Buckkapitel
Status | Diese Publikation wird noch veröffentlicht. |
Autoren | Christopher Haubeck, Jan Ladiges, Winfried Lamersdorf, Abhishek Chakraborty, Alexander Fay, et al. |
Titel | Maintaining Security in Software Evolution |
Publiziert in | DFG SPP1593 - Book of Results |
Kapitel | 2 |
Verlag | Springer-Verlag, Heidelberg - New York |
Datum | 2018 |
Zusammenfassung | Long-living systems evolve in functionality, and their quality aspects evolve as well. A secure system may become insecure without any change in the system itself. The knowledge to recognize attacks and to preserve security must keep up with growing attacker knowledge. Information security tends to degrade much faster than other quality properties in case of changes. Unclear side-effects are one of the reasons for that phenomenon. Factors affecting security are not explicitly handled at design time. Relevant information like how the software is operated by an administrator or used by a customer is usually neglected in software evolution. We propose a security modeling and analysis approach on architectural level to support architects and developers in early development phases and during software evolution. We integrate security aspects in existing architecture description languages to ensure and validate security properties of software-intensive systems throughout the entire life-cycle, and provide a lightweight analysis process for faster reactions on security-related evolutionary changes. In SecVolution, a variety of informal input sources, such as stakeholders, white hats, or laws, were used to spot security-related material. Since requirements and laws, for example, are written in natural language, they are scanned for suspicious words and contents. The rare resource of security experts can then focus on that material. SecVolution is characterized by the fact that it spans the spectrum from informal natural-language input to formal security analysis and preservation. The ADVERT project developed an approach for integrating architecture model information with program code, which creates a bidirectional mapping between model elements and code structures. These foundations can be applied to automatically structure program code so that it contains model-based security properties, and therefore survives code evolution. In FYPA²C anomalies during runtime are considered that can indicate a potential leak or vulnerability. The variability addressed in this contribution refers to the change over time. Security is the quality focus, which is maintained during the very early phases of a project, an update, or a change. |
Andere Formate | Din 1501 |
Assoziiertes Projekt
Linked Forever Young Production Automation with Active Components
DFG Priority Programme 1593/2 (In cooperation with HSU, Hamburg)
Dr. Christopher Haubeck, Abhishek Chakraborty, Dr. Jan Ladiges, Dr. Alexander Pokahr, Heiko Bornholdt, Prof. Dr. Lars Braubach, Professor Dr. Alexander Fay, Prof. Dr. Winfried Lamersdorf
|
Debug Info for generation of "last modified"publications_599 (2018-07-18 11:27:47) | publication2person_599_4 (2018-07-18 11:27:47) | textFragments_en_1031 (2018-07-18 11:27:47) | persons_4 (2004-12-16 19:22:00) | persons_4 (2015-10-09 23:55:09) | persons_4 (2015-10-09 23:56:22) | persons_4 (2016-01-14 14:48:32) | persons_4 (2019-12-20 17:54:41) | persons_4 (2021-08-23 15:46:06) | publication2person_599_890 (2018-08-25 18:33:43) | persons_890 (2012-10-18 15:24:00) | persons_890 (2019-12-20 18:01:40) | persons_890 (2023-02-01 12:28:54) | publication2person_599_890 (2018-07-18 11:27:47) | publication2person_599_1628 (2018-07-18 11:27:47) | publication2person_599_1628 (2018-08-25 18:33:43) | persons_1628 (2012-12-10 12:40:00) | persons_1628 (2020-01-02 15:15:56) | publication2person_599_1633 (2018-07-18 11:27:47) | persons_1633 (2013-01-29 16:22:00) | publication2person_599_2169 (2018-07-18 11:27:47) | persons_2169 (2017-06-23 13:27:53) | publication2person_599_2307 (2018-07-18 11:34:50) | persons_2307 (2018-07-18 11:33:17) | publication2project_599_60 (2018-07-18 11:34:50) | person2project_4_60 (2016-01-13 15:08:59) | person2project_4_60 (2016-01-14 11:55:17) | person2project_4_60 (2016-01-14 12:01:51) | person2project_4_60 (2016-01-14 14:45:33) | person2project_4_60 (2017-10-17 14:15:15) | person2project_4_60 (2018-04-03 12:56:35) | projects_60 (2019-07-09 13:46:03) | persons_4 (2004-12-16 19:22:00) | persons_4 (2015-10-09 23:55:09) | persons_4 (2015-10-09 23:56:22) | persons_4 (2016-01-14 14:48:32) | persons_4 (2019-12-20 17:54:41) | persons_4 (2021-08-23 15:46:06) | person2project_80_60 (2016-01-13 15:08:59) | person2project_80_60 (2016-01-14 11:55:17) | person2project_80_60 (2017-10-17 14:15:15) | person2project_80_60 (2018-04-03 12:56:35) | projects_60 (2019-07-09 13:46:03) | persons_80 (2014-09-29 19:06:00) | persons_80 (2016-07-02 17:20:24) | persons_80 (2023-02-01 12:28:54) | person2project_84_60 (2016-01-13 15:08:59) | person2project_84_60 (2016-01-14 11:55:17) | person2project_84_60 (2017-10-17 14:15:15) | projects_60 (2019-07-09 13:46:03) | persons_84 (2007-05-29 15:28:00) | person2project_890_60 (2016-01-13 15:08:59) | person2project_890_60 (2016-01-14 11:55:17) | projects_60 (2019-07-09 13:46:03) | persons_890 (2012-10-18 15:24:00) | persons_890 (2019-12-20 18:01:40) | persons_890 (2023-02-01 12:28:54) | person2project_1628_60 (2016-01-13 15:08:59) | person2project_1628_60 (2016-01-14 11:55:17) | person2project_1628_60 (2017-10-17 14:15:15) | projects_60 (2019-07-09 13:46:03) | persons_1628 (2012-12-10 12:40:00) | persons_1628 (2020-01-02 15:15:56) | person2project_1633_60 (2016-01-13 15:08:59) | person2project_1633_60 (2016-01-14 11:55:17) | person2project_1984_60 (2016-01-14 12:01:51) | person2project_1984_60 (2016-01-14 14:45:33) | person2project_1984_60 (2017-10-17 14:15:15) | person2project_1984_60 (2018-04-03 12:56:35) | projects_60 (2019-07-09 13:46:03) | persons_1984 (2016-01-14 12:00:54) | person2project_2169_60 (2017-10-17 14:15:15) | projects_60 (2019-07-09 13:46:03) | persons_2169 (2017-06-23 13:27:53) | person2project_2241_60 (2018-04-03 12:56:35) | projects_60 (2019-07-09 13:46:03) | persons_2241 (2018-04-03 12:42:23) | persons_2241 (2018-04-03 12:52:58) | persons_2241 (2018-04-03 13:20:12) | persons_2241 (2022-01-11 18:54:04) | persons_2241 (2023-02-01 12:28:54) | persons_4 (2004-12-16 19:22:00) | persons_4 (2015-10-09 23:55:09) | persons_4 (2015-10-09 23:56:22) | persons_4 (2016-01-14 14:48:32) | persons_4 (2019-12-20 17:54:41) | persons_4 (2021-08-23 15:46:06)
Am 1. February 2023 um 12:28 von Prof. Dr. Winfried LamersdorfCALL getCollectionFull('publications/lookpub','vsis',599,0)