Constructing Patterns Verification Criteria based on
Quality Attributes: Web Security Context Patterns
Case Study
Pattariya Singpant, Nakornthip Prompoon
Department of Computer Engineering, Faculty of Engineering,
Chulalongkorn University, Bangkok, Thailand
Pattariya.S@student.chula.ac.th, Nakornthip.S@chula.ac.th
Abstract—The proposed patterns for a specific domain were
widely used for the concept of reusing of the resolved problems to
similar ones. The verification criteria for proposed patterns
evaluation are one of the important factors that affect the
patterns quality. This research proposed patterns verification
method and criteria based on quality attributes in order to
improve patterns validity. The method was composed of 4 steps,
verification criteria establishment, experimental design,
experimental execution and results analysis and report. The two
additional verification criteria, Knowledge Transformation and
Patterns Application were proposed while three criteria, Goal,
Source and Representation were proposed by Breaux (2012). In
addition, the quality attributes of 5 verification criteria were
introduced and applied in a case study. They were Achievement,
Functionality, Understandability, Completeness and Consistency,
and Clarification and Application. From our previous work, the
construct patterns of Web Security Context Patterns (WSCP)
were used as a case study. Experts in both academia and industry
sectors were selected to evaluate the WSCP patterns using the 5
evaluation criteria based on the proposed quality attributes as a
list of issues. By using these verification criteria, the experimental
results indicated that the quality of WSCP patterns was assessed
in a high level of satisfaction with an overall mean above 4 from a
5 scale.
Keywords—Quality Attributes; Verification Criteria; Goals;
Sources; Representations; Transformations; Applications; Web
Security Context Patterns;
I. INTRODUCTION
Software patterns, one of the feasible solutions based on
reuse approach, is widely adopt in software engineering field
since the main purpose of the patterns is to applied the proven
solutions for a specific problem in a given domain to a similar
problem [1]. Besides, software patterns have been constructed
and applied to various software engineering processes. For
instance, requirements patterns have been proposed for
preliminary gathering a potential list of needs in software
requirements process [2]. Moreover, Object-Oriented design
patterns have been introduced for developers to select the
appropriate software architecture to support design goal
qualities in term of overall system performance and
maintenance point of view [3]. In a similar way, security is one
of the important concerns of system quality requirements for
different types of applications such as e-commerce, critical
system and information management system [4]. Security
978-1-5090-0806-3/16/$31.00 copyright 2016 IEEE
ICIS 2016, June 26-29, 2016, Okayama, Japan
patterns have been established to cover the main properties of
core security services, Confidentiality (C), Integrity (I),
Accountability (A), and Availability (A) for any project to
apply for a specific security need [5]. In term of application
effectiveness, the empirical study was reported that the
designer treatment group prefers to work with the support of
security patterns [6]. However, the use of proposed security
patterns for a specific system characteristic may be needed to
modify or improve to cover the system features. For example,
another work was studied to identify the feasible gaps of
security patterns for a distributed system [7]. There were many
researches [8-11] have been proposed new types of security
patterns for a specific domain. Likewise, our prior work, the
Web Security Context Patterns (WSCP) have been constructed
in order to improve security concerns in the context of web
user agents [12]. It should be ascertained that the proposed
patterns comply with the target problems. Thus, assuring the
proposed patterns quality, patterns verification process help in
improving two major quality attributes, correctness and
completeness. Thus, it is necessary to verify the WSCP with
the appropriate evaluation method to assure the conformity and
quality concerns.
Previous researches have shown that the identified quality
attributes were used properly with the aims of patterns
evaluation [13-15]. In addition, the empirical study has been
established and introduced three concepts for patterns
validation. There are Goals (What is the goal of the patterns),
Sources (What is the sources of knowledge), and
Representations (How is the pattern described?) [16]. Our
research focus is to consider whether there are additional
verification criteria help to improving patterns quality. There
are two challenging of patterns construction: 1) Knowledge
Transformation from sources to representation and
2) Application of Patterns reflecting the context of use. For
the first challenge, the construction of the patterns content
representation created from the source knowledge is required
knowledge transformation. Thus, some missing part or
incorrectness of content may be occurred. For the second one,
verification between the context of use and the proposed
example resolved part should be performed. Even though, there
was a research [17] informed that the application of patterns
can be effectively done during the software analysis and design
phase. We believe that this verification part can be performed
by expert from investigating the example resolved part whether
the solution application is reasonable. Thus, knowledge
transformation and patterns application are proposed as two TABLE I. INSTANCE OF WEB SECUIRTY CONTEXT PATTERN [12]
additional patterns verification criteria. The guideline for
Pattern Name Error handling and ID WSCP-64
patterns construction and inscription for capturing necessary signaling
context information was reported in [18]. This work provided Description
us the important evidences for patterns verification in both This pattern describes a basic to handle the occurrence errors then signal
knowledge transformation and patterns application. them to users by a severity level ranges from low to high risk. These level are
an error signaling, warning message, and finally danger message.
