• Publications
  • Influence
Misuse Cases + Assets + Security Goals
TLDR
A new extension of the misuse case diagram is proposed for analyzing and eliciting security requirements with special focus on assets and security goals and a process model in which business requirements and system requirements related to security features are separately analyzed and elicited in different phases is presented.
Security Requirements Analysis Using Knowledge in CAPEC
TLDR
A requirements analyst can automatically acquire the candidates of attacks against a functional requirement with the help of the method proposed, which contains a mapping between technical terms and noun phrases called term maps.
Mutual Refinement of Security Requirements and Architecture Using Twin Peaks Model
TLDR
It is found that the proposed novel method to elicit the security requirements with architecture elaboration based on the Twin Peaks model is suitable for iterative development, and it enables to find threats caused by architectural issues that are severely difficult to find when analyzing only the requirements issues.
Landscape of IoT Patterns
TLDR
This paper analyzes an extensive set of published IoT architecture and design patterns according to several dimensions and outlines directions for improvements in publishing and adopting IoT patterns.
Verifying Implementation of Security Design Patterns Using a Test Template
TLDR
The result shows that the proposed validation method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.
Secure Software Development through Coding Conventions and Frameworks
TLDR
A decision process of coding conventions for security, mindful of testing security is proposed, applied to preventing injection attacks on Web application programs, and some coding conventions that can be used against injection attacks and cross site scripting are established.
MASG: Advanced Misuse Case Analysis Model with Assets and Security Goals
TLDR
An extension of misuse case model and its development process is presented by incorporating new model elements, assets and security goals to enable inexperienced requirements analysts to elicit and to analyse security requirements.
Landscape of Architecture and Design Patterns for IoT Systems
TLDR
A systematic literature review of IoT architecture and design patterns concluded that the unique nature of IoT adoption in specific domains appears at the architecture level, implying that the number of domain-specific IoT design patterns should increase.
Systematic mapping of security patterns research
TLDR
To elucidate the current trends and future prospects of SP research, 30 works on SPs are classified using a technique called systematic mapping (SM), which addresses the following three research questions with nine facets for classification.
Cloud Security and Privacy Metamodel - Metamodel for Security and Privacy Knowledge in Cloud Services
TLDR
A metamodel to handle security and privacy in cloud service development and operations called CSPM, which can classify and support existing cloudSecurity and privacy patterns and practices in a consistent and uniform manner is proposed.
...
1
2
3
4
5
...