Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment

Abramov, Jenny; Sturm, Arnon; Shoval, Peretz

doi:10.1016/j.infsof.2012.04.001

Cited by 11 publications

(5 citation statements)

References 35 publications

(39 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“… Evaluating security patterns: Some research works such as (Halkidis et al, 2006), (Motii et al, 2016b) and (Duncan and de Muijnck-Hughes, 2014) have focused on the evaluation of security patterns themselves.  Evaluating the effect of security patterns on software systems: Another group of research works such as (Abramov et al, 2012b), (Smith and Williams, 2012) and (Ortiz et al, 2011) have analyzed the effectiveness of security patterns and pattern-based methods on the security of the target system. The most frequent keywords in the quality evaluation category are displayed in Table 15.…”

Section: The Quality Evaluation Categorymentioning

confidence: 99%

“…The majority of empirical evaluations have concluded the overall usefulness of security patterns. According to Abramov et al (Abramov et al, 2012b), using a pattern-based method for secure development results in higher security and faster completion time, and it is also easier and clearer to use. The evaluation of security test patterns by Smith and Williams (Smith and Williams, 2012) concludes that using these security patterns can help novices generate similar black-box tests as experts, implying that patterns are indeed effective in disseminating expert knowledge among novice designers.…”

Section: The Focus Of Pattern Evaluations and The Consensus Regardingmentioning

confidence: 99%

“…Studies that use empirical studies should try to utilize control and treatment groups which are adequately representative of software developers who would benefit from security patterns. From the empirical studies we observed, many of them use undergraduate and graduate computer science students to conduct their experiments (Abramov et al, 2012b), (Yskout et al, 2015), (Smith and Williams, 2012). While students are an accessible resource in academic research, their motivation and expertise might not always be representative of software developers.…”

Section: Research Efforts Towards Security Pattern Evaluation (Rq8 Rq9)mentioning

confidence: 99%

See 2 more Smart Citations

Security patterns: A systematic mapping study

Jafari

Rasoolzadegan

2020

Journal of Computer Languages

View full text Add to dashboard Cite

Security patterns are a means to encapsulate and communicate proven security solutions. They are wellestablished approaches for introducing security into the software development process. Our objective is to explore the research efforts on security patterns and discuss the current state of the art. This study will serve as a guideline for researchers, practitioners, and teachers interested in this field. We have conducted a systematic mapping study of relevant literature from 1997 until the end of 2017 and identified 403 relevant papers, 274 of which were selected for analysis based on quality criteria. This study derives a customized research strategy from established systematic approaches in the literature. We have utilized an exhaustive 3-tier search strategy to ensure a high degree of completeness during the study collection and used a test set to evaluate our search. The first 3 research questions address the demographics of security pattern research such as topic classification, trends, and distribution between academia and industry, along with prominent researchers and venues. The next 9 research questions focus on more indepth analyses such as pattern presentation notations and classification criteria, pattern evaluation techniques, and pattern usage environments. The results and discussions of this study have significant implications for researchers, practitioners, and teachers in software engineering and information security. to the end of 2017 Security pattern related research (Development, Evaluation, Usage)TABLE 1 COMPARISON BETWEEN OUR WORK AND OTHER REVIEWSpattern research and instead, attempted to cover the entire research spectrum in this field. We initially planned to utilize only two search strategies (manual search and backward snowballing), but we found that these two approaches were lacking in a few specific instances. The issue with backward snowballing and manual search is that they rely on the cross-reference relationship between research papers. Papers referenced from multiple other papers, or published in commonly occurring venues are easily discovered, whereas isolated papers in unexpected venues have a chance of never being found. Another issue with backward snowballing stems from its backward nature. The search period for our study was up to the end of 2017, but to find 2017 papers through backward snowballing, we had to analyze papers published after that period (2018 and up) which was out of our scope. Similarly, newer papers with fewer citations are hard to discover through backward snowballing. Adding a database search proved beneficial as we discovered 97 new papers, 64 of which were included.The time period for the study of Uzunov et al. (Uzunov et al., 2012) and Yoshioka et al. (Yoshioka et al., 2008) in Table 1 are not explicitly stated, but are extracted based on the references list. In the work of Bunke et al. (Bunke et al., 2012), the mentioned number of studies consists of other non-primary studies (e.g. tech reports, books, surveys). This work utilizes three search strat...

