de

Welcome Gast


  • Login
Full load

Bookchapter
StateThis publication is going to be published
AuthorsChristopher Haubeck, Jan Ladiges, Winfried Lamersdorf, Abhishek Chakraborty, Alexander Fay, et al.
TitleMaintaining Security in Software Evolution
Published inDFG SPP1593 - Book of Results
Chapter2
PublisherSpringer-Verlag, Heidelberg - New York
Date2018
Abstract Long-living systems evolve in functionality, and their quality aspects evolve as well. A secure system may become insecure without any change in the system itself. The knowledge to recognize attacks and to preserve security must keep up with growing attacker knowledge. Information security tends to degrade much faster than other quality properties in case of changes. Unclear side-effects are one of the reasons for that phenomenon. Factors affecting security are not explicitly handled at design time. Relevant information like how the software is operated by an administrator or used by a customer is usually neglected in software evolution. We propose a security modeling and analysis approach on architectural level to support architects and developers in early development phases and during software evolution. We integrate security aspects in existing architecture description languages to ensure and validate security properties of software-intensive systems throughout the entire life-cycle, and provide a lightweight analysis process for faster reactions on security-related evolutionary changes. In SecVolution, a variety of informal input sources, such as stakeholders, white hats, or laws, were used to spot security-related material. Since requirements and laws, for example, are written in natural language, they are scanned for suspicious words and contents. The rare resource of security experts can then focus on that material. SecVolution is characterized by the fact that it spans the spectrum from informal natural-language input to formal security analysis and preservation. The ADVERT project developed an approach for integrating architecture model information with program code, which creates a bidirectional mapping between model elements and code structures. These foundations can be applied to automatically structure program code so that it contains model-based security properties, and therefore survives code evolution. In FYPA²C anomalies during runtime are considered that can indicate a potential leak or vulnerability. The variability addressed in this contribution refers to the change over time. Security is the quality focus, which is maintained during the very early phases of a project, an update, or a change.
Other formats Din 1501
bibTexLogo
Associated projects
Logo LinkedFYPA²C
Linked Forever Young Production Automation with Active Components
DFG Priority Programme 1593/2 (In cooperation with HSU, Hamburg)