Abstract
The current state of the art in security-critical ambient systems is far from satisfactory: New security vulnerabilities are discovered on an almost daily basis. To improve this situation, there has recently been a lot of work on techniques and tools supporting the development of trustworthy security-critical software, in particular for dynamic systems in an ambient environment. This chapter gives an overview over the field of security and dependability engineering, with an emphasis on ambient system security, and on current advances based on model-based development using UML and providing strong assurance results. We give examples for security flaws found in industrial software using such tools and shortly discuss some open research issues.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Agreiter B, Alam M, Hafner M, Seifert J-P, and Zhang X (2007). Model driven configuration of secure operating systems for mobile applications in healthcare. In Sztipanovits et al. [83].
Alam M, Hafner M, and Breu R (2007). Model-driven security engineering for trust management in SECTET. Journal of Software, 2(1).
Alam M, Hafner M, Memon M, and Hung P (2007). Modeling and enforcing advanced access control policies in healthcare systems with SECTET. In Sztipanovits et al. [83].
Anderson R (2001). Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, New York.
Apvrille A and Pourzandi M (2005). Secure software development by example. IEEE Security & Privacy, 3(4):10–17.
Arenas A, Aziz B, Bicarregui J, Matthews B, and Yang EY (2008). Modelling security properties in a grid-based operating system with anti-goals. In ARES [42]: 1429–1436.
Basin DA, Clavel M, Doser J, Egea M (2007). A Metamodel-Based Approach for Analyzing Security-Design Models. MoDELS 2007: 420–435.
Breu R, Burger K, Hafner M, Jürjens J, Popp G, Wimmel G, Lotz V (2003). Key Issues of a Formally Based Process Model for Security Engineering. In Sixteenth Intern. Conference on Software & Systems Engineering & their Applications (ICSSEA 2003).
Baldwin A, Beres Y, Shiu S, and Kearney P (2006). A model based approach to trust, security and assurance. BT Technology Journal, 24(4):53–68.
Basin DA, Doser J, and Lodderstedt T (2006). Model driven security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol., 15(1): 39–91.
Bauer A and Jürjens J (2008). Security protocols, properties, and their monitoring. In Bart De Win, Seok-Won Lee, and Mattia Monga, editors, SESS: 33–40. ACM.
Best B, Jürjens J, and Nuseibeh B (2007). Model-based security engineering of distributed information systems using UMLsec. In ICSE. ACM.
Bhargavan K, Fournet C, Gordon AD, and Tse S (2006). Verified interoperable implementations of security protocols. In CSFW: 139–152. IEEE Computer Society.
Blobel B, Nordberg R, Davis JM, and Pharow P (2006). Modelling privilege management and access control. International Journal of Medical Informatics, 75(8): 597–623.
Blobel B and Pharow P (2007). A model-driven approach for the german health telematics architectural framework and security infrastructure. International Journal of Medical Informatics, 76(2–3): 169–175.
Boehm BW (1981). Software Engineering Economics. Prentice Hall, Englewood Cliffs, NJ.
Brucker AD, Doser J, and Wolff B (2006). A model transformation semantics and analysis methodology for SecureUML. In MoDELS 2006, volume 4199 of LNCS: 306–320. Springer.
Buchholtz M, Gilmore S, Haenel V, and Montangero C (2005). End-to-end integrated security and performance analysis on the DEGAS Choreographer Platform. In FM 2005, volume 3582 of LNCS: 286–301. Springer.
Crook R, Ince DC, Lin L, and Nuseibeh B (2002). Security requirements engineering: When anti-requirements hit the fan. In RE 2002: 203–205. IEEE.
Daskala B and Maghiros I (2007). Digital Territories – Towards the protection of public and private space in a digital and Ambient Intelligence environment. Institute for Prospective Technological Studies (IPTS).
Deubler M, Grünbauer J, Jürjens J, and Wimmel G (2004). Sound development of secure service-based systems. In ICSOC 2004: 115–124. ACM.
Devanbu P and Stubblebine S (2000). Software engineering for security: a roadmap. In The Future of Software Engineering (ICSE 2000): 227–239.
Dimitrakos T, Ritchie B, Raptis D, Aagedal JØ, den Braber F, Stølen K, and Houmb SH (2002). Integrating model-based security risk management into ebusiness systems development: The CORAS approach. In Second IFIP Conference on E-Commerce, E-Business, E-Government (I3E 2002): 159–175. Kluwer.
Eckert C and Marek D (1997). Developing secure applications: A systematic approach. In 13th International Conference on Information Security (SEC 1998): 267–279.
