{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,4,25]],"date-time":"2023-04-25T13:02:23Z","timestamp":1682427743820},"reference-count":67,"publisher":"IGI Global","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,7]]},"abstract":"<jats:p>This article describes how earlier detection of security problems and the implementation of solutions would be a cost-effective approach for developing secure software systems. Developing, gathering and sharing similar repeatable programming knowledge and solutions has led to the introduction of Patterns in the 90's. The same concept has been adopted to realise reoccurring security knowledge and hence security patterns. Detecting a security problem using the patterns in requirements models may lead to its early prevention. In this article, the authors have provided an overview of security patterns in the past two decades, followed by a summary of i*\/Tropos goal modelling framework. Section 2 outlines model-driven development, meta-models and model transformation, within the context of requirements engineering. They have summarised security access control types, and formally described role-based access control (RBAC) in particular as a pattern that may occur in the stakeholder requirements models. Then the authors used the i* modelling language and some elements from its constructs - model-driven queries and transformations - to describe the pattern enforcement. This is applied to a number of requirements models within the literature, and the pattern-based transformation tool they designed has automated the detection and resolution of this security pattern in several goal-oriented stakeholder requirements. Finally, the article also reflects on a variety of existing applications and future work.<\/jats:p>","DOI":"10.4018\/ijsse.2017070103","type":"journal-article","created":{"date-parts":[[2018,2,19]],"date-time":"2018-02-19T12:43:39Z","timestamp":1519044219000},"page":"42-57","source":"Crossref","is-referenced-by-count":5,"title":["Goal Modelling for Security Problem Matching and Pattern Enforcement"],"prefix":"10.4018","volume":"8","author":[{"given":"Yijun","family":"Yu","sequence":"first","affiliation":[{"name":"School of Computing and Communications, The Open University, Milton Keynes, UK"}]},{"given":"Haruhiko","family":"Kaiya","sequence":"additional","affiliation":[{"name":"Kanagawa University, Hiratsuka, Japan"}]},{"given":"Nobukazu","family":"Yoshioka","sequence":"additional","affiliation":[{"name":"GRACE Center, NII, Tokyo, Japan"}]},{"given":"Zhenjiang","family":"Hu","sequence":"additional","affiliation":[{"name":"GRACE Center, NII, Tokyo, Japan"}]},{"given":"Hironori","family":"Washizaki","sequence":"additional","affiliation":[{"name":"Computer Science and Engineering Department, Waseda University, Tokyo, Japan"}]},{"given":"Yingfei","family":"Xiong","sequence":"additional","affiliation":[{"name":"Peking University, Beijing, China"}]},{"given":"Amin","family":"Hosseinian-Far","sequence":"additional","affiliation":[{"name":"Faculty of Business & Law, The University of Northampton, Northampton, UK"}]}],"member":"2432","reference":[{"key":"IJSSE.2017070103-0","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-25747-1_24"},{"key":"IJSSE.2017070103-1","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2015.2424677"},{"key":"IJSSE.2017070103-2","author":"I.Araujo","year":"2002","journal-title":"Linking Patterns and Non-Functional Requirements. PLOP 2002"},{"key":"IJSSE.2017070103-3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-25747-1_25"},{"key":"IJSSE.2017070103-4","first-page":"287","author":"Y.Asnar","year":"2007","journal-title":"Secure and dependable patterns