This study was designed to verify WSCP the proposed Context
patterns based on five verification criteria (GSRTA): Goals, Applying this pattern in order to handle an error occurres in web interactions.
Sources, Representations, Transformations and Applications. A situation similarly to one of errors that stated in WSCP-54.
At the beginning, we investigated the quality attributes and Example
WSC-UseCase 22: Frank regularly reads his email in the morning. This
declared the verification issues for each verification criteria. morning he receives an email that purports to be from his bank and asks him
The evidence identification was performed based on an to verify a recent transaction by clicking on the link embedded in the email.
analysis of patterns’ content and their relationships. Then, the The link does not display the usual URL that he types to get to his bank's
matching evidence with the quality attributes was executed. website, but it does have his bank's name in it. He clicks on the link and is
Prior to conducting an experiment for patterns evaluation based directed to a phishing site. The phishing site has been shut down as a known
fraudulent site, so when Frank clicks on the link he receives the generic Error
on our proposed criteria, the experimental tasks were planned, 404: File Not Found page. Frank is not sure what has occurred.
the treatments were settled, and the statistics evaluation were Problem
defined to collect and analyze the data corresponding to the When an error occurres in a web interaction between users and web agents. If
verification issues representing as a set of questionnaires. the web user agent prompts warning improperly to the severity of the errors
Afterwards, the experiment was conducted by security experts then the users might ignore the notice of the faults.
thru reviewing the proposed patterns, answering the Solutions
Web user agents communicate an information of signaling the errors to users
questionnaire, and giving feedbacks and recommendations. by an Error Indicator through Secondary User Interface. Due to the
Eventually, we discussed the experimental results and lessons severity levels of an error, the handing is devided into 3 classes are error
learned for improving patterns. An overview of our work message, warning message, and danger message.
depicted in Fig. 2. 1. Error Signaling handle with the generic errors that might not harm to the
sysytem. Error signaling SHOULD be phrased in terms of threat to user's
The remainder of this paper is organized as follows: section interests, not technical occurrence.
II describes the proposed pattern and the five verification 2. Warning Messages are intended for situations when the system has good
criteria. Section III addresses quality attributes and a list of reason to believe that the user may be at risk based on the current security
context information, but a determination cannot positively be made. Warning
questionnaires. Section IV describes a plan for the experiment. message MUST interrupt the user's current task, such that the user has to
Section V executes the experiment. Section VI discusses the acknowledge the message.
experimental results. Section VII summarizes the findings and 3. Danger Messages are intended for situations when there is a positively
states future work. identified danger to the user.These interactions MUST be presented in a way
that makes it impossible for the user to go to or interact with the destination
web site that caused the danger situation to occur.
II. RELATED WORK Internal Structure

A. Web Security Context Patterns

The knowledge of patterns was first studied in term of
design patterns that capture together a cyclical architectural
procedure and an instruction for applying this knowledge [3].
In this regard, security patterns was built on the success of
design patterns. Security patterns covered all CIAA security

TLS-protected
X
X

W T

Certificate

Revocation
X
TLS-secured TLSindicator
W
MixedCntent
Example resolved
T X S
According to WSC-UseCase 22: Frank clicks on the link and is directed to a
T
phishing site. The phishing site has been shut down as a known fraudulent
TLS-certificate
site, In this case, Error signaling should be phrased in terms of threat to user's
SiteControlled
PetNames W Chrome
X
X
Content interests, not a technical occurrence. Therefore, when Frank clicks on the link
instead of the generic Error 404: File Not Found page, he receives error
IdentitySignal message states that the page has been shut down due to fraudulent site. Frank
Error-
X
Error- is now notices that what’s going on.
