Modeling and Applying Security Patterns Using Contextual Goal Models

Security patterns have been proposed to help analysts with little security knowledge to tackle repetitive security design tasks. Although advanced research in this field has produced an impressive collection of patterns, they are not well integrated with security requirements analysis and not easy to apply. Goal-oriented modeling languages have been proposed as an effective way to capture requirements, including security requirements, for socio-technical systems. In this paper, we argue that modeling and analyzing security patterns in contextual goal models can facilitate their applications and magnify their influences in system security design. Particularly, we present a mapping between security patterns and contextual goal models, and provide practical guidelines for transforming textual security patterns into the goal models. In addition, we propose a systematic process for applying security patterns, and discuss how it can be combined with existing security requirements analysis approaches.