in organizations: An empirical approach. In Requirements Engineering"},{"key":"IJSSE.2017070103-5","doi-asserted-by":"publisher","DOI":"10.1023\/B:AGNT.0000018806.20944.ef"},{"key":"IJSSE.2017070103-6","first-page":"33","author":"V.Bryl","year":"2006","journal-title":"Designing security requirements models through planning. In CAiSE"},{"key":"IJSSE.2017070103-7","author":"F.Budinsky","year":"2003","journal-title":"Eclipse Modeling Framework"},{"key":"IJSSE.2017070103-8","doi-asserted-by":"publisher","DOI":"10.1007\/s11227-013-0980-1"},{"key":"IJSSE.2017070103-9","unstructured":"Eom, Y.-I., Choi, J.-h., Jang, H.-S., Kim, Y.-W., Kang, D.-H., & Song, C.-H. (2013). Patent No. US 8387117 B2. US."},{"key":"IJSSE.2017070103-10","doi-asserted-by":"publisher","DOI":"10.1007\/11767138_34"},{"key":"IJSSE.2017070103-11","author":"E. B.Fernandez","year":"2001","journal-title":"A pattern language for security models."},{"key":"IJSSE.2017070103-12","doi-asserted-by":"crossref","unstructured":"Fernandez, E. B., Yoshioka, N., & Washizaki, H. (2015). Patterns for security and privacy in cloud ecosystems. In Proceedings of the 2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE) (pp. 13-18). Ottawa: IEEE.","DOI":"10.1109\/ESPRE.2015.7330162"},{"key":"IJSSE.2017070103-13","author":"E.Fernandez-Buglioni","year":"2013","journal-title":"Security Patterns in Practice: Designing Secure Architectures Using Software Patterns"},{"key":"IJSSE.2017070103-14","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"IJSSE.2017070103-15","doi-asserted-by":"crossref","unstructured":"Gharib, M., & Giorgini, P. (2015). Modeling and Reasoning About Information Quality Requirements. In REFSQ (pp. 49-64).","DOI":"10.1007\/978-3-319-16101-3_4"},{"key":"IJSSE.2017070103-16","first-page":"167","author":"P.Giorgini","year":"2005","journal-title":"Modeling security requirements through ownership, permission and delegation. In Requirements Engineering"},{"key":"IJSSE.2017070103-17","author":"N.Gol Mohammadi","year":"2017","journal-title":"A Framework for Systematic Refinement of Trustworthiness Requirements"},{"key":"IJSSE.2017070103-18","doi-asserted-by":"publisher","DOI":"10.1109\/MS.2006.71"},{"key":"IJSSE.2017070103-19","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2007.06.007"},{"key":"IJSSE.2017070103-20","doi-asserted-by":"crossref","unstructured":"Grau, G., & Franch, X. (2007). A Goal-Oriented Approach for the Generation and Evaluation of Alternative Architectures. In Software Architecture (pp. 139-155).","DOI":"10.1007\/978-3-540-75132-8_12"},{"key":"IJSSE.2017070103-21","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2007.70754"},{"key":"IJSSE.2017070103-22","first-page":"102","author":"C.Haley","year":"2004","journal-title":"The effect of trust assumptions on the elaboration of security requirements. In Requirements Engineering"},{"key":"IJSSE.2017070103-23","doi-asserted-by":"publisher","DOI":"10.1007\/s11334-015-0259-1"},{"key":"IJSSE.2017070103-24","first-page":"419","author":"C.Hochreiner","year":"2014","journal-title":"Using Model Driven Security Approaches in Web Application Development. In Information and Communication Technology - EurAsia Conference"},{"key":"IJSSE.2017070103-25","doi-asserted-by":"publisher","DOI":"10.1504\/IJESDF.2014.063108"},{"key":"IJSSE.2017070103-26","doi-asserted-by":"publisher","DOI":"10.1109\/EmpiRE.2014.6890114"},{"key":"IJSSE.2017070103-27","unstructured":"Ito, Y., Washizaki, H., Yoshizawa, M., Fukazawa, Y., Okubo, T., Kaiya, H., ... & Fernandez, E. B. (2015). Systematic Mapping of Security Patterns Research. In Proc. of Conf. on Pattern Lang. of Prog (PLoP). Pittsburgh: Hillside."