Condition Handling ModifiedDanger
S W
Message Consequences
SecurityContext
S S Handling and signaling the errors by the severity levels are influence to the
Information user experience with the effective warning.
TLS-attacks WarningFatigue APIsExposed See Also
Additional security considerations concerning frequent warning messages,
Fig. 1. Web Security Context Patterns’s Relationship [12] see WSCP-85 for warning fatigue
 Fig. 2. Overview of Patterns Validation
services that capture principles and best practices were
introduced [5]. In exchange for a multiplicity of contexts, a
large number of security patterns have been proposed for a
specific domain [8-11]. Constructing early security patterns
from regulatory documents ensures the consideration of
regulatory requirements in the essence and document during
the software development [7]. From this perspective, the Web
Security Context Patterns (WSCP) [12] has been constructed
through textual and structural analysis of the Web Security
Context: User Interface Guidelines (WSC-UI) [19]. As a
result, 18 patterns have been proposed as shown in Fig. 1 are
represented by class diagram with the entity of patterns and
their relationship. Furthermore, Table I was detailed for the
Error handling and signaling pattern as the example of Web
Security Context Pattern. In this regard, WSCP the proposed
patterns has become a treatment in an experimental design in
order to archive the purpose of pattern verification. In this way,
The WSCP have been being verified and the evidences are
going to be supported in the verification criteria investigation.
B. Verification Criteria
The study of verification criteria has become an important
aspect of patterns verification in order to affirm a good quality
of the implemented patterns. Regarding to Hammar (2010), the
reviewed papers are lacking in empirical validation. A
characteristic of the empirical group have been categorized by
the discussions on context, study design and validation
description quality [20]. In this mean, the experimental
treatments in study design are evidently defined as with the
context of pattern goals. By the way, the validity description
quality need to be analyzed. Thus, numerous quality criteria
[14] have been studied in order to evaluate the patterns.
Moreover, a common finding in the validity of patterns are
from the goals of pattern, the sources of knowledge that the
pattern is derived, and the representation is described the
pattern [16]. Despite the patterns validity was identified, the
attention for patterns verification are need to be more explore.
Therefore, the account of pattern characteristics are exposed
validity in patterns. In other words, the patterns developments
process overcome an attribute that signifies the quality of an
implemented patterns. As revealed by the evolution of pattern
[18]. In considered of transformation, while writing a pattern, a
draft documents such as a traceability matrix has detailed about
the origin of knowledge was matched to the pattern outcomes.
In the furtherance of verification also provide the applicability
of patterns for analysis and design of secure software in an
environments [17]. So that the application was attested by the
context, solutions, example and example resolved that
proposed in each part of patterns. In the interest of the five
verification criteria, GSRTA: goals, sources, representation,
transformations, and application are further investigated for the
measuring quality attributes on the next chapter.
III. IDENTIFY VERIFICATION CRITERIA
In this section, the quality attributes were explored for each
verification criteria remarked in section II. Further, the
evidences from the proposed patterns were revealed to support
the concept of quality attributes. As a result the verification
 TABLE II. TRACEABILITY MATRIX TABLE BETWEEN TRAGET STANDARD AND PROPOSED PATTERNS

Target Standard Proposed Pattern

State. Part of Internal Reference
Knowledge from WSC-UI Pattern ID
ID Pattern Structure Pattern
S126 User agents MAY communicate additional indicators to users. E.g., a user agent could WSCP-64 Solution Error -
additionally display a persistent indicator in a "danger" situation. Part Indicator
S127 For additional security considerations concerning frequent warning messages, see 8.5 WSCP-64 See Also Warning WSCP-85
Warning Fatigue. Part Message Warning
S128 Error signaling that occurs as part of primary user interface SHOULD be phrased in terms WSCP-64 Solution Error -
of threat to user's interests, not technical occurrence. Part signaling
S129 Primary user interface error messages MUST NOT be phrased solely in terms of art. WSCP-64 Solution TLS -
Part Indicator
… … … … … …

issues were declared in order to measure the validity of the
patterns. The process of identifying verification criteria is a
part of Fig. 2. A pyramid of the GSRTA verification criteria
with their quality attributes are supported by the target standard
and the evidences from patterns as an input of the process to
produce quality verification issues. In this way, we had
explored the quality attributes by the identified verification
criteria, afterward we declared the verification issues from the
quality attribute in supporting of the patterns evidence. The
process outcome are questions listed in Table III that will be a
treatments in an experimental design in section IV. Each
verification criteria had been investigated as follow.