Elahi G and Yu E (2007). A goal oriented approach for modeling and analyzing security trade-offs. In ER 2007, volume 4801 of LNCS: 375–390. Springer.
Fernandez EB and Hawkins JC (1997). Determining role rights from use cases. In Workshop on Role-Based Access Control: 121–125. ACM.
Fernandez EB, Larrondo-Petrie MM, Sorgente T, and VanHilst M (2006). A methodology to develop secure systems using patterns. In H Mouratidis and P Giorgini, editors, Integrating security and software engineering: Advances and future vision, chapter 5: 107–126. IDEA Press.
Fernández-Medina E and Piattini M (2004). Extending OCL for secure database development. In UML 2004, LNCS: 380–394. Springer.
Flechais I, Mascolo C, and Sasse MA (2007). Integrating security and usability into the requirements and design process. International Journal of Electronic Security and Digital Forensics, 1(1):12–26.
Model-driven security: Enabling a real-time, adaptive security infrastructure. Gartner Briefing G00151498, 21 Sep. 2007.
Gilmore S, Haenel V, Kloul L, and Maidl M (2005). Choreographing security and performance analysis for web services. In EPEW/WS-FM 2005, volume 3670 of LNCS: 200–214. Springer.
Giorgini P, Massacci F, and Mylopoulos J (2003). Requirement engineering meets security: A case study on modelling secure electronic transactions by VISA and Mastercard. In I.-Y. Song, S. W. Liddle, T. W. Ling, and P Scheuermann, editors, 22nd International Conference on Conceptual Modeling (ER 2003), volume 2813 of LNCS: 263–276. Springer.
Giorgini P, Massacci F, Mylopoulos J, and Zannone N (2005). Modeling security requirements through ownership, permission and delegation. In RE: 167–176. IEEE Computer Society.
Gollmann D (2000). On the verification of cryptographic protocols – a tale of two committees. In S Schneider and P Ryan, editors, Workshop on Security Architectures and Information Flow, volume 32 of ENTCS. Elsevier.
Goubault-Larrecq J and Parrennes F (2005). Cryptographic protocol analysis on real c code. In VMCAI'05, LNCS. Springer.
Gürgens S and Peralta R (2000). Validation of cryptographic protocols by efficient automated testing. In James N. Etheredge and Bill Z. Manaris, editors, FLAIRS Conference: 7–12. AAAI Press.
Haley CB, Laney RC, Moffett JD, and Nuseibeh B (2008). Security requirements engineering: A framework for representation and analysis. IEEE Trans. Software Eng., 34(1):133–153.
Haneberg D, Reif W, and Stenzel K (2002). A method for secure smartcard applications. In Hélène Kirchner and Christophe Ringeissen, editors, AMAST, volume 2422 of Lecture Notes in Computer Science: 319–333. Springer.
Heldal R and Hultin F (2003). Bridging model-based and language-based security. In E Snekkenes and D Gollmann, editors, 8th European Symposium on Research in Computer Security (ESORICS 2003), volume 2808 of LNCS: 235–252. Springer.
Höhn S and Jürjens J (2008). Rubacon: automated support for model-based compliance engineering. In Robby, editor, ICSE: 875–878. ACM.
Houmb SH, Georg G, France RB, Bieman JM, and Jürjens J (2005). Cost-benefit trade-off analysis using BBN for aspect-oriented risk-driven development. In ICECCS: 195–204. IEEE Computer Society.
IEEE. 3rd Int Conference on Availability, Reliability and Security (ARES 2008), 2008.
Jayaram KR and Mathur A (2005). Software engineering for secure software – state of the art: A survey. Technical Report CERIAS-TR-2005-67, SERC-TR-279, CERIAS, Purdue.
Jürjens J (2000). Secure information flow for concurrent processes. In C Palamidessi, editor, CONCUR 2000 (11th International Conference on Concurrency Theory), volume 1877 of LNCS: 395–409. Springer.
Jürjens J (2001). Secrecy-preserving refinement. In International Symposium on Formal Methods Europe (FME), volume 2021 of LNCS: 135–152. Springer.
Jürjens J (2001). Towards development of secure systems using UMLsec. In H Hußmann, editor, 4th International Conference on Fundamental Approaches to Software Engineering (FASE), volume 2029 of LNCS: 187–200. Springer. Also Oxford University Computing Laboratory TR-9-00 (November 2000), http://web.comlab.ox.ac.uk/oucl/publications/tr/tr-9-00.html
Jürjens J (2002). UMLsec: Extending UML for secure systems development. In 5th Int Conf on the Unified Modeling Language (UML), LNCS. Springer.
