Service-based software systems are a useful concept recently developed to support the development of systems offering functions (the so-called services) which may be interrelated or may mutually depend on each other. Although appealing from a practical point of view, the development of service-based software for security-critical systems is, unfortunately, not well understood. Services may easily interact with each other in a way which may have unforeseen consequences on the various security properties provided. In this work, we propose a method for facilitating the development of security-critical service-based software systems using the computer-aided systems engineering tool AutoFocus based on the formal method Focus. We explain our method at the example of a service-based system from the automotive domain.
Security is a very important issue in information processing, especially in open network environments like the Internet.The Common Criteria (CC) is the standard requirements catalogue for the evaluation of security critical systems. Using the CC, a large number of security requirements on the system itself and on the system development can be defined. However, the CC does not give methodological support.In this paper, we show how integrate security aspects into the software engineering process. The activities and documents from the Common Criteria are tightly intertwined with the system development, which improves the quality of the developed system and reduces the additional cost and effort due to high security requirements. For modelling and verification of critical parts of the system, we use formal description techniques and model checking (supported by the graphical CASE tool AuToFocus), which increases both the understanding of the system specification and the system's reliability. We demonstrate our ideas by means of a casestudy, the PalME project--an electronic purse application for Palm handhelds.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.