A. Goals
From our previous work [12], goal of patterns creation had
been established once we constructed the WSC patterns which
is the conformity to the target standard, WSC-UI. In short, the
goal achievement was considered whether the propose
patterns conform to the target standard. As a result, the
quality attributes of goal achievement was supported by the
sources of knowledge used to develop each pattern. In pattern
description part, it explains the purposed of pattern. The
verification of this part of all patterns must semantically map
to target standard objectives and scope. In order to investigate
that the patterns had been built upon this goal, the questions
were raised as shown in Table III for goal verification criteria.
These issues were intended to test the understanding of the
experimental units to the objective of the proposed patterns
and target standard.
B. Sources
The proposed patterns had been basically gathered from
trusted documented containing security principles and best
practices. In our research, trusted source is WSC-UI standard.
In order to confirm whether content of the mentioned sources is
functional, the target standard was determined by a list of
questions listed in Table III. These questions were answered by
the experimental units using traceability matrix in Table II.
Only 2nd column was used for analyzing by security experts
whether knowledge proposed in the target standard is suitable
for practice and did not conflict with security principles.
C. Representations
Contents of source knowledge were controlled under the
patterns representation in term of pattern structure, element,
content, and patterns relationships. Therefore, well-formed
representation of the patterns influences the understandability
for applying the proposed patterns. In this case, the proposed
patterns had been presented in the pattern templates which
organized by the basic elements depicted in Table I.
In additional, the relationship among patterns had shown in
Fig. 1. These attributes were used to extract verification issues
listed in Table III in order to verify the content representations
of the proposed patterns.
D. Transformations
The proposed patterns had been generated from the target
standard. Traceability matrix table as shown in Table II was
constructed as a tool for backward traceability from the
proposed pattern to the target standard. Semantically
verification of content consistency and content completeness
between both documents was performed. For each pattern, the
content consistency among related elements must be verified.
There were two types of consistency checking, 1) between
solution part and internal structure part and 2) between
problem part and solution part. After analyzing, relevant terms
were underlined and bold in the solution part in order to
explicitly show that such content must be depicted in the
internal structure part as a class name as shown in Table I.
E. Applications
An application criterion is concerned with the content
described in an example and exampled resolved part in term of
level of clarification explanation and ease of application in the
real case since these two parts mainly focus on the issue or
problem and the correspondence application. In addition, these
two parts must be conformed to the scope of the context and
problems. The content of an example of error handling and
signaling was shown on Table I. All patterns quality
evaluation criteria of the application were listed for expert
assessment as shown in Table III.
F. Supporting Evidences
The supporting evidences were identified in order to
evaluate the proposed patterns. To the extent of the verification
criteria, the quality attributes were explored and supported by
the evidences from the patterns construction were depicted in
Fig. 2. There are 3 supporting evidences as located on the left
and the right sides of the verification criteria and quality
attributes: (1) Target standard, (2) Traceability Matrix, and
(3) Elements of patterns.
 1) Target Standard – a document represents source of TABLE III. THE VERIFICATION ISSUES ORGANISED BY CRITERIA
knowledge and must be basically analyzed and used to No. Questions List
construct the goals of proposed patterns. In this case, the Verification Criteria 1: Goals
proposed patterns had been extracted from the Web Security 1 Level of understanding the importance and objective of the
Context: User Interface Guidelines (WSC-UI) [19]. proposed patterns, before and after the experimental explanation.
Verification Criteria 2: Sources
Consequencely, the WSC-UI document became the target 2 Level of understanding of the target standard content, before and
standard that was granted to verify the goals and sources of after the experimental explanations.
the WSC proposed patterns. Target standard was used as a 3 Content of the WSC-UI target standard consistents with security
principles and practices: Section 5 Apply TLS to the Web
source of verification reference for completeness and 4 Content of the WSC-UI target standard consistents with security
consistency of the proposed patterns. principles and practices: Section 6 Indicators and Interactions
2) Traceability Matrix Table – a record, each line of the 5 Content of the WSC-UI target standard consistents with security
traceability table, traces the transition from the source to the principles and practices: Section 7 Robustness Best Practices
6 Content of the WSC-UI target standard consistents with security
patterns representation. Referring to Table II, the first two principles and practices: Section 8 Security Considerations
columns are referred to the source of knowledge, while the Verification Criteria 3: Representations
rest four columns are related to the proposed patterns contents. 7 The structure and elements of proposed patterns are well-organized.
