Towards a Pattern-Based Security Methodology to Build Secure Information Systems
bstract. Methodologies for the construction of secure systems provide a controlled, planned development process, with verifications in all stages, thus avoiding unexpected errors and leading to an improvement in the quality and security of the system produced. These methodologies can be enriched from the use of security patterns, since these tools are widely accepted by both the scientific community and industry for the construction of secure information systems owing to the fact that they accumulate security experts knowledge in a documented and structured manner, thus providing a systematic means to solve recurrent problems. In this paper we present a first approximation of a patternbased security methodology to support both the construction of secure information systems and maintenance of the level of security attained. This proposal is based on real case studies, and is now in the first stages of application in real settings. Interesting results are already appearing that will allow us to refine and validate the proposal.
Roberto Ortiz Santiago Moral-Rubio Javier Garzás Eduardo Fernández-Medina
Dep. Information Security. BBVA Group, Madrid, Spain Kybele Group. Dep. of Computer Languages and Systems II University Rey Juan Carlos, Madrid, Spain GSyA Research Group. Dep. of Information Technologies and Systems University of Castilla-La Mancha,
国际会议
13th International Conference on Enterprise Information System(第13届企业信息系统国际会议 ICEIS 2011)
北京
英文
1462-1472
2011-06-08(万方平台首次上网日期,不代表论文的发表时间)