Jürjens J (2002). Formal Semantics for Interacting UML subsystems. In Formal Methods for Open Object-Based Distributed Systems (FMOODS 2002), IFIP, Kluwer: 29–43.
Jürjens J, Shabalin P (2004). Automated Verification of UMLsec Models for Security Requirements. In 7th Intern. Conference on The Unified Modeling Language (UML 2004), Lecture Notes in Computer Science: 142–155. Springer.
Jürjens J (2005). Secure Systems Development with UML. Springer.
Jürjens J (2005). Sound methods and effective tools for model-based security engineering with UML. In 27th Int Conf on Softw Engineering. IEEE.
Jürjens J (2006). Security analysis of crypto-based Java programs using automated theorem provers. In S Easterbrook and S Uchitel, editors, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006). ACM.
Jürjens J (2009). A domain-specific language for cryptographic protocols based on streams. To appear, Journal of Logic and Algebraic Programming (JLAP): 54–73.
Jürjens J and Rumm R (2008). Model-based security analysis of the German Health Card architecture. Methods of Information in Medicine, vol. 47, 5: 409–416. Special section on Model-based Development of Trustworthy Health Information Systems.
Jürjens J and Shabalin P (2007). Tools for secure systems development with UML. Intern. Journal on Software Tools for Technology Transfer, 9(5–6):527–544. Invited submission to the special issue for FASE 2004/05.
Jürjens J, Wimmel G (2001). Security Modelling for Electronic Commerce: The Common Electronic Purse Specifications. In Towards the E-Society: E-Commerce, E-Business, and E-Government. Intern. Federation for Information Processing (IFIP), Kluwer Academic Publishers: 489–506. First IFIP Conference on E-Commerce, E-Business, and E-Government (I3E 2001).
Jürjens J and Yampolskiy M (2005). Code security analysis with assertions. In D.F. Redmiles, T Ellman, and A Zisman, editors, 20th IEEE/ACM International Conference on Automated Software Engineering (ASE 2005): 392–395. ACM.
Kearney P and Brügger L (2007). A risk-driven security analysis method and modelling language. BT Technology Journal, 25(1).
Koch M and Parisi-Presicce F (2006). UML specification of access control policies and their formal verification. Software and System Modeling, 5(4):429–447.
Kolarczyk S, Koch M, Löhr K-P , and Pauls K (2006). SecTOOL – supporting requirements engineering for access control. In Günter Müller, editor, ETRICS, volume 3995 of Lecture Notes in Computer Science: 254–267. Springer.
Lotz V (1997). Threat scenarios as a means to formally develop secure systems. Journal of Computer Security, 5(1):31–68.
Maña A, Montenegro JA, Rudolph C, and Vivas JL (2003). A business process-driven approach to security engineering. In DEXA Workshops: 477–481. IEEE Computer Society.
Maña A, Rudolph C, Spanoudakis G, Lotz V, Massacci F, Melideo M, and López-Cobo J-M (2006). Security engineering for Ambient Intelligence: A manifesto. In H Mouratidis, editor, Integrating Security and Software Engineering: Advances and Future Vision. Idea Group.
Massacci F, Mylopoulos J, and Zannone N (2007). Computer-aided support for secure tropos. Autom. Softw. Eng., 14(3):341–364.
Mathe J, Duncavage S, Werner J, Malin B, Ledeczi A, and Sztipanovits J (2007). Implementing a model-based design environment for clinical information systems. In Sztipanovits et al. [83].
McGraw G (2006). Software Security: Building Security In. Addison Wesley.
Méry D and Merz S (2007). Specification and refinement of access control. J. UCS, 13(8):1073–1093.
Moebius N, Haneberg D, Reif W, and Schellhorn G (2007). A modeling framework for the development of provably secure e-commerce applications. In ICSEA: 8. IEEE Computer Society.
Mouratidis H, Giorgini P, and Manson GA (2003). Integrating security and systems engineering: Towards the modelling of secure information systems. In J Eder and M Missikoff, editors, 15th International Conference on Advanced Information Systems Engineering (CAiSE 2003), volume 2681 of LNCS: 63–78. Springer.
Mouratidis H, Jürjens J, and Fox J (2006). Towards a comprehensive framework for secure systems development. In 18th International Conference on Advanced Information Systems Engineering (CAiSE 2006), LNCS. Springer.
Pironti A, Sisto R (2008). Soundness Conditions for Message Encoding Abstractions in Formal Security Protocol Models. In ARES 2008: 72–79.
