Revising a security tactics hierarchy through decomposition, reclassification, and derivation

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Scopus citations

Abstract

Software architecture is the set of important design decisions that address cross-cutting system quality attributes such as security, reliability, availability, and performance. Practitioners often face difficulty in beginning an architectural design due to the lack of concrete building blocks available to them. Tactics are fundamental design decisions and play the role of these initial design primitives and complement the existing design constructs such as architectural or design patterns. A tactic is a relatively new design concept, and tactics repositories are still being developed. However, the maturity of these repositories is inconsistent, and varies depending on the quality attribute. To address this inconsistency and to promote a more rigorous, repeatable method for creating and revising tactics hierarchies, we propose a novel methodology of extracting tactics. This methodology, we claim, can accelerate the development of tactics repositories that are truly useful to practitioners. We discuss three approaches for extracting these tactics. The first is to derive new tactics from the existing ones. The second is to decompose an existing architectural pattern into its constituent tactics. Finally, we extract tactics that have been misidentified as patterns. Among the many types of tactics available, this paper focuses on security tactics. Using our methodology, we revise a well-known taxonomy of security tactics. We contend that the revised hierarchy is complete enough for use in practical applications.

Original languageEnglish (US)
Title of host publicationProceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012
Pages85-91
Number of pages7
DOIs
StatePublished - Oct 5 2012
Event2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012 - Gaithersburg, MD, United States
Duration: Jun 20 2012Jun 22 2012

Publication series

NameProceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012

Other

Other2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012
CountryUnited States
CityGaithersburg, MD
Period6/20/126/22/12

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality

Cite this

Ryoo, J., Laplante, P., & Kazman, R. (2012). Revising a security tactics hierarchy through decomposition, reclassification, and derivation. In Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012 (pp. 85-91). [6258455] (Proceedings of the 2012 IEEE 6th International Conference on Software Security and Reliability Companion, SERE-C 2012). https://doi.org/10.1109/SERE-C.2012.18