},{"key":"IJSSE.2017070103-28","doi-asserted-by":"publisher","DOI":"10.1016\/B978-0-12-800743-3.00012-8"},{"key":"IJSSE.2017070103-29","unstructured":"Kobashi, T., Yoshizawa, M., & Washizaki, H. (2015). TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing. In Proceedings of the 2015 IEEE 8th International Conference on Software Testing, Verification and Validation (ICST). Graz: IEEE."},{"key":"IJSSE.2017070103-30","doi-asserted-by":"publisher","DOI":"10.1145\/2799979.2800034"},{"key":"IJSSE.2017070103-31","doi-asserted-by":"publisher","DOI":"10.1016\/j.is.2015.01.007"},{"key":"IJSSE.2017070103-32","doi-asserted-by":"publisher","DOI":"10.1109\/TPDS.2012.97"},{"key":"IJSSE.2017070103-33","author":"T.Li","year":"2016","journal-title":"Holistic Security Requirements Engineering for Scoio-technical Systems"},{"key":"IJSSE.2017070103-34","doi-asserted-by":"crossref","DOI":"10.1109\/RCIS.2016.7549303","article-title":"Security attack analysis using attack patterns.","author":"T.Li","year":"2016","journal-title":"2016 IEEE Tenth International Conference on Research Challenges in Information Science (RCIS)"},{"key":"IJSSE.2017070103-35","first-page":"371","author":"L.Lin","year":"2003","journal-title":"Introducing abuse frames for analysing security requirements. In Requirements Engineering"},{"key":"IJSSE.2017070103-36","doi-asserted-by":"publisher","DOI":"10.1109\/ICRE.2003.1232746"},{"key":"IJSSE.2017070103-37","first-page":"71","author":"L.Liu","year":"2006","journal-title":"Security design based on social modeling."},{"issue":"5","key":"IJSSE.2017070103-38","first-page":"7001","article-title":"An Access Control Model for Resource Sharing Based on the Role-Based Access Control Intended for Multi-Domain Manufacturing Internet of Things.","author":"Q.Liu","year":"2017","journal-title":"IEEE Transactions on Parallel and Distributed Systems"},{"key":"IJSSE.2017070103-39","article-title":"Organizational Patterns for Security and Dependability: From Design to Application.","author":"F.Massacci","year":"2011","journal-title":"International Journal of Secure Software Engineering"},{"key":"IJSSE.2017070103-40","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2005.01.003"},{"key":"IJSSE.2017070103-41","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-016-9469-x"},{"key":"IJSSE.2017070103-42","unstructured":"Mohamed Amine, M., Erradi, M., & Benkaouz, Y. (2016). A Collaborative Task Role Based Access Control Model. Journal of Information Assurance & Security, 11(6), 348-358."},{"key":"IJSSE.2017070103-43","doi-asserted-by":"publisher","DOI":"10.1142\/S0218194007003240"},{"key":"IJSSE.2017070103-44","first-page":"48","author":"H.Mouratidis","year":"2006","journal-title":"Towards a comprehensive framework for secure systems development. In Advanced information systems engineering"},{"key":"IJSSE.2017070103-45","doi-asserted-by":"crossref","unstructured":"Mylopoulos, J., Castro, J., & Kolp, M. (2013). The evolution of Tropos. In Seminal Contributions to Information Systems Engineering (pp. 281-287).","DOI":"10.1007\/978-3-642-36926-1_22"},{"key":"IJSSE.2017070103-46","doi-asserted-by":"publisher","DOI":"10.4018\/978-1-61520-837-1.ch004"},{"key":"IJSSE.2017070103-47","doi-asserted-by":"publisher","DOI":"10.1145\/2961111.2962599"},{"key":"IJSSE.2017070103-48","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.09.001"},{"key":"IJSSE.2017070103-49","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0023301"},{"key":"IJSSE.2017070103-50","doi-asserted-by":"crossref","unstructured":"Sandhu, R. S., & Samarati, P. (1994). Access Control: Principles and Practice. IEEE Communication Magazine, 40-48.","DOI":"10.1109\/35.312842"},{"key":"IJSSE.2017070103-51","author":"M.Schumacher","year":"2003","journal-title":"Security Engineering with Patterns Origins, Theoretical Model, and New Applications Number 2754 in LNCS"},{"key":"IJSSE.2017070103-52","author":"M.Schumacher","year":"2013","journal-title":"Security Patterns: Integrating Security and Systems Engineering"},{"key":"IJSSE.2017070103-53","unstructured":"Semer\u00e1th, O., Debreceni, C., Horv\u00e1th, \u00c1., & Varr\u00f3, D. (2016). Change Propagation of View Models by Logic Synthesis using SAT solvers. In Bx@ ETAPS (pp. 40-44)."