Takanori Kobashi, Nobukazu Yoshioka, Takao Okubo, Haruhiko Kaiya, Hironori Washizaki, Yoshiaki Fukazawa, “Validating Security Design Pattern Applications based on Model Testing,” International Journal of Secure Software Engineering, Vol. 5, Issue 4, 2014. (to appear)

Software developers are not necessarily security experts, confirming potential threats and vulnerabilities at an early stage of the development process (e.g., in the requirement- and design-phase) is insufficient. Additionally, even if designed software considers security at an early stage, whether the software really satisfies the security requirements must be confirmed. To realize secure design, we propose an application to validate security patterns using model testing. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. After a developer specifies threats and vulnerabilities in the target system during an early stage of development, our method can validate whether the security patterns are properly applied and assess if these vulnerabilities are resolved.