Initially, the traget standard had been splited into statements 8 The suitability of the patterns structure and their components
9 The ease of understandability of the defined pattens relationships
and referenced by statements ID. Subsequently, the proposed 10 Contents of the proposed patterns are clearly defined and ease of
patterns had been labeled with pattern ID, and indicated part understanding.
of the destination patterns. In addition, the internal structure Verification Criteria 4: Transformations
11 The content of the source knowledge was completely transformed
contains keywords extracted from source document. Finally, to the content in the proposed patterns.
the related patterns were listed in reference pattern column in 12 The consistency between problem and proposed solution for each
order to fulfill the referring mentioned in the original sentence proposed pattern
of the source document. 13 UML Class diagram appeared in the internal structure part reflects
and covers the content of the solution.
3) Elements of Patterns – the proposed patterns are Verification Criteria 5: Applications
organized into distinctive elements. Each part of patterns were 14 Scenarios of problem defined in the problem part and example
considered their characteristic in order to investigate with the resolved part are clearly defined for the application.
earlier verification criteria. In this way, the propsed patterns, 15 The context, structure, and patterns’ relationship of the proposed
patterns are well-defined and ease of use.
for instance, error handling and signaling was represented in 16 The proposed patterns enhance the understandability of the target
Table I to illustrate the complete elements. The underlined standard for the application.
elements had been stated earlier are Internal Structure, Global 17 Benefit for having security concerns of the systems analysis and
design.
Structure, and Example Resolved. Internal Structure is an
entity extracted from the pattern solutions and represented by TABLE IV. THE EXPERIMENTAL TREATMENTS GROUPING
a class diagram. Global Structure depicts relationship among
Experimental Web Security Context Traceability
patterns in Fig. 2. Example Resolve describes a context of the Group
Units Patterns Matrix
problem domain and the practical solutions. Group1 4 Persons 51, 52, 53, 61, 71, 72. Yes
The above evidences had explored the quality attributes for Group2 4 Persons 51, 54, 64, 71, 73, 85 Yes
each verification criteria. Evidently, the goal and source were Group3 4 Persons 51, 61, 62, 71, 74 Yes
held with the target standard. Meanwhile the representation Group4 4 Persons 51, 71, 81, 82, 83, 84, 86 Yes
was carried by the form of patterns for instance templates, class 4 Groups 16 Persons 18 Patterns 18 Tables
diagrams, and relationship among patterns. The transformation
was captured by traceability matrix. Finally the application was experiment, an experimental unit involved 16 master students
maintained in context, solutions, problems, example cases and enrolled in an information security course from normal and
example resolved. weekend program since the participants from normal program
has intensively studied full-time course while students from
IV. EXPERIMENTAL DESIGN weekend program has experienced in security industrial
practice. In our study, experimental units were divided into
The objective of the experiment is to verify the proposed
four groups according to the patterns groups; each group has
patterns using the proposed quality attributes, GSRTA, thru the
4 students from both programs in order that the characteristic
identified questions list as shown in Table III. In this section,
of participants were distributed.
an experiment was planned for collecting relevant data for
evaluation. As well as, objects for the verification were defined
as follows: units, treatments, and criteria. B. Experimental Treatments
1) Web Security Patterns. All patterns were analyzed to
A. Experimental Units specify the common patterns must be used by the others.
The evaluation method is basically based on security expert WSCP-51 and WSCP-71 pattern has been used by the others.
matter. The security principles and experience need to be In addition, the related patters were grouped as shown in
concerned in the security patterns verification. In our Fig. 2. To balance the workload of experimental units,
classified to 4 groups, each group was assigned to evaluate a
group of relevant patterns with approximately the same
number of pages. Each group contained set of patterns as
shown in Table IV.
2) Questionnaires. A list of questions from Table III was
organised in 3 parts: overall, patterns, and application.
Objective and importance of our work was listed in an overall
part. Proposed patterns opinions were asked in patterns part.
Appication opinions of the proposed patterns were asked in
patterns application part. The quality attributes were selected
and located for each part according to our experimental
purpose. Also, the papers for taking notes and comments are
included in a questionnaire booklet.