},{"key":"IJSSE.2017070103-54","doi-asserted-by":"crossref","unstructured":"Shei, S., Alcaniz, L. M., & Mouratidis, H. (2015). Modelling secure cloud systems based on system requirements. In Proceedings of the2015 IEEE 2nd Workshop on Evolving Security and Privacy Requirements Engineering (ESPRE) (pp. 19-24). Canada: IEEE.","DOI":"10.1109\/ESPRE.2015.7330163"},{"key":"IJSSE.2017070103-55","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-004-0194-4"},{"key":"IJSSE.2017070103-56","doi-asserted-by":"publisher","DOI":"10.1007\/s00766-015-0220-8"},{"key":"IJSSE.2017070103-57","unstructured":"Supaporn, K., Prompoon, N., & Rojkangsadan, T. (2007). An approach: Constructing the grammar from security pattern. In Proceedings of the 4th International Joint Conference on Computer Science and Software Engineering (JCSSE2007). Ban Kiu Muang, Thailand: Semanticscholar."},{"key":"IJSSE.2017070103-58","doi-asserted-by":"publisher","DOI":"10.1007\/s10270-015-0486-9"},{"key":"IJSSE.2017070103-59","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2004.1317437"},{"key":"IJSSE.2017070103-60","author":"J.Vlissides","year":"1995","journal-title":"Design patterns: Elements of reusable object-oriented software"},{"key":"IJSSE.2017070103-61","doi-asserted-by":"crossref","unstructured":"Xiong, Y., Liu, D., Hu, Z., Zhao, H., Takeichi, M., & Mei, H. (2007). Towards automatic model synchronization from model transformations. In Proceedings of thetwenty-second IEEE\/ACM international conference on Automated software engineering (ASE) (pp. 164-173). Atlanta: ACM.","DOI":"10.1145\/1321631.1321657"},{"key":"IJSSE.2017070103-62","doi-asserted-by":"crossref","unstructured":"Yskout, K., Scandariato, R., & Joosen, W. (2015). Do Security Patterns Really Help Designers? In Proceedings of the2015 IEEE\/ACM 37th IEEE International Conference on Software Engineering. Florence: IEEE.","DOI":"10.1109\/ICSE.2015.49"},{"key":"IJSSE.2017070103-63","unstructured":"Yu, E. (1996). Modelling strategic relationships for process reengineering [PhD Thesis]. University of Toronto."},{"key":"IJSSE.2017070103-64","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45547-7_11"},{"key":"IJSSE.2017070103-65","doi-asserted-by":"publisher","DOI":"10.1145\/1456362.1456366"},{"key":"IJSSE.2017070103-66","first-page":"38","author":"Y.Yu","year":"2004","journal-title":"From goals to aspects: discovering aspects from requirements goal models. In Requirements Engineering"}],"container-title":["International Journal of Secure Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=201215","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2018,11,13]],"date-time":"2018-11-13T14:22:53Z","timestamp":1542118973000},"score":1,"resource":{"primary":{"URL":"http:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJSSE.2017070103"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2017,7]]},"references-count":67,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.4018\/ijsse.2017070103","relation":{},"ISSN":["1947-3036","1947-3044"],"issn-type":[{"value":"1947-3036","type":"print"},{"value":"1947-3044","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,7]]}}}