Your search keyword '"Nobukazu Yoshioka"' showing total 22 results

1. A System for Seamless Support from Security Requirements Analysis to Security Design Using a Software Security Knowledge Base

Author

Hironori Washizaki, Takafumi Tanaka, Atsuo Hazeyama, Hikaru Miyahara, Takao Okubo, Haruhiko Kaiya, and Nobukazu Yoshioka

Subjects

Software, Knowledge base, business.industry, Process (engineering), Software security assurance, Computer science, Software development, The Internet, Artifact (software development), business, Software engineering, Requirements analysis

Abstract

Owing to the widespread use of the internet, software services are being provided to millions of consumers and the importance of software security has increased considerably. Specifically, difficulties in developing a security design based on the results of a security requirements analysis are a focal point for investigation. One promising approach for addressing these difficulties is to create a knowledge base for secure software development and a process for utilizing it. The information obtained regarding the security design of the knowledge base, which is associated with the knowledge used in the security requirements analysis, can be considered during the design phase. This paper describes the development of a system that seamlessly supports the design phase based on the results of a security requirements analysis and the knowledge base. We then present an example to demonstrate the usefulness of the proposed system. This knowledge base maintains an association between knowledge types and is traceable. Therefore, if the knowledge used to create a type of artifact evolves, it is possible to detect artifacts used knowledge associated with it.

Published

2019

2. Evaluating the degree of security of a system built using security patterns

Author

Eduardo B. Fernandez, Nobukazu Yoshioka, and Hironori Washizaki

Subjects

Measure (data warehouse), SIMPLE (military communications protocol), Computer science, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, Variety (cybernetics), Work (electrical), Software security assurance, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Metric (unit), Product (category theory), Software architecture, computer

Abstract

A variety of methodologies to build secure systems have been proposed. However, most of them do not say much about how to evaluate the degree of security of their products. In fact, we have no generally-accepted ways to measure if the product of some methodology has reached some degree of security. However, if the system has been built with a methodology that uses patterns as artifacts, we believe that a simple evaluation is possible. We propose a metric for the security of systems that have been built using security patterns: We perform threat enumeration, we check if the patterns in the product have stopped the threats, and calculate the coverage of these threats by the patterns. We indicate how to take advantage of the Twin Peaks approach to arrive to a refined measure of security. In early work, we have proposed a secure systems development methodology that uses security patterns and we use it as example.

Published

2018

3. Security Requirement Modeling Support System Using Software Security Knowledge Base

Author

Shunichi Tanaka, Haruhiko Kaiya, Hiroaki Hashiura, Nobukazu Yoshioka, Takafumi Tanaka, Hironori Washizaki, Atsuo Hazeyama, Seiji Munetoh, and Takao Okubo

Subjects

Computer science, business.industry, Software development, 0102 computer and information sciences, 02 engineering and technology, Artifact (software development), Misuse case, 01 natural sciences, Software development process, Knowledge-based systems, Software, Knowledge base, Unified Modeling Language, 010201 computation theory & mathematics, Software security assurance, 0202 electrical engineering, electronic engineering, information engineering, Task analysis, 020201 artificial intelligence & image processing, The Internet, Software engineering, business, Requirements analysis, computer, computer.programming_language

Abstract

With the growing number of services on the Internet, the need for secure software development has increased. It is required for secure software development to consider security in the whole development life cycle. It is indispensable for secure software development to use various types of security knowledge. This study deals with security requirement analysis. Existing security requirements modeling systems do not provide a function to create an artifact while referring to security knowledge in an integrated manner. In this paper, the authors develop a modeling support system for a misuse case diagram that enables the association of knowledge with elements that constitute the diagram. The results of an experiment using the system show the system's usefulness in both the integration of the knowledge base with the artifact creation environment and the association of the knowledge with the elements of the diagram.