3) Traceability Matrix. As defined in Table II, it was used
for reference handling for the patterns content and the target
standard.
C. Experimental Criteria
The 5-point Likert-scale, a linear scale indicating the extent
respondents agree or disagree for each question, is used in our
experiment to earn the level of satisfaction of the experimental
unit. The score was rated from 5 scored that implies strongly
agree thru 1 scored implies strongly disagree. Two statistics,
Mean and Standard Deviation (SD), were used to evaluate the
experiment result.
V. EXPERIMENTAL EXECUTION
Experimental execution was performed according to our
plan. The processes began with providing an overview of our
research and background of target standard and the proposed
pattern. Then, the content of questionnaires was explained to
clarify the misunderstanding issues. The experimental units
performed their assigned tasks. Then, data collecting,
validating and analyzing were executed.
VI. RESULT
The Mean and SD of all samples was 4.35 and 0.22 scores.
Almost overall means of all patterns evaluation is above 4. As
shown in Fig. 3, the highest average is WSCP-53 pattern with
4.75 scores, while the lowest average score is WSCP-62 with
3.90 scores. This indicated that the proposed patterns had a
high degree of satisfaction by the experimental units. However,
one of the important feedbacks was the complexity of terms
used and their definitions. We had collect recommendations for
each quality attribute. Goal and Source had no
recommendation while Representation, Transformation and
Application had 7, 7 and 4 respectively. For example, in
Representation, there was suggestion about the elements order
in pattern structure, such as an Example part should be
appeared after a Problem part. In Transformation part, using
the provided traceability table, there were some missing links
between content in source standard target and the proposed
patterns. In Application, some experimental units requested to
include additional pictures to help them understand the
application visualization. For example, capturing screen
content from the real example solved was important for them
to realize to the actual situation scenarios.
WSCP-51
WSCP-86 5.00 WSCP-52
WSCP-85 4.00 WSCP-53
3.00
WSCP-84 WSCP-54
2.00
WSCP-83 1.00 WSCP-61
0.00
WSCP-82 WSCP-62
WSCP-81 WSCP-63
WSCP-74 WSCP-64
WSCP-73 WSCP-71
WSCP-72
Average Standard Deviation
Fig. 3. The Average and S.D. Scored of Patterns Validation
VII. CONCLUSION AND FUTURE WORK
This research proposed verification method and criteria for
patterns construction using Web Security Context Patterns
Case Study in order to improve the quality of the proposed
patterns. The two additional verification criteria, Knowledge
Transformation and Patterns Application were proposed while
three criteria, Goal, Source and Representation were proposed
by Breaux (2012). From 5 verification criteria, the quality
attributes, Achievement (measuring conformance to the target
standard), Functionality (coverage level of including best
practices and principles), Understandability (ease of
understanding of patterns structure, relationship and content),
Completeness and Consistency (between target standard,
patterns and within patterns), and Clarification and Application
(clarification of proposed exampled solved and coverage of
application situations) were established.
Each verification criteria and their attributes were analyzed
to construct a list of questions to be evaluated the case study
patterns by experts from both academia and industry. By using
these proposed quality attributes, the experimental result
shown that WSCP patterns were satisfied by the experimental
units in a high level (above 4 from a scale of 5). Moreover,
feedback and suggestions from experts help us improve
proposed patterns’ content.
In the future, by using the proposed evaluation criteria, the
quality of our proposed patterns, web security context patterns,
will be in a situation that can be expanded for constructing a set
of requirements more efficiently for the ease of patterns
application. Essentially, grammars based on patterns contents
and their relationships will be created for generating a semi-
automatic web user agent requirements specification.
REFERENCES
[1] "Software Patterns," Guide to the Unified Process featuring UML, Java
and Design Patterns, pp. 209-219, London: Springer London, 2003.
[2] X. Franch, “Software requirement patterns,” in Proceedings of the 2013
International Conference on Software Engineering, San Francisco, CA,
USA, 2013, pp. 1499-1501.
[3] E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design Patterns:
Elements of Reusable Object-Oriented Software, 1995.
[4] D. Mairiza, D. Zowghi, and N. Nurmuliani, “An investigation into the
notion of non-functional requirements,” in Proceedings of the 2010
ACM Symposium on Applied Computing, Sierre, Switzerland, 2010, pp.