show abstract

Section: The Quality Evaluation Categorymentioning

confidence: 99%

Section: The Focus Of Pattern Evaluations and The Consensus Regardingmentioning

confidence: 99%

Section: Research Efforts Towards Security Pattern Evaluation (Rq8 Rq9)mentioning

confidence: 99%

See 1 more Smart Citation

Security patterns: A systematic mapping study

Jafari

Rasoolzadegan

2020

Journal of Computer Languages

View full text Add to dashboard Cite

show abstract

“…In PbSD [2], 148 third-year undergraduate students participated in the experiment from (Security of Computers and Communication Networks) course. The students are from different departments: Information Systems Engineering (ISE) and Software Engineering (SE) programs and were divided into two groups to apply some tasks to see the security requirements comparison between PbSD with SQL and OracleâĂŹs VPD.…”

Section: Validation Of the Notationsmentioning

confidence: 99%

Designing Security and Privacy Requirements in Internet of Things: A Survey

Alhirabi,

Rana,

Perera

2019

Preprint

View full text Add to dashboard Cite

The design and development process for the Internet of Things (IoT) applications is more complicated than that for desktop, mobile, or web applications. First, IoT applications require both software and hardware to work together across many different types of nodes with different capabilities under different conditions. Secondly, IoT application development involves different types of software engineers such as desktop, web, embedded and mobile to work together. Further, non-software engineering personal such as business analysts are also involved in the design process. In the addition to the complexity of having multiple software engineering specialists cooperating to merge different hardware and software component together, the development process required different software and hardware stacks to integrated together (e.g., different stacks from different companies such as Microsoft Azure, IBM Bluemix). Due to above complexities, more often non-functional requirements (such as security and privacy which are highly important in the context of IoT) tend to get ignored or treated as second class citizens in IoT application development process. In this paper, we have reviewed techniques, methods and tools that are being developed to support incorporating security and privacy requirements into traditional application designs. By doing so, we aim to explore how those techniques could be applicable to the IoT domain. During our review, we realised that by far the majority of the requirement engineering efforts are focused on security. In this paper, we primarily focused on two different aspects: (1) design notations, models, and languages that facilitate capturing non-functional requirements (i.e., security and privacy), and (2) proactive and reactive interaction techniques that can be used to support and augment the IoT application design process. Our goal is not only to analyse, compare and consolidate past research work but also to appreciate their findings and discuss their applicability towards the IoT.CCS Concepts: • Human-centered computing → Ubiquitous and mobile computing systems and tools; Visualization systems and tools; • Software and its engineering → Software design engineering; • Security and privacy → Security requirements;

show abstract

“…PbSD provides a well-documented experiment [2]. The authors compare their notation to specify access control policies to directly specifying the policies using SQL and Oracle's VPD.…”

Section: Validation Of the Notations (Rq3)mentioning

confidence: 99%

Design notations for secure software: a systematic literature review

et al. 2015

View full text Add to dashboard Cite

In the past 10 years, the research community has produced a significant number of design notations to represent security properties and concepts in a design artifact. These notations are aimed at documenting and analyzing security in a software design model. The fragmentation of the research space, however, has resulted in a complex tangle of different techniques. Hence, practitioners are confronted with the challenging task of scouting the right approach from a multitude of proposals. Similarly, it is hard for researchers to keep track of the synergies among the existing notations, in order to identify the existing opportunities for original contributions. This paper presents a systematic literature review that inventorizes the existing notations and provides an indepth, comparative analysis for each.

show abstract

Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment

Cited by 11 publications

References 35 publications

Security patterns: A systematic mapping study

Security patterns: A systematic mapping study

Designing Security and Privacy Requirements in Internet of Things: A Survey

Design notations for secure software: a systematic literature review

Contact Info

Product

Resources

About