Learn More
Architectural and design patterns represent effective techniques to package expert knowledge in a reusable way. Over time, they have proven to be very successful in software engineering. Moreover, in the security discipline, a well-known principle calls for the use of standard, time-tested solutions rather than inventing ad-hoc solutions from scratch.(More)
Emerging classes of systems are more and more subject to changes in their requirements and environment assumptions. Such changes have a far-reaching impact across several artifacts. This paper argues that patterns of co-evolution (or change patterns) can be observed between " privileged " pairs of artifacts, like the requirements specification and the(More)
Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security(More)
In the past 10 years, the research community has produced a significant number of design notations to represent security properties and concepts in a design artifact. These notations are aimed at documenting and analyzing security in a software design model. The fragmentation of the research space, however, has resulted in a complex tangle of different(More)
The feedback from architectural decisions to the elaboration of requirements is an established concept in the software engineering community. However, pinpointing the nature of this feedback in a precise way is a largely open problem. Often, the feedback is generically characterized as additional qualities that might be affected by an architect's choice.(More)
Security patterns, as domain-independent expert knowledge packaged in a reusable format, are able to offer significant guidance to the software engineer in developing secure systems. However, the overabundance of published security patterns complicates the process of finding the right pattern to solve the problem at hand. This is due to three reasons.(More)
Automation is a very promising technique to reduce the chances of flaws happening downstream the software production line. In this context, a very challenging problem is the transformation of requirements to software architectures. The challenge is even more crucial for quality requirements, as they represent the main driver of an architecture. This paper(More)
Security patterns can be a valuable vehicle to design secure software. Several proposals have been advanced to improve the usability of security patterns. They often describe extra annotations to be included in the pattern documentation. This paper presents an empirical study that validates whether those proposals provide any real benefit for software(More)