Published

2018

4. Method Using Command Abstraction Library for Iterative Testing Security of Web Applications

Author

Seiji Munetoh and Nobukazu Yoshioka

Subjects

Web development, business.industry, Computer science, Development testing, Web application security, Computer security, computer.software_genre, Security testing, Software security assurance, Application security, Web application, business, Web application development, Software engineering, computer

Abstract

A framework based on a scripting language is commonly used in Web application development, and high development efficiency is often achieved by applying several Agile development techniques. However, the adaptation of security assurance techniques to support Agile development is still underway, particularly from the developer's perspective. The authors have addressed this problem by developing an iterative security testing method that splits the security test target application into two parts on the basis of the code lifecycle, application logic (“active development code”) and framework (“used code”). For the former, detailed security testing is conducted using static analysis since it contains code that is changed during the iterative development process. For the latter, an abstraction library at the command granularity level is created and maintained. The library identifies the behavior of an application from the security assurance standpoint. This separation reduces the amount of code to be statically inspected and provides a mechanism for sharing security issues among application developers using the same Web application framework. Evaluation demonstrated that this method can detect various types of Web application vulnerabilities.

Published

2015

5. A Case-based Management System for Secure Software Development Using Software Security Knowledge

Author

Atsuo Hazeyama, Masahito Saito, Takanori Kobashi, Takao Ohkubo, Hironori Washizaki, Haruhiko Kaiya, and Nobukazu Yoshioka

Subjects

Resource-oriented architecture, Computer science, Software walkthrough, Secure software development support, Case-based management system for secure software development, computer.software_genre, Computer security, Software development process, Software analytics, Medical software, Software system, Software verification and validation, General Environmental Science, Social software engineering, business.industry, Software as a service, Software development, Software security assurance, Software deployment, Personal software process, Management system, Goal-Driven Software Development Process, Software construction, General Earth and Planetary Sciences, Package development process, Backporting, business, Software engineering, computer, Software project management

Abstract

In recent years, importance on software security technologies has been recognized and various types of technologies have been developed. On the other hand, in spite of recognition of necessity of providing cases that deal with full life cycle for secure software development, only few are reported. This paper describes a case-based management system (CBMS) that consists of an artifact management system and a knowledge-based management system (KBMS) to manage cases for secure software development. The former manages the artifacts created in secure software life cycle. The latter manages software security knowledge. The case-based management system also manages association between artifacts and software security knowledge and supports both visualization among software security knowledge and between artifacts and software security knowledge. We conducted an experiment to evaluate the system. We describe the effectiveness and future work of the system.

Published

2015

6. Literature Survey on Technologies for Developing Privacy-Aware Software

Author

Hironori Washizaki, Takao Okubo, Atsuo Hazeyama, Nobukazu Yoshioka, and Haruhiko Kaiya

Subjects

World Wide Web, Social software engineering, Software analytics, Crowdsourcing software development, Computer science, Privacy software, business.industry, Software deployment, Software security assurance, Software development, business, Data science

Abstract

Software development requires the protection of privacy. However, a body of knowledge does not exist for the development of privacy-aware software. Based on a literature survey, this paper introduces various studies that address knowledge regarding the development of privacy-aware software, and describes the current status and future direction toward building a knowledge base for privacy-aware software development.

Published

2016

7. Implementation Support of Security Design Patterns Using Test Templates

Author

Masatoshi Yoshizawa, Hironori Washizaki, Nobukazu Yoshioka, Takao Okubo, Yoshiaki Fukazawa, and Haruhiko Kaiya

Subjects

aspect-oriented programming, Computer science, Aspect-oriented programming, 02 engineering and technology, computer.software_genre, Software, 0202 electrical engineering, electronic engineering, information engineering, Structural pattern, Test Management Approach, Model-based testing, test-driven development, lcsh:T58.5-58.64, business.industry, lcsh:Information technology, Software development, 020206 networking & telecommunications, 020207 software engineering, Test-driven development, security patterns, model-based testing, Software security assurance, Data mining, business, Software engineering, computer, Information Systems

Abstract

Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an “aspect test template” to observe the internal processing and a “test case template”. Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

