Revising a security tactics hierarchy through decomposition, reclassification, and derivation

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)

Abstract

Software architecture is the set of important design decisions that address cross-cutting system quality attributes such as security, reliability, availability, and performance. Practitioners often face difficulty in beginning an architectural design due to the lack of concrete building blocks available to them. Tactics are fundamental design decisions and play the role of these initial design primitives and complement the existing design constructs such as architectural or design patterns. A tactic is a relatively new design concept, and tactics repositories are still being developed. However, the maturity of these repositories is inconsistent, and varies depending on the quality attribute. To address this inconsistency and to promote a more rigorous, repeatable method for creating and revising tactics hierarchies, we propose a novel methodology of extracting tactics. This methodology, we claim, can accelerate the development of tactics repositories that are truly useful to practitioners. We discuss three approaches for extracting these tactics. The first is to derive new tactics from the existing ones. The second is to decompose an existing architectural pattern into its constituent tactics. Finally, we extract tactics that have been misidentified as patterns. Among the many types of tactics available, this paper focuses on security tactics. Using our methodology, we revise a well-known taxonomy of security tactics. We contend that the revised hierarchy is complete enough for use in practical applications.

Original languageEnglish (US)
Title of host publicationProceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012
Pages85-91
Number of pages7
DOIs
StatePublished - Oct 5 2012
Event2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012 - Gaithersburg, MD, United States
Duration: Jun 20 2012Jun 22 2012

Other

Other2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012
CountryUnited States
CityGaithersburg, MD
Period6/20/126/22/12

Fingerprint

Decomposition
Concrete buildings
Architectural design
Taxonomies
Software architecture
Availability

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Ryoo, J., Laplante, P. A., & Kazman, R. (2012). Revising a security tactics hierarchy through decomposition, reclassification, and derivation. In Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012 (pp. 85-91). [6258455] https://doi.org/10.1109/SERE-C.2012.18
Ryoo, Jungwoo ; Laplante, Phillip A. ; Kazman, Rick. / Revising a security tactics hierarchy through decomposition, reclassification, and derivation. Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012. 2012. pp. 85-91
@inproceedings{1e61466d733042f69752d9ac9d3396cc,
title = "Revising a security tactics hierarchy through decomposition, reclassification, and derivation",
abstract = "Software architecture is the set of important design decisions that address cross-cutting system quality attributes such as security, reliability, availability, and performance. Practitioners often face difficulty in beginning an architectural design due to the lack of concrete building blocks available to them. Tactics are fundamental design decisions and play the role of these initial design primitives and complement the existing design constructs such as architectural or design patterns. A tactic is a relatively new design concept, and tactics repositories are still being developed. However, the maturity of these repositories is inconsistent, and varies depending on the quality attribute. To address this inconsistency and to promote a more rigorous, repeatable method for creating and revising tactics hierarchies, we propose a novel methodology of extracting tactics. This methodology, we claim, can accelerate the development of tactics repositories that are truly useful to practitioners. We discuss three approaches for extracting these tactics. The first is to derive new tactics from the existing ones. The second is to decompose an existing architectural pattern into its constituent tactics. Finally, we extract tactics that have been misidentified as patterns. Among the many types of tactics available, this paper focuses on security tactics. Using our methodology, we revise a well-known taxonomy of security tactics. We contend that the revised hierarchy is complete enough for use in practical applications.",
author = "Jungwoo Ryoo and Laplante, {Phillip A.} and Rick Kazman",
year = "2012",
month = "10",
day = "5",
doi = "10.1109/SERE-C.2012.18",
language = "English (US)",
isbn = "9780769547435",
pages = "85--91",
booktitle = "Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012",

}

Ryoo, J, Laplante, PA & Kazman, R 2012, Revising a security tactics hierarchy through decomposition, reclassification, and derivation. in Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012., 6258455, pp. 85-91, 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012, Gaithersburg, MD, United States, 6/20/12. https://doi.org/10.1109/SERE-C.2012.18

Revising a security tactics hierarchy through decomposition, reclassification, and derivation. / Ryoo, Jungwoo; Laplante, Phillip A.; Kazman, Rick.

Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012. 2012. p. 85-91 6258455.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Revising a security tactics hierarchy through decomposition, reclassification, and derivation

AU - Ryoo, Jungwoo

AU - Laplante, Phillip A.

AU - Kazman, Rick

PY - 2012/10/5

Y1 - 2012/10/5

N2 - Software architecture is the set of important design decisions that address cross-cutting system quality attributes such as security, reliability, availability, and performance. Practitioners often face difficulty in beginning an architectural design due to the lack of concrete building blocks available to them. Tactics are fundamental design decisions and play the role of these initial design primitives and complement the existing design constructs such as architectural or design patterns. A tactic is a relatively new design concept, and tactics repositories are still being developed. However, the maturity of these repositories is inconsistent, and varies depending on the quality attribute. To address this inconsistency and to promote a more rigorous, repeatable method for creating and revising tactics hierarchies, we propose a novel methodology of extracting tactics. This methodology, we claim, can accelerate the development of tactics repositories that are truly useful to practitioners. We discuss three approaches for extracting these tactics. The first is to derive new tactics from the existing ones. The second is to decompose an existing architectural pattern into its constituent tactics. Finally, we extract tactics that have been misidentified as patterns. Among the many types of tactics available, this paper focuses on security tactics. Using our methodology, we revise a well-known taxonomy of security tactics. We contend that the revised hierarchy is complete enough for use in practical applications.

AB - Software architecture is the set of important design decisions that address cross-cutting system quality attributes such as security, reliability, availability, and performance. Practitioners often face difficulty in beginning an architectural design due to the lack of concrete building blocks available to them. Tactics are fundamental design decisions and play the role of these initial design primitives and complement the existing design constructs such as architectural or design patterns. A tactic is a relatively new design concept, and tactics repositories are still being developed. However, the maturity of these repositories is inconsistent, and varies depending on the quality attribute. To address this inconsistency and to promote a more rigorous, repeatable method for creating and revising tactics hierarchies, we propose a novel methodology of extracting tactics. This methodology, we claim, can accelerate the development of tactics repositories that are truly useful to practitioners. We discuss three approaches for extracting these tactics. The first is to derive new tactics from the existing ones. The second is to decompose an existing architectural pattern into its constituent tactics. Finally, we extract tactics that have been misidentified as patterns. Among the many types of tactics available, this paper focuses on security tactics. Using our methodology, we revise a well-known taxonomy of security tactics. We contend that the revised hierarchy is complete enough for use in practical applications.

UR - http://www.scopus.com/inward/record.url?scp=84866893007&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84866893007&partnerID=8YFLogxK

U2 - 10.1109/SERE-C.2012.18

DO - 10.1109/SERE-C.2012.18

M3 - Conference contribution

SN - 9780769547435

SP - 85

EP - 91

BT - Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012

ER -

Ryoo J, Laplante PA, Kazman R. Revising a security tactics hierarchy through decomposition, reclassification, and derivation. In Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012. 2012. p. 85-91. 6258455 https://doi.org/10.1109/SERE-C.2012.18