Web security patterns for analysis and design

Abstract

Although security requirements analysis plays a very significant role in secure software development, it is difficult since it requires much security expertise and man-power. Plain and practical security requirements patterns are needed. We have presented a visualized analysis approach for eliciting security requirements by extending misuse cases, and found that some of its results can be pattern candidates. This paper proposes 8 new web security requirements patterns with our analysis approach. The proposed patterns give analysts a way to find a proper pattern for a specific security goal. They are related to security solutions, and also produce some security design possibilities. We have applied these patterns to some case studies and evaluated that they are effective for web security analysis.