Published

2016

8. Modeling and Security in Cloud Ecosystems

Author

Madiha H. Syed, Eduardo B. Fernandez, Hironori Washizaki, and Nobukazu Yoshioka

Subjects

Service (systems architecture), Computer Networks and Communications, Computer science, Software ecosystem, architecture patterns, Cloud computing, 02 engineering and technology, World Wide Web, Architectural pattern, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Software system, software ecosystems, systems security, Cloud computing security, lcsh:T58.5-58.64, lcsh:Information technology, business.industry, cloud computing, reference architectures, security patterns, 020207 software engineering, Metamodeling, Software security assurance, Software engineering, business

Abstract

Clouds do not work in isolation but interact with other clouds and with a variety of systems either developed by the same provider or by external entities with the purpose to interact with them; forming then an ecosystem. A software ecosystem is a collection of software systems that have been developed to coexist and evolve together. The stakeholders of such a system need a variety of models to give them a perspective of the possibilities of the system, to evaluate specific quality attributes, and to extend the system. A powerful representation when building or using software ecosystems is the use of architectural models, which describe the structural aspects of such a system. These models have value for security and compliance, are useful to build new systems, can be used to define service contracts, find where quality factors can be monitored, and to plan further expansion. We have described a cloud ecosystem in the form of a pattern diagram where its components are patterns and reference architectures. A pattern is an encapsulated solution to a recurrent problem. We have recently expanded these models to cover fog systems and containers. Fog Computing is a highly-virtualized platform that provides compute, storage, and networking services between end devices and Cloud Computing Data Centers; a Software Container provides an execution environment for applications sharing a host operating system, binaries, and libraries with other containers. We intend to use this architecture to answer a variety of questions about the security of this system as well as a reference to design interacting combinations of heterogeneous components. We defined a metamodel to relate security concepts which is being expanded.

Published

2016

9. Patterns for security and privacy in cloud ecosystems

Author

Nobukazu Yoshioka, Hironori Washizaki, and Eduardo B. Fernandez

Subjects

Cloud computing security, Computer science, business.industry, Sherwood Applied Business Security Architecture, Cloud computing, Enterprise information security architecture, Computer security model, Computer security, computer.software_genre, Service-oriented modeling, ComputingMilieux_GENERAL, Software security assurance, Software product line, business, computer

Abstract

An ecosystem is the expansion of a software product line architecture to include systems outside the product which interact with the product. We model here the architecture of a cloud-based ecosystem, showing security patterns for its main components. We discuss the value of this type of models.

Published

2015

10. Case Base for Secure Software Development Using Software Security Knowledge Base

Author

Haruhiko Kaiya, Hironori Washizaki, Takao Okubo, Masahito Saito, Takanori Kobashi, Atsuo Hazeyama, Nobukazu Yoshioka, and Azusa Kumagai

Subjects

Resource-oriented architecture, Computer science, Software walkthrough, Computer security, computer.software_genre, Software development process, Software analytics, Knowledge-based systems, Software, Unified Modeling Language, Medical software, Software mining, Software system, Software verification and validation, Software design description, computer.programming_language, Social software engineering, business.industry, Software development, Knowledge base, Design rationale, Software security assurance, Software deployment, Goal-Driven Software Development Process, Personal software process, Software construction, Package development process, Software design, The Internet, Backporting, business, Software engineering, computer

Abstract

The importance of software security technologies has been gaining attention due to the increase in services on the Internet. Various technologies regarding software security have been developed. However, we believe knowledge regarding software security is not integrated, therefore, we have been developing a knowledge base for secure software development. We previously proposed a learning model that associates artifacts created in secure software development with knowledge in the knowledge base as design rationale. However, only a few case studies that addressed a full life cycle for secure software development have been reported. To mitigate this lack in reported case studies, Okubo et al. Created a common task regarding software security. In this study, we developed a case base of secure software development whose artifacts are associated with the knowledge base using this common task as a case.

