Formal analysis and design for engineering security automated derivation of formal software security specifications from goal-oriented security requirements

Hassan, Riham; Eltoweissy, Mohamed; Bohner, Shawn A.; El-Kassas, Sherif

doi:10.1049/iet-sen.2009.0059

Cited by 12 publications

(11 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Finally, the resulting implementation is validated against the acceptance test cases. For more details about FADES, refer to [2,3].…”

Section: Overview Of Fadesmentioning

confidence: 99%

“…We have presented the FADES (Formal Analysis and Design for Engineering Security) approach in [2,3] to connect the two worlds of semi-formal and formal techniques using some sort of transformation for building highly secured software. FADES Relaxes formality during security requirements analysis through employing the KAOS (Knowledge Acquisition for autOmated Specifications) framework to facilitate reasoning about security requirements and organizing them in a well-structured format, which is the KAOS Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Towards safe and productive development of secure software

Hassan

Bohner

Eltoweissy

2010

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research

View full text Add to dashboard Cite

Cost effective development of secure software is a key goal for many software organizations as they seek to manage the risks of misbehaving software. Employing Formal Methods (FMs) in the Model-Based Software Engineering (MBSE) paradigm that systematically produces software systems through modeling, simulation, reuse and automation provides a reasonable approach for developing highly secure software in a productive manner. MBSE approaches introduce some complexities at the beginning of the lifecycle, but save substantial time in production and delivery by identifying and resolving defects/errors early and reducing rework. On the other hand, the expertise needed for FMs and the concomitant costs often inhibit their wide employment in securing large and complex software systems. In this paper, we report our experience with Formal Analysis and Design for Engineering Security (FADES) an approach we introduced two years ago at this venue. Through systematic and automated transformation from semiformal requirements specifications to formal design, FADES facilitates embedding FMs into the development lifecycle of secure software systems. We outline the case studies and validation of FADES feasibility for the design and implementation of secure software systems. Promising experience with FADES was a necessary precursor to our work on generalizing FADES and our proposal to direct FADES toward being an MBSE approach. We discuss how the formality, transformation, reuse and automation in FADES may further enhance the MBSE-based production and delivery of secure software.

show abstract

“…Finally, the resulting implementation is validated against the acceptance test cases. For more details about FADES, refer to [2,3].…”

Section: Overview Of Fadesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Towards safe and productive development of secure software

Hassan

Bohner

Eltoweissy

2010

Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research

View full text Add to dashboard Cite

show abstract

“…Goal orientation cannot only be used for understanding the domain and organizational setting, but can also be used for the derivation of test cases. [32] and [33] support alignment through this approach. Improved testing: This group (3 studies) supports alignment by focusing more on the improvement of testing, but do not discuss test generation.…”

Section: Focus Of Research (Rq2)mentioning

confidence: 99%

What Do We Know about Alignment of Requirements Engineering and Software Testing?

Karhapää

Haghighatkhah

Oivo

2017

Proceedings of the 21st International Conference on Evaluation and Assessment in Software Engineering

View full text Add to dashboard Cite

Context:The alignment of different software engineering activities for coordinated functioning and optimized product development is of great importance, particularly in industrialscale development. The link between intermediate activities has been researched extensively, but the link between requirements engineering (RE) and software testing (ST) is a relatively less explored area. Objective: The objective of this study is to aggregate, structure, and classify all existing research regarding alignment of RE and ST published by the end of 2015. Method: We conducted a systematic mapping study (SMS) and aggregated all studies relevant to our scope. The primary studies are analyzed in terms of publication trend, focus area, i.e., how alignment is supported, the application domain and benefits and challenges, methodological data, and scientific rigor and industrial relevance. Results: There is a growing interest towards the topic. Several different techniques have been identified to improve RE and ST alignment. Test generation from requirements specification has received most attention. Alignment of RE and ST is particularly important for large safety-critical domains. While many challenges have been reported, the supporting evidence for benefits is scarce. Frameworks/methods/techniques is the most frequent contribution type. Solution proposal and evaluation research were the most frequently applied research type. Case study research was the most frequently applied research method, however, almost half of the studies did not clearly report any research method. Conclusion: Despite the numerous approaches that are proposed, it is not clear what approach is suitable in what context and why. To support industry in RE and ST alignment, guidelines and tool support are needed. The supporting evidence for claimed benefits is very limited. Overall, the research area is in its early stages and an increase in both the number and rigor of empirical studies are required.

show abstract

“…In 2010, R. Hassan, M. Eltoweissy, S. Bohner and S. ElKassas [12] proposed FADES that is formal analysis and design for engineering security as the security engineering approach and using FADES also proposed an automated process to find out the security specifications. They also derived the acceptance test cases from security requirements.…”

Section: Frameworkmentioning

confidence: 99%

A Categorized Review on Software Security Testing

Mahendra¹,

Khan²

2016

IJCA

View full text Add to dashboard Cite

The main objective of security testing is to check the weaknesses of the implemented security mechanism. It is done for finding the vulnerabilities of a system and to determine whether the system is protected from intruders or not. Security testing can be done prior to production or after the production of the system. But, if the security testing is done after the production, then cost will be more and the huge amount of rework will be required to remove the problems. Also the time between the vulnerability is get known and the malicious attack against it, is becoming less. Therefore it is required to include the security testing in the early phases of software development life cycle. The present paper deals with the review of software security testing approaches and techniques proposed so far. The review is presented in a categorized way and tabulated for the last one and half decade (2000)(2001)(2002)(2003)(2004)(2005)(2006)(2007)(2008)(2009)(2010)(2011)(2012)(2013)(2014)(2015).

show abstract

Formal analysis and design for engineering security automated derivation of formal software security specifications from goal-oriented security requirements

Cited by 12 publications

References 1 publication

Towards safe and productive development of secure software

Towards safe and productive development of secure software

What Do We Know about Alignment of Requirements Engineering and Software Testing?

A Categorized Review on Software Security Testing

Contact Info

Product

Resources

About