Security Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants / by Sven Matthias Peldszus.

Format:

Book

Author/Creator:

Peldszus, Sven Matthias., Author.

Contributor:

SpringerLink (Online service)

Series:

Computer Science (SpringerNature-11645)

Language:

English

Subjects (All):

Data protection.

Computer security.

Data and Information Security.

Security Services.

Principles and Models of Security.

Local Subjects:

Data and Information Security.

Security Services.

Principles and Models of Security.

Physical Description:

1 online resource (XXXVI, 476 pages) : 138 illustrations, 80 illustrations in color.

Edition:

1st ed. 2022.

Contained In:

Springer Nature eBook

Place of Publication:

Wiesbaden : Springer Fachmedien Wiesbaden : Imprint: Springer Vieweg, 2022.

System Details:

text file PDF

Summary:

For ensuring a software system's security, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. An additional burden are variants of software systems. To ensure security in this context, we present an approach based on continuous automated change propagation, allowing security experts to specify security requirements on the most suitable system representation. We automatically check all system representations against these requirements and provide security-preserving refactorings for preserving security compliance. For both, we show the application to variant-rich software systems. To support legacy systems, we allow to reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate the approach in two open-source case studies, the iTrust electronics health records system and the Eclipse Secure Storage. About the author Since 2016, Sven Matthias Peldszus has been working as a research associate at the University of Koblenz-Landau and joined the Ruhr University Bochum after defending this thesis. His research interests include continuous tracing of non-functional requirements over the entire software life cycle and software quality analysis in variant-rich software systems.

Contents:

Introduction

Running Example: iTrust

State of the Art in Secure Software Systems Development

A Walkthrough of the Proposed Development Approach

Program Model for Object-oriented Languages

Model-Synchronization and Tracing

Application to Legacy Projects using Reverse-Engineering

Static Security Compliance Checks

Verification and Enforcement of Security at Run-time

Specification of Variability throughout Variant-rich Software Systems

Security in UML Product Lines

Security Compliance and Restructuring in Variant-rich Software Systems

The GRaViTY Framework

Case Studies

Related Work

Conclusion.

Other Format:

Printed edition:

ISBN:

978-3-658-37665-9

9783658376659

Access Restriction:

Restricted for use by site license.