Published

2015

11. TESEM: A Tool for Verifying Security Design Pattern Applications by Model Testing

Author

Yoshiaki Fukazawa, Haruhiko Kaiya, Masatoshi Yoshizawa, Hironori Washizaki, Takano Okubo, Nobukazu Yoshioka, and Takanori Kobashi

Subjects

Software security assurance, Computer science, White-box testing, Vulnerability management, Computer security model, Computer security, computer.software_genre, Development testing, Security information and event management, Security testing, computer, Secure coding

Abstract

Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process (e.g., the requirement- or design-phase) is insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure designs, we propose extended security patterns, which include requirement-and design-level patterns as well as a new model testing process. Our approach is implemented in a tool called TESEM (Test Driven Secure Modeling Tool), which supports pattern applications by creating a script to execute model testing automatically. During an early development stage, the developer specifies threats and vulnerabilities in the target system, and then TESEM verifies whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

Published

2015

12. Verifying Implementation of Security Design Patterns Using a Test Template

Author

Takao Okubo, Hironori Washizaki, Yoshiaki Fukazawa, Masatoshi Yoshizawa, Haruhiko Kaiya, Nobukazu Yoshioka, and Takanori Kobashi

Subjects

Model-based testing, Database, business.industry, Computer science, Software development, Computer security model, computer.software_genre, Test-driven development, Test harness, Software security assurance, Software design pattern, Test Management Approach, business, computer

Abstract

Although security patterns contain security expert knowledge to support software developers, these patterns may be inappropriately applied because most developers are not security specialists, leading to threats and vulnerabilities. Here we propose a validation method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, which consists of the "aspect test template" to observe the internal processing and the "test case template". Providing design information creates a test from the test template. Because a test template is recyclable, it can create easily a test, which can validate the security design patterns. As a case study, we applied our method to a web system. The result shows that our method can test repetition in the early stage of implementation, verify pattern applications, and assess whether vulnerabilities are resolved.

Published

2014

13. Validating Security Design Patterns Application Using Model Testing

Author

Takao Okubo, Haruhiko Kaiya, Takanori Kobashi, Hironori Washizaki, Yoshiaki Fukazawa, and Nobukazu Yoshioka

Subjects

Security bug, Security pattern, Security service, Computer science, Software security assurance, Security through obscurity, Computer security model, Computer security, computer.software_genre, Security testing, computer, Security information and event management

Abstract

Software developers are not necessarily security specialists, security patterns provide developers with the knowledge of security specialists. Although security patterns are reusable and include security knowledge, it is possible to inappropriately apply a security pattern or that a properly applied pattern does not mitigate threats and vulnerabilities. Herein we propose a method to validate security pattern applications. Our method provides extended security patterns, which include requirement- and design-level patterns as well as a new model testing process using these patterns. Developers specify the threats and vulnerabilities in the target system during an early stage of development, and then our method validates whether the security patterns are properly applied and assesses whether these vulnerabilities are resolved.

Published

2013

14. RAILROADMAP: An Agile Security Testing Framework for Web-application Development

Author

Seiji Munetoh and Nobukazu Yoshioka

Subjects

business.industry, Software security assurance, Computer science, Application security, Web application, Computer security model, Development testing, Web application security, business, Software engineering, Web application development, Security testing

Abstract

We propose a model-assisted security testing framework for developing Web applications. We devised a tool called “RailroadMap” that automatically extracts a behavior model from the code base of Ruby-on-Rails. This model provides a unified point of view for analyzing security problems by representing an application's behavior, which includes all security functions and possible attack scenarios.

Published

2013

15. System security requirements analysis with answer set programming

Author

Nobukazu Yoshioka, Gideon Dadik Bibu, and Julian Padget

Subjects

Security engineering, Answer set programming, Programming language, Computer science, Software security assurance, Security through obscurity, Concrete security, Computer security model, computer.software_genre, Computer security, Security testing, Security information and event management, computer

Abstract

The need for early consideration of security during system design and development cannot be over-emphasized, since this allows security features to be properly integrated into the system rather than added as patches later on. A necessary pre-requisite is the elicitation and analysis of the security requirements prior to system design. Existing methods for the security requirements phase, such as attack trees and misuse case analysis, use manual means for analysis, with which it is difficult to validate and analyse system properties exhaustively. We present a computational solution to this problem using an institutional (also called normative) specification to capture the requirements in the InstAL action language, which in turn is implemented in answer set programming (a kind of logic programming language). The result of solving the answer set program with respect to a set of events is a set of traces that capture the evolution of the model over time (as defined by the occurrence of events). Verification is achieved by querying the traces for specific system properties. Using a simple scenario, we show how any state of the system can be verified with respect to the events that brought about that state.We also demonstrate how the same traces enable: (i) identification of possible times and causes of security breaches and (ii) establishment of possible consequences of security violations.

