A Software Modeling Method for Integrating Functional and Security Design

Chee-Yang Song (송치양); Yoohwan Kim (김유환)

doi:10.34163/jkits.2017.12.1.013

A Software Modeling Method for Integrating Functional and Security Design

Journal of Knowledge Information Technology and Systems
Abbr : JKITS
2017, 12(1), pp.131-155
DOI : 10.34163/jkits.2017.12.1.013
Publisher : Korea Knowledge Information Technology Society
Research Area : Interdisciplinary Studies > Interdisciplinary Research
Published : February 28, 2017

Chee-Yang Song ¹, Yoohwan Kim ²

¹경북대학교
²네바다대학교

Accredited

ABSTRACT

Security has become an essential part of the software development process. However, previous researches have not adequately integrated the security properties and policies into the development process systematically covering entirely from an early business model to a software model. This, in turn, makes it difficult to create the application models that combine the functional models and the security models. To support the development of the applications that reflects the security properties and policies, this study proposes a hierarchical modeling approach that integrates the metamodel, the framework, and the process based on the degree of abstraction of the development so as to meet the functional (business) and security requirements of the systems. This study aims to establish a framework and process for integrated modeling of the functional and security (non-functional) design aspects necessary to develop applications. The process of integrated modeling ranging from the business modeling to the software modeling is described following the development phases. With the proposed method, reliable systems can be developed by modeling the application systems more clearly based on the integrated method to meet the functional and security requirements.

KEYWORDS

Function-security integration framework, Security modeling process, Layered modeling, Security metamodel, BPMN, UML

Citation status

* References for papers published after 2023 are currently being built.

[other] Korea Information Security Agency / 2007 / Development of software architecture-based design model and architecture specification method

[other] Korea Information Security Agency / 2008 / Security guide V1.0 for secure software development and Introduction

[journal] A. Rodriguez / 2007 / A BPMN extension for the modeling of security requirements in business processes, IEICE TRANS / IEICE TRANS. INF. &SYST. E90-D(4) : 745~751

[confproc] C. Wolter / 2008 / Modelling security goals in business processes / Modellierung 2008

[confproc] S. H. Turki / 2012 / Modeling security requirements in service based business processes / Enterprise, Business-Process and Information Systems Modeling, Lecture Notes in Business Information Processing : 76~90

[confproc] Y. Cherdantseva / 2012 / Towards secureBPMN - aligning BPMN with the information assurance and security domain / business process model and notation, Lecture Notes in Business Information Processing : 107~115

[journal] M. Q. Saleem / 2012 / Secure business process modeling of SOA applications using UML-SOA-SEC / International Journal of Innovative Computing, Information and Control 8(4) : 2729~2746

[book] H. Mouratidis / 2006 / Integrating security and software engineering: Advances and future vision / IGI Publishing Hershey

[journal] D. G. Firesmith / 2003 / Security use cases / Journal of Object Technology 2(3) : 53~64

[confproc] G. Popp / 2003 / Security-critical system development with extended use case / Tenth Asia-Pacific Software Engineering Conference : 478~487

[book] L. L´ucioa / 2014 / Advances in model-driven security / Advances in Computers : 103~152

[journal] P. H. Nguyen / 2015 / An extensive systematic review on the Model-Driven Development of secure systems / Information and Software Technology 68 : 62~81

[confproc] D. Hatebur / 2011 / Systematic development of UMLsec design models based on security requirements / fundamental approaches to software engineering / Springer 6603 : 232~246

[journal] D. Basin / 2006 / Model driven security: from UML models to access control infrastructures / Journal ACM Transactions on Software Engineering and Methodology (TOSEM) 15(1) : 39~91

[journal] K. S. Joo / 2014 / Development of object-oriented analysis and design methodology for secure web applications / International Journal of Security and Its Applications 8(1) : 71~80

[book] M. Bishop / 2012 / Computer security: art and science, Vol. 200 / Addison-Wesley

[journal] C. Y. Song / 2016 / An integrated design method for SOA-based business modeling and software modeling / International Journal of Software Engineering and Knowledge Engineering 26(2) : 347~377

[journal] C. Y. Song / 2003 / A layered metamodel for hierarchical modeling UML / International Journal of Software Engineering and Knowledge Engineering 13(2) : 191~214

[journal] 송치양 / 2013 / An Service oriented XL-BPMN Metamodel and Business Modeling Process / 정보처리학회논문지. 소프트웨어 및 데이터 공학 / 한국정보처리학회 2(4) : 227~238

[journal] Y. Rhazali / 2014 / Transformation method CIM to PIM: from business processes models defined in BPMN to use case and class models defined in UML / International Journal of Computer, Electrical, Automation, Control and Information Engineering 8(8) : 1453~1457

KJCKorea
Journal Central

Journal of Knowledge Information Technology and Systems 2023 KCI Impact Factor : 0.89

A Software Modeling Method for Integrating Functional and Security Design

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of Knowledge Information Technology and Systems 2023 KCI Impact Factor : 0.89

A Software Modeling Method for Integrating Functional and Security Design

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (2)

REFERENCES (20) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.