Systematic quality trade-off support in the software product-line configuration process

Sion, Laurens; Landuyt, Dimitri Van; Joosen, Wouter; Jong, Gjalt de

doi:10.1145/2934466.2934481

Cited by 5 publications

(3 citation statements)

References 28 publications

(38 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In previous work, we developed a reference approach for providing selection support for the safety engineer in making trade-off decisions [11,13]. We offered external and internal variability models for configuring the safety solution for an automotive Hall-Effect sensor and provided tactics to counter the problem of variant explosion.…”

Section: Preliminary Key Resultsmentioning

confidence: 99%

“…We will apply demand-driven, applied research to realize the approach. More specifically, we will test and validate the ideas and approaches in industry cases, as we did in the context of safety [11], and solve the problems encountered in those specific contexts. In the end, we aspire to generalize those solutions or reach conclusions regarding the difficulties in generalizing for security.…”

Section: Research Approachmentioning

confidence: 99%

See 1 more Smart Citation

Towards systematically addressing security variability in software product lines

Sion

Landuyt

Yskout

et al. 2016

Proceedings of the 20th International Systems and Software Product Line Conference

Self Cite

View full text Add to dashboard Cite

With the increasingly pervasive role of software in society, security is becoming an important quality concern, emphasizing security by design, but it requires intensive specialization.Security in families of systems is even harder, as diverse variants of security solutions must be considered, with even different security goals per product. Furthermore, security is not a static object but a moving target, adding variability.For this, an approach to systematically address security concerns in software product lines is needed. It should consider security separate from other variability dimensions. The main challenges to realize this are: (i) expressing security and its variability, (ii) selecting the right solution, (iii) properly instantiating a solution, and (iv) verifying and validating it.In this paper, we present our research agenda towards addressing the aforementioned challenges.

show abstract

Section: Preliminary Key Resultsmentioning

confidence: 99%

Section: Research Approachmentioning

confidence: 99%

Towards systematically addressing security variability in software product lines

Sion

Landuyt

Yskout

et al. 2016

Proceedings of the 20th International Systems and Software Product Line Conference

Self Cite

View full text Add to dashboard Cite

show abstract

“…There were some attempts to cover architectural trade-offs and variant explosions (e.g. [27]), but security and privacy parts were missing. In general, the main shortcomings of the existing state of the art are:…”

Section: Identified Gap and Research Questionmentioning

confidence: 99%

Threat and Risk Management Framework for eHealth IoT Applications

Tomashchuk

2020

Proceedings of the 24th ACM International Systems and Software Product Line Conference - Volume B

View full text Add to dashboard Cite

The impact of the Internet of Things (IoT) on the modern industrial and commercial systems is hard to be underestimated. Almost every domain favours from the benefits that IoT brings, and healthcare does not make an exception. This is also clearly demonstrated by a widespread adoption of eHealth systems that often arise from software product lines. Nevertheless, the benefits that IoT brings come together with new threats and risks. An eHealth system that processes many types of sensitive data sets the context for this thesis. Security and privacy gain crucial importance for successful operation and broad user acceptance of the system because of the properties of the data flows that it initiates and operates. However, due to a large number of feature combinations that originate from the software product line nature of the eHealth system in question, a combinatorial explosion of relevant configurations makes reaching security and privacy goals more difficult. Furthermore, another combinatorial explosion of threats and corresponding mitigation strategies for every configuration complicates the situation even further. Nonetheless, configurations that meet specific risk budgets need to be in place. Within this thesis, a new threat and risk management (TRM) framework will be provided. It is based on STRIDE and LINDDUN methodologies, and it will overcome existing limitations by employing components on feature space modelling, risk-driven scoring, configuration decision support, and regulatory compliance. Research outcomes that have been reached so far show promising developments on the vital framework components. CCS CONCEPTS • Security and privacy → Mobile platform security; Data anonymization and sanitization; Usability in security and privacy; Privacy protections; Mobile and wireless security; Information flow control; • Software and its engineering → Software product lines.

show abstract