Tools for model-based security engineering

Jürjens, Jan; Fox, Jorge

doi:10.1145/1134285.1134423

Cited by 13 publications

(5 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Configurations for authentication and access control policy are discussed in [11][12] [13]. Reference [14] describes a security extension of UML for a distributed environment system, and they evaluated their approach. Reference [15] applies Model-Driven Development to security configuration for Web Services, but their target is a configuration for RBAC, which is different from our WS-Security configuration.…”

Section: Discussion and Related Workmentioning

confidence: 99%

Methodology and Tools for End-to-End SOA Security Configurations

Satoh

Nakamura

Mukhi

et al. 2008

2008 IEEE Congress on Services - Part I

View full text Add to dashboard Cite

The configuration of non-functional requirements, such as security, has become important for SOA applications, but the configuration process has not been discussed comprehensively. In current development processes, the security requirements are not considered in upstream phases and a developer at a downstream phase is responsible for writing the security configuration. However, configuring security requirements properly is quite difficult for developers because the SOA security is cross-domain and all required information is not available in the downstream phase. To resolve this problem, we clarify how to configure security in the SOA application development process, and define the developer's roles in each phase. Additionally, supporting technologies to generate security configurations are proposed: Model-Driven Security and Pattern-based Policy Configuration. Our contribution is proposing a methodology for end-to-end security configuration for SOA applications and tools for generating detailed security configurations from the requirements specified in upstream phases model transformations, making it possible to configure security properly without increasing developers' workloads.

show abstract

Section: Discussion and Related Workmentioning

confidence: 99%

Methodology and Tools for End-to-End SOA Security Configurations

Satoh

Nakamura

Mukhi

et al. 2008

2008 IEEE Congress on Services - Part I

View full text Add to dashboard Cite

show abstract

“…However, steps (4) to (7) can be fully automated and are thus repeatable, given that the specifications from (1) to (3) are established manually. The time and effort spent on steps (1) to (3) can be considered as an overhead to the normal software development process, while steps (4) to (7) save the effort to accommodate changes in the evolving system.…”

Section: A Brief Overview Of the Approachmentioning

confidence: 99%

“…In this approach, recurring security requirements (such as secrecy, integrity, authentication and others) and security assumptions on the system environment, can be specified either within a UML specification (using the UML extension UMLsec [1]), or within the source code (Java or C) as annotations. One can then formally analyse the UMLsec models against the security requirements using the UMLsec tool suite which makes use of model checkers and automated theorem provers for first-order logic (see Figure 2 and [3,4]). The approach has been used successfully in a number of industrial applications (e.g., at BMW [5] and O 2 (Germany) [6]).…”

Section: Introductionmentioning

confidence: 99%

Run-Time Security Traceability for Evolving Systems

Bauer

Jürjens

2010

The Computer Journal

View full text Add to dashboard Cite

Security-critical systems are challenging to design and implement correctly and securely. A lot of vulnerabilities have been found in current software systems both at the specification and the implementation levels. This paper presents a comprehensive approach for model-based security assurance. Initially, it allows one to formally verify the design models against high-level security requirements such as secrecy and authentication on the specification level, and helps to ensure that their implementation adheres to these properties, if they express a system's run-time behaviour. As such, it provides a traceability link from the design model to its implementation by which the actual system can then be verified against the model while it executes. This part of our approach relies on a technique also known as run-time verification. The extra effort for it is small as most of the computation is automated; however, additional resources at run-time may be required. If during run-time verification a security weakness is uncovered, it can be removed using aspectoriented security hardening transformations. Therefore, this approach also supports the evolution of software since the traceability mapping is updated when refactoring operations are regressively performed using our tool-supported refactoring technique. The proposed method has been applied to the Java-based implementation JESSIE of the Internet security protocol SSL, in which a security weakness was detected and fixed using our approach. We also explain how the traceability link can be transformed to the official implementation of the Java Secure Sockets Extension (JSSE) that was recently made open source by Sun.

show abstract

“…One can find these models being used in the requirements phase (i.e. the DDP tool described below), design refactoring using patterns [25], software integration [18], model-based security [40], and performance assessment [6]. Many researchers have proposed support environments to help explore the increasingly complex models that engineers are developing.…”

Section: Requirements Analysis Toolsmentioning

confidence: 99%

Finding robust solutions in requirements models

et al. 2009

View full text Add to dashboard Cite

Abstract. Solutions to non-linear requirements engineering problems may be "brittle"; i.e. small changes may dramatically alter solution effectiveness. Hence, it is not enough to just generate solutions to requirements problems-we must also assess solution robustness. The KEYS2 algorithm can generate decision ordering diagrams. Once generated, these diagrams can assess solution robustness in linear time. In experiments with real-world requirements engineering models, we show that KEYS2 can generate decision ordering diagrams in O(N 2 ). When assessed in terms of terms of (a) reducing inference times, (b) increasing solution quality, and (c) decreasing the variance of the generated solution, KEYS2 out-performs other search algorithms (simulated annealing, ASTAR, MaxWalkSat).

show abstract

Tools for model-based security engineering

Cited by 13 publications

References 9 publications

Methodology and Tools for End-to-End SOA Security Configurations

Methodology and Tools for End-to-End SOA Security Configurations

Run-Time Security Traceability for Evolving Systems

Finding robust solutions in requirements models

Contact Info

Product

Resources

About