Published

2012

16. Mutual Refinement of Security Requirements and Architecture Using Twin Peaks Model

Author

Haruhiko Kaiya, Takao Okubo, and Nobukazu Yoshioka

Subjects

Requirements management, Iterative and incremental development, business.industry, Computer science, Software requirements specification, Computer security model, Security testing, Security engineering, Software, Countermeasure, Software security assurance, Formal specification, Application security, Software requirements, Software engineering, business, Software architecture, Reference model, Requirements analysis

Abstract

It is difficult to sufficiently specify software security requirements because they depend on a software architecture that has not yet been designed. Although the Twin Peaks model is a reference model to elicit a sufficient amount of software requirements in conjunction with the architectural requirements, it is still unclear how the security requirements can be elicited while taking the architecture into consideration. We propose a novel method to elicit the security requirements with architecture elaboration based on the Twin Peaks model, which is called the Twin Peaks Model application for Security Analysis (TMP-SA). In our method, security countermeasures for attacks are elicited as the security requirements incrementally according to the refinement of the architecture. We can comprehensively explore the alternatives for the countermeasures (security requirements) and choose the most suitable one for each project because we can focus on the architecture-specific security issues as well as architecture-independent security issues. We have applied our method to several applications and discuss its advantages and limitations. We found that our method is suitable for iterative development, and it enables us to find threats caused by architectural issues that are severely difficult to find when analyzing only the requirements issues.

Published

2012

17. Effective Security Impact Analysis with Patterns for Software Enhancement

Author

Takao Okubo, Haruhiko Kaiya, and Nobukazu Yoshioka

Subjects

Security bug, Security engineering, Traceability, Security pattern, Computer science, Software security assurance, Computer security model, Computer security, computer.software_genre, Security testing, Security information and event management, computer

Abstract

Unlike functional implementations, it is difficult to analyze the impact software enhancements on security. One of the difficulties is identifying the range of effects by new security threats, and the other is developing proper countermeasures. This paper proposes an analysis process that uses two kinds of security pattern: security requirements patterns (SRP) for identifying threats and security design patterns (SDP) for identifying countermeasures at an action class level. With these two patterns and the conventional traceability methodology, developers can estimate and compare the amounts of modifications needed by multiple security countermeasures.

Published

2011

18. Security Patterns

Author

Hironori Washizaki, Charles B. Haley, Haruhiko Kaiya, Armstrong Nhlabatsi, Nobukazu Yoshioka, Bashar Nuseibeh, Arosha K. Bandara, Robin Laney, Shinpei Hayashi, Jan Jürjens, Thein Than Tun, Yijun Yu, Atsuto Kubo, and Haralambos Mouratidis

Subjects

Engineering, Security analysis, business.industry, Computer security model, Computer security, computer.software_genre, Security testing, Security information and event management, Security engineering, Risk analysis (engineering), Security pattern, Software security assurance, Security through obscurity, business, computer

Abstract

Addressing the challenges of developing secure software systems remains an active research area in software engineering. Current research efforts have resulted in the documentation of recurring security problems as security patterns. Security patterns provide encapsulated solutions to specific security problems and can be used to build secure systems by designers with little knowledge of security. Despite this benefit, there is lack of work that focus on evaluating the capabilities of security analysis approaches for their support in incorporating security analysis patterns. This chapter presents evaluation results of a study we conducted to examine the extent to which constructs provided by security requirements engineering approaches can support the use of security patterns as part of the analysis of security problems. To achieve this general objective, the authors used a specific security pattern and examined the challenges of representing this pattern in some security modeling approaches. The authors classify the security modeling approaches into two categories: problem and solution and illustrate their capabilities with a well-known security patterns and some practical security examples. Based on the specific security pattern they have used our evaluation results suggest that current approaches to security engineering are, to a large extent, capable of incorporating security analysis patterns.

