Supporting Security Engineering at Design Time with Adequate Tooling

Eichler, Jan; Fuchs, Andreas; Lincke, Nico

doi:10.1109/iccse.2012.34

Cited by 3 publications

(1 citation statement)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, in security engineering, we may use formal languages, such as the Security Modeling Framework (SeMF) [38,39], to represent the model of the solution and the security properties to enable verification. In the context of the TERESA project, [40] built the xSeMF language to provide a syntactically and semantically clear and consistent way to describe the security properties of systems or patterns. The metamodel behind xSeMF is specified using the EMF, and the xText 7 framework was used for the realization of a textual editor.…”

Section: Resultsmentioning

confidence: 99%

A model-driven approach for developing a model repository: Methodology and tool support

Hamid

2017

Future Generation Computer Systems

View full text Add to dashboard Cite

h i g h l i g h t s• Repository design: we describe a design framework and infrastructure to support the model-based repository lifecycle.• Modeling: we propose a modeling language to specify a model-based repository independent from end-development applications and execution platforms.• Tooling: we describe an operational architecture for development tools to support the proposed approach.• Validation: we apply the approach to a resource-constrained embedded system (RCES) in the context of the TERESA project : Railway Systems. Keywords:Modeling artifact Repository Meta-model Model-driven engineering Security & dependability patterns a b s t r a c t Several development approaches have been proposed to cope with the increasing complexity of embedded system design. The most widely used approaches are those using models as the main artifacts to be constructed and maintained. The desired role of models is to ease, systematize and standardize the approach to the construction of software-based systems. To enforce reuse and interconnect the process of model specification and system development with models, we promote a model-based approach coupled with a model repository. In this paper, we propose a model-driven engineering methodological approach for the development of a model repository and an operational architecture for development tools. In addition, we provide evidence of the benefits and feasibility of our approach by reporting on a preliminary prototype that provides a model-based repository of security and dependability (S&D) pattern models. Finally, we apply the proposed approach in practice to a use case from the railway domain with strong S&D requirements. * Fax: +33 (0)5 6150 4173. E-mail address:Hamid@irit.fr. the industrial efficiency, fostering technology reuse across domains (reuse of models at different levels), and thus reducing the amount of effort and time needed to design a complex system.Repositories of modeling artifacts have gained increasingly attention recently to enforce reuse in software engineering. In fact, repository-centric development processes are often adopted in software/system development, such as architecture-or patterncentric development processes.According to Bernstein and Dayal [2], a repository is a shared database of information on engineered artifacts. These researchers state that a repository has (1) a Manager for modeling, retrieving, and managing the objects in a repository, (2) a Database to store the data and (3) Functionalities to interact with the repository. In our work, we go one step further by proposing a model-based repository to support the specifications, definitions and packaging of a set of modeling artifacts to assist the developers of trusted applications for embedded systems. Closely related to our vision is the approach for specifying, designing and implementing a reuse repository presented in [3].

show abstract

Section: Resultsmentioning

confidence: 99%

A model-driven approach for developing a model repository: Methodology and tool support

Hamid

2017

Future Generation Computer Systems

View full text Add to dashboard Cite

show abstract

Secure Engineering and Modelling of a Metering Devices System

Ruiz

Arjona

Maña

et al. 2013

2013 International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

A review on tool supports for security requirements engineering

Yahya

Kamalrudin²,

Sidek³

2013

2013 IEEE Conference on Open Systems (ICOS)

View full text Add to dashboard Cite

Capturing the right security requirements is crucial when developing a security software. Poor elicited security requirements can lead to a failure in software development, thus it needs to be accurately defined. This study evaluates various security requirement engineering tools and analyses the existing gaps in security requirement engineering tools. Based on a literature search conducted manually, we report our findings from the review and analysis of different studies of security requirements engineering tool. Consequently, the gaps and motivations found from this literature study are discussed. Future directions of this study is to develop a more useful tool that can perform a better function in capturing security requirements are also discussed.

show abstract

Supporting Security Engineering at Design Time with Adequate Tooling

Cited by 3 publications

References 36 publications

A model-driven approach for developing a model repository: Methodology and tool support

A model-driven approach for developing a model repository: Methodology and tool support

Secure Engineering and Modelling of a Metering Devices System

A review on tool supports for security requirements engineering

Contact Info

Product

Resources

About