Framework for Engineering Complex Security Requirements Patterns

Abstract

Security management and business assets protection have been a paramount concern for many years. Due to the flood of arising innovative technologies such as cloud computing or big data, security approaches have constantly evolved toward more sophisticate solutions, aiming to tackle always more complex security issues. Nowadays, integrated frameworks are necessary to manage this complexity. Pattern-based approaches for reusing security solutions have proven its usefulness, but mostly in the frame of security matters. Acknowledging this, the scientific community has recently considered how these patterns could also be used to address the complexity caused by the association of multiple security criteria. Approaches based on the combination of simple security patterns have emerged and have resulted in the elaboration of methods for designing systems of security patterns and systems managing these collections of patterns. Nonetheless, in that domain, we have observed that researches are mostly focused on the definition of security solutions and do not address the complexity of the security requirements yet. In this paper we present a proposal for addressing this issue by means of a framework for engineering reusable security patterns for complex systems called COPERATE (COmPlex sEcurity Requirements pAtTErns). To show the feasibility of our approach, this framework is used for defining a complex security requirement and its corresponding pattern for an excerpt of a case taken from the cloud-computing domain.