Published

2011

19. Aligning Security Requirements and Security Assurance Using the Common Criteria

Author

Takayuki Tobita, Nobukazu Yoshioka, Hiroyuki Kaneko, and Kenji Taguchi

Subjects

Security engineering, Engineering, Security service, Software security assurance, business.industry, Systems engineering, Information security, Computer security model, business, Security testing, Security information and event management, Information security management system

Abstract

This paper presents a new approach, which attempts to provide a basic framework in which security requirements and security assurance can be aligned in a uniform and concise way in a single requirements modelling methodology. This framework aims at providing security requirements modelling method for the system development as well as security assurance under the Common Criteria (IEC/ISO 15408), an international standard for security assurance and evaluation for IT products. We will adopt use case diagrams as a basis for this modelling method and extend them based on a meta model derived from the Common Criteria, which includes all relevant security concepts and their relationships for an analysis of security threats. We take Multi Function Peripherals (MFPs) as a working example and demonstrate how our proposed modelling method can effectively elicit/analyze security requirements in this paper.

Published

2010

20. Modeling Misuse Patterns

Author

Eduardo B. Fernandez, Hironori Washizaki, and Nobukazu Yoshioka

Subjects

Structure (mathematical logic), Pre-play attack, Computer science, Software security assurance, Context (language use), Computer security, computer.software_genre, computer, Software quality, TRACE (psycholinguistics), Variety (cybernetics), Object-oriented design

Abstract

Security patterns are now starting to be accepted by industry. Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks but it is not clear to an inexperienced designer what pattern should be applied to stop a specific attack. They are not useful either for forensics because they do not emphasize the modus operandi of the attack. To complement security patterns, we have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of attack is performed (what units it uses and how), defines precisely the context of the attack, analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. We present here a model that characterizes the precise structure of this type of pattern.

Published

2009

21. Misuse Cases + Assets + Security Goals

Author

Kenji Taguchi, Takao Okubo, and Nobukazu Yoshioka

Subjects

Business requirements, Cloud computing security, Computer science, Vulnerability, Misuse case, Requirements elicitation, Computer security model, Asset (computer security), Computer security, computer.software_genre, Security information and event management, Security testing, System requirements, Security engineering, Unified Modeling Language, Risk analysis (engineering), Software security assurance, Formal specification, Security through obscurity, Security convergence, Security management, Requirements analysis, Formal verification, computer, computer.programming_language

Abstract

Security is now the most critical feature of any computing systems. Eliciting and analyzing security requirements in the early stages of the system development process is highly recommended to reduce security vulnerabilities which might be found in the later stages of the system development process. In order to address this issue, we will propose a new extension of the misuse case diagram for analyzing and eliciting security requirements with special focus on assets and security goals. We will also present the process model in which business requirements and system requirements related to security features are separately analyzed and elicited in different phases. This process model helps us to analyze the requirements related to business goals in an earlier phase and to the system goals in a later phase so that any concerns related to them are dealt with separately. We will illustrate our approach with a case study taken from an accounting software package.

Published

2009

22. A survey on security patterns

Author

Hironori Washizaki, Katsuhisa Maruyama, and Nobukazu Yoshioka

Subjects

General Computer Science, business.industry, Computer science, Software development, Library and Information Sciences, computer.software_genre, Computer security, Phase (combat), Security engineering, Code refactoring, Software security assurance, Software design pattern, Software system, Software engineering, business, computer

Abstract

Security has become an important topic for many software systems. Security patterns are reusable solutions to security problems. Although many security patterns and techniques for using them have been proposed, it is still difficult to adapt security patterns to each phase of software development. This paper provides a survey of approaches to security patterns. As a result of classifying these approaches, a direction for the integration and future research topics is illustrated.

Published

2008