Abstract

Most of current methodologies for applying security patterns in software development process focus on early stages of the software lifecycle. Although sound and helpful, these approaches must be complemented with the necessary mechanisms to bridge the gap between the abstract solution described in the pattern and the implementations provided in the application. This paper presents our S&D Patterns-driven life-cycle for effectively incorporating security into applications by: (i) helping S&D Experts to describe solutions using a precise and standard description language, (ii) assisting the SW engineer to integrate the pattern solution into applications and (iii) allowing running applications to react to the changing context by handling those solutions semi-automatically.