311-317.
[5] M. Schumacher, E. Fernandez, D. Hybertson, and F. Buschmann,
Security Patterns: Integrating Security and Systems Engineering: John
Wiley, 2005.
[6] K. Yskout, R. Scandariato, and W. Joosen, "Do Security Patterns Really
Help Designers?." pp. 292-302, 2015.
[7] A. V. Uzunov, E. B. Fernandez, and K. Falkner, “Securing distributed
systems using patterns: A survey,” Computers & Security, vol. 31, no. 5,
pp. 681-703, 2012.
[8] R. A. Gandhi, and M. Rahmani, "Early security patterns: A collection of
constraints to describe regulatory security requirements." pp. 17-22,
2012.
[9] V. Patu, and S. Yamamoto, "Identifying and Implementing Security
Patterns for a Dependable Security Case -- From Security Patterns to D-
Case." pp. 138-142, 2013.
[10] S. Moral-García, S. Moral-Rubio, D. G. Rosado, E. B. Fernández, and
E. Fernández-Medina, “Enterprise security pattern: A new type of
security pattern,” Security and Communication Networks, vol. 7, no. 11,
pp. 1670-1690, 2014.
[11] B. Hamid, S. Gürgens, and A. Fuchs, “Security patterns modeling and
formalization for pattern-based development of secure software
systems,” Innovations in Systems and Software Engineering, pp. 1-32,
2015.
[12] P. Singpant, and N. Prompoon, "A Method for Web Security Context
Patterns Development from User Interface Guidelines Based on
Structural and Textual Analysis," Information Science and Applications,
J. K. Kim, ed., pp. 541-550, Berlin, Heidelberg: Springer Berlin
Heidelberg, 2015.
[13] K. Mehmood, S. S. S. Cherfi, I. Comyn-Wattiau, and J. Akoka, "A
pattern-oriented methodology for conceptual modeling evaluation and
improvement." pp. 1-11, 2011.
[14] C. Rolland, J. Stirna, N. Prekas, P. Loucopoulos, A. Persson, and G.
Grosz, "Evaluating a Pattern Approach as an Aid for the Development
of Organisational Knowledge: An Empirical Study," Advanced
Information Systems Engineering: 12th International Conference,
CAiSE 2000 Stockholm, Sweden, June 5–9, 2000 Proceedings, B.
Wangler and L. Bergman, eds., pp. 176-191, Berlin, Heidelberg:
Springer Berlin Heidelberg, 2000.
[15] M. Niwe, and J. Stirna, "Organizational Patterns for B2B Environments
–Validation and Comparison," Enterprise, Business-Process and
Information Systems Modeling: 10th International Workshop, BPMDS
2009, and 14th International Conference, EMMSAD 2009, held at
CAiSE 2009, Amsterdam, The Netherlands, June 8-9, 2009.
Proceedings, T. Halpin, J. Krogstie, S. Nurcan, E. Proper, R. Schmidt,
P. Soffer and R. Ukor, eds., pp. 394-406, Berlin, Heidelberg: Springer
Berlin Heidelberg, 2009.
[16] T. D. Breaux, H. Hibshi, A. Rao, and J. Lehker, "Towards a framework
for pattern experimentation: Understanding empirical validity in
requirements engineering patterns." pp. 41-47, 2012.
[17] R. Ortiz, S. Moral-García, S. Moral-Rubio, B. Vela, J. Garzás, and E.
Fernández-Medina, "Applicability of Security Patterns," On the Move to
Meaningful Internet Systems: OTM 2010: Confederated International
Conferences: CoopIS, IS, DOA and ODBASE, Hersonissos, Crete,
Greece, October 25-29, 2010, Proceedings, Part I, R. Meersman, T.
Dillon and P. Herrero, eds., pp. 672-684, Berlin, Heidelberg: Springer
Berlin Heidelberg, 2010.
[18] M. Riaz, and L. Williams, "Security requirements patterns:
understanding the science behind the art of pattern writing." pp. 29-34,
2012.
[19] W3C. "Web Security Context: User Interface Guidelines," 11 August,
2013; http://www.w3.org/TR/2010/REC-wsc-ui-20100812/.
[20] K. Hammar, and K. Sandkuhl, "The state of ontology pattern research a
systematic review of ISWC, ESWC and ASWC 2005-2009." pp. 5-17.