Introducing Security Building Block Models

Abstract

In today's software development process, security related design decisions are rarely made early in the overall process. Even if security is considered early, this means that in most cases a more-or-less encompassing security requirement analyses is made; Based on this analysis best-practices, ad-hoc design decisions or individual expertise is used to integrate security during the development process or after weaknesses are found after the deployment. This paper introduces Security Building Block Models which are used to build security related components, namely Security Building Blocks. These Security Building Blocks represent concrete security solutions, so called Security Properties, introduced in other publications of the SecFutur project [1]. The goal of this approach is to provide already defined and tested security related software components, which can be used early in the overall development process, to support security-design-decision already while modeling the software-system. The paper shortly describes this new Security Engineering Process with its requirement analysis and definition of Security Properties and how the Security Building Block Model fits into this approach. Additionally the Security Building Block Model is presented in detail. All artifacts and relationships of the model are described. Short examples finish up the paper to show the creation of the Security Building Blocks and their interactions with other software components.