality. IEEE Security & Privacy, 2003: p. 44-48.","DOI":"10.1109\/MSECP.2003.1236234"},{"issue":"1","key":"8_CR44_8","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1145\/383775.383777","volume":"4","author":"JS Park","year":"2001","unstructured":"Park JS, Sandhu R, and Ahn G-J, Role-Based Access Control on the Web. ACM Transactions on information and system security, 2001. 4(1): p. 37-71.","journal-title":"ACM Transactions on information and system security"},{"key":"8_CR45_8","unstructured":"Peteanu R(2001) Best Practices for Secure Development. http:\/\/www.mkaz.com\/ref\/secure_webdev- 3.0.pdf."},{"key":"8_CR46_8","doi-asserted-by":"crossref","unstructured":"Probst S, Essmayr W, and Weippl E (2002) Reusable Components for Developing Security-Aware Applications. In: 18th Annual computer security applications conference (ACSAC\u201902). IEEE. p. 239-248.","DOI":"10.1109\/CSAC.2002.1176295"},{"key":"8_CR47_8","unstructured":"Ramachandran J (2002) Designing Security Architecture Solutions. Wiley."},{"key":"8_CR48_8","unstructured":"Romanosky S (2002) Enterprise Security Patterns. In: 7th European conference on pattern languages of programs (EuroPLoP). http:\/\/hillside.net\/patterns\/EuroPLoP2002\/"},{"issue":"7","key":"8_CR49_8","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1145\/361011.361067","volume":"17","author":"JH Saltzer","year":"1974","unstructured":"Saltzer JH, Protection and the Control of Information Sharing in Multics. Communications of the ACM, 1974.17(7): p. 388-402.","journal-title":"Communications of the ACM"},{"issue":"9","key":"8_CR50_8","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/35.312842","volume":"32","author":"RS Sandhu","year":"1994","unstructured":"Sandhu RS and Samarati P, Access Control: Principle and Practice. IEEE Communications Magazine, 1994.32(9): p. 40-48.","journal-title":"IEEE Communications Magazine"},{"key":"8_CR51_8","doi-asserted-by":"crossref","unstructured":"Schmidt DC and Buschmann F (2003) Patterns, Frameworks, and Middleware: Their Synergistic Relationships. In: International conference on software engineering. IEEE Computer Society. p. 694-704.","DOI":"10.1109\/ICSE.2003.1201256"},{"key":"8_CR52_8","doi-asserted-by":"crossref","unstructured":"Schneider EA (1999) Security Architecture-Based System Design. In: New security paradigms workshop. ACM Press. p. 25-31.","DOI":"10.1145\/335169.335185"},{"key":"8_CR53_8","doi-asserted-by":"crossref","unstructured":"Schneider FB, Least Privilege and More. IEEE Security & privacy, 2003: p. 55-59.","DOI":"10.1109\/MSECP.2003.1236236"},{"key":"8_CR54_8","unstructured":"Shumacher M, ed. Security Engineering with Patterns: Origins, Theoretical Model, and New Applications (2003). Lecture Notes in Computer Science. Vol. 2754. Springer Verlag pp."},{"issue":"3","key":"8_CR55_8","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1109\/MSECP.2003.1203228","volume":"1","author":"SW Smith","year":"2003","unstructured":"Smith SW, Humans in the Loop: Human-Computer Interaction and Security. IEEE Security & privacy, 2003.1(3): p. 75-79.","journal-title":"IEEE Security & privacy"},{"key":"8_CR56_8","doi-asserted-by":"crossref","unstructured":"Ting TC (1993) Modeling Security Requirements for Applications. In: Conference on Object Oriented Pro-gramming Systems Languages and Applications. ACM Press. p. 305.","DOI":"10.1145\/165854.165912"},{"key":"8_CR57_8","doi-asserted-by":"crossref","unstructured":"Viega J and Messier M, Security Is Harder Than You Think, in ACM Queue. 2004. p. 60-65.","DOI":"10.1145\/1016998.1017004"},{"key":"8_CR58_8","doi-asserted-by":"crossref","unstructured":"Yee K-P (2002) User Interaction Design for Secure Systems. In: Fourth International Conference on Infor-mation and Communications Security. Springer Verlag. p. 278-290.","DOI":"10.1007\/3-540-36159-6_24"},{"key":"8_CR59_8","unstructured":"Yoder J and Barcalow J (1998) Architectural Patterns for Enabling Application Security. In: In Proceedings of the 4th Conference on Patterns Language of Programming (PLoP\u201997). p. 1-31."},{"issue":"6","key":"8_CR60_8","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1109\/2.683010","volume":"31","author":"Q Zhong","year":"1998","unstructured":"Zhong Q and Edwards N, Security Control for Cots Components. IEEE computer, 1998. 31(6): p. 67-73.","journal-title":"IEEE computer"},{"key":"8_CR61_8","doi-asserted-by":"crossref","unstructured":"Zurko ME and Simon RT (1996) User-Centered Security. In: New Security Paradigms Workshop. ACM Press. p. 27-33.","DOI":"10.1145\/304851.304859"},{"key":"8_CR62_8","unstructured":"Aagedal J\u00d8, Braber Fd, Dimitrakos T, Gran BA, Raptis D, and St\u00f8len K (2002) Model-Based Risk Assess-ment to Improve Enterprise Security. In: Sixth International Enterprise Distributed Object Computing Con-ference (EDOC\u201902). p. 51-62."}],"container-title":["Software Product Lines"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-33253-4_8.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,10]],"date-time":"2023-05-10T13:04:32Z","timestamp":1683723872000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-33253-4_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540332527","9783540332534"],"references-count":62,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-33253-4_8","relation":{},"subject":[],"published":{"date-parts":[[2006]]}}}