Secure & Safe Software
Im Rahmen des Themas Secure & Safe Software widmen wir uns folgenden Schwerpunkten:
- Security Problem Frames
- UML - Profile & Tools
| Year | Title | Author | Journal/Proceedings | Publisher | |
|---|---|---|---|---|---|
| 2011 | Software Engineering for Secure Systems: Academic and Industrial Perspectives | Schmidt, H., Hatebur, D. & Heisel, M. | IGI Global | ||
| Abstract: The authors present a security engineering process based on security problem frames and concretized security problem frames. Both kinds of frames constitute patterns for analyzing security problems and associated solution approaches. They are arranged in a pattern system that makes dependencies between them explicit. The authors describe step-by-step how the pattern system can be used to analyze a given security problem and how solution approaches can be found. Afterwards, the security problems and the solution approaches are formally modeled in detail. The formal models serve to prove that the solution approaches are correct solutions to the security problems. Furthermore, the formal models of the solution approaches constitute a formal specification of the software to be developed. Then, the specification is implemented by generic security components and generic security architectures, which constitute architectural patterns. Finally, the generic security components and the generic security architecture that composes them are refined and the result is a secure software product built from existing and/or tailor-made security components. | |||||
BibTeX:
@inbook{SHH2011},
year = {2011},
title = {Software Engineering for Secure Systems: Academic and Industrial Perspectives},
author = {Schmidt, Holger and Hatebur, Denis and Heisel, Maritta},
publisher = {IGI Global},
pages = {32--74},
url = {http://www.igi-global.com/}
}
|
|||||
| 2010 | A Comparison of Security Requirements Engineering Methods | Fabian, B., Gürses, S., Heisel, M., Santen, T. & Schmidt, H. | Requirements Engineering -- Special Issue on Security Requirements Engineering | ||
| Abstract: This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis. This conceptual framework establishes a clear-cut vocabulary and makes explicit the interrelations between the different concepts and notions used in security engineering. Further, we apply our conceptual framework to compare and evaluate current security requirements engineering approaches, such as the Common Criteria, Secure Tropos, SREP, MSRA, as well as methods based on UML and problem frames. We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities. Finally, we discuss how these methods are related to the conceptual framework and to one another. | |||||
BibTeX:
@article{FGH+2010},
year = {2010},
title = {A Comparison of Security Requirements Engineering Methods},
author = {Fabian, Benjamin and G{\"u}rses, Seda and Heisel, Maritta and Santen, Thomas and Schmidt, Holger},
journal = {Requirements Engineering -- Special Issue on Security Requirements Engineering},
volume = {15},
number = {1},
pages = {7--40}
}
|
|||||
| 2010 | A UML Profile for Requirements Analysis of Dependable Software | Hatebur, D. & Heisel, M. | Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP) | Springer | |
| Abstract: At Safecomp 2009, we presented a foundation for requirements analysis of dependable software. We defined a set of patterns for expressing and analyzing dependability requirements, such as confidentiality, integrity, availability, and reliability. The patterns take into account random faults as well as certain attacks and therefore support a combined safety and security engineering. In this paper, we demonstrate how the application of our patterns can be tool supported. We present a UML profile allowing us to express the different dependability requirements using UML diagrams. Integrity conditions are expressed using OCL. We provide tool support based on the Eclipse development environment, extended with an EMF-based UML tool, e.g., Papyrus UML. We illustrate how to use the profile to model dependability requirements of a cooperative adaptive cruise control system. | |||||
BibTeX:
@inproceedings{Safecomp10},
year = {2010},
title = {A {UML} Profile for Requirements Analysis of Dependable Software},
booktitle = {Proceedings of the International Conference on Computer Safety, Reliability and Security (SAFECOMP)},
author = {Hatebur, Denis and Heisel, Maritta},
publisher = {Springer},
series = {LNCS 6351},
pages = {317-331},
url = {http://www.springerlink.com/}
}
|
|||||
| 2007 | A Pattern System for Security Requirements Engineering | Hatebur, D., Heisel, M. & Schmidt, H. | Proceedings of the International Conference on Availability, Reliability and Security (AReS) | IEEE | |
| Abstract: We present a pattern system for security requirements engineering, consisting of security problem frames and concretized security problem frames. These are special kinds of problem frames that serve to structure, characterize, analyze, and finally solve software development problems in the area of software and system security. We equip each frame with formal preconditions and postconditions. The analysis of these conditions results in a pattern system that explicitly shows the dependencies between the different frames. Moreover, we indicate related frames, which are commonly used together with the considered frame. Hence, our approach helps security engineers to avoid omissions and to cover all security requirements that are relevant for a given problem. | |||||
BibTeX:
@inproceedings{ares07},
year = {2007},
title = {A Pattern System for Security Requirements Engineering},
booktitle = {Proceedings of the International Conference on Availability, Reliability and Security (AReS)},
author = {Hatebur, Denis and Heisel, Maritta and Schmidt, Holger},
publisher = {IEEE},
series = {IEEE Transactions},
pages = {356-365},
url = {http://www.ieee.org/}
}
|
|||||