Ray I, France RB, Li N, and Georg G (2004). An aspect-based approach to modeling access control concerns. Information & Software Technology, 46(9):575–587.
Redwine S (2007). Introduction to modeling tools for software security. In: Build Security In – Setting a Higher Standard for Software Assurance. Software Engineering Institute (SEI), Carnegie Mellon University. Available at https://buildsecurityin.us-cert.gov/daisy/bsi/articles/tools/modeling/698-BSI.html
Rosado DG, Fernández-Medina E, Piattini M, and Gutiérrez C (2006). A study of security architectural patterns. In ARES: 358–365. IEEE Computer Society.
Saltzer J and Schroeder M (1975). The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278–1308.
Santen T (2006). Stepwise development of secure systems. In Janusz Górski, editor, SAFE-COMP, volume 4166 of Lecture Notes in Computer Science: 142–155. Springer.
Santen T, Heisel M, and Pfitzmann A (2002). Confidentiality-preserving refinement is compositional – sometimes. In Dieter Gollmann, Günter Karjoth, and Michael Waidner, editors, ESORICS, volume 2502 of Lecture Notes in Computer Science: 194–211. Springer.
Schneider F, editor (1999). Trust in Cyberspace. National Academy Press, Washington, DC. Available at http://www.nap.edu/readingroom/books/trust
Seehusen F and Stølen K (2006). Information flow property preserving transformation of UML interaction diagrams. In David F. Ferraiolo and Indrakshi Ray, editors, SACMAT: 150–159. ACM.
Sindre G and Opdahl AL (2005). Eliciting security requirements with misuse cases. Requir. Eng., 10(1):34–44.
Siveroni I, Zisman A, and Spanoudakis G (2008). Property specification and static verification of UML models. In 3rd International Conference on Availability, Reliability, and Security (ARES'08).
Spanoudakis G, Kloukinas C, and Androutsopoulos K (2007). Towards security monitoring patterns. In SAC: 1518–1525. ACM.
Sztipanovits J, Breu R, Ammenwerth E, Bajcsy R, Mitchell JC, and Pretschner A, editors (2007). Workshop on Model-based Trustworthy Health Information Systems (MOTHIS@Models).
UMLsec group. Security analysis tool, 2004. http://www.umlsec.org
Whittle J, Wijesekera D, and Hartong M (2008). Executable misuse cases for modeling security concerns. In ICSE 2008.
Whyte B and Harrison J (2008). Secure software development - a white paper. Knowledge Transfer Network on Cyber Security, UK. Available at http://www.ktn.qinetiq-tim.net/content/files/groups/securesoft/SSDSIG_softwareSecurityFailures.pdf
Wimmel G and Jürjens J (2002). Specification-based test generation for security-critical systems using mutations. In International Conference on Formal Engineering Methods (ICFEM), volume 2495 of LNCS: 471–482. Springer.
Wirsing M (2008). Software engineering for secure software-intensive systems. Consultation meeting on “Engineering Secure Software Systems” in the context of the preparation of the EU FP7 ICT work programme 2009–2010, Brussels. Presentation available at ftp://ftp.cordis.europa.eu/pub/fp7/ict/docs/security/20080423-martin-wirsing-lmu-munich_en.pdf.
Woodside M, Petriu DC, Petriu DB, Xu J, Israr T, Georg G, France R, Bieman JM, Houmb SH, and Jürjens J (2008). Performance analysis of security aspects by weaving scenarios from UML models. Journal of Systems and Software, vol. 82, 1: 56–74.
Yoshioka N, Honiden S, and Finkelstein A (2004). Security patterns: A method for constructing secure and efficient inter-company coordination systems. In EDOC: 84–97.
Yskout K, Scandariato R, De Win B, and Joosen W (2008). Transforming security requirements into architecture. In ARES [42]: 1421–1428.
Yu Y, Jürjens J, and Mylopoulos J (2008). Traceability for the maintenance of secure software. In 24th International Conference on Software Maintenance (ICSM). IEEE.
Zhang G, Baumeister H, Koch N, and Knapp A (2005). Aspect-oriented modeling of access control in web applications. In 6th International Workshop on Aspect-Oriented Modeling.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag US
About this chapter
Cite this chapter
J&rjens, J. (2009). Security and Dependability Engineering. In: Kokolakis, S., Gómez, A., Spanoudakis, G. (eds) Security and Dependability for Ambient Intelligence. Advances in Information Security, vol 45. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88775-3_2
Download citation
DOI: https://doi.org/10.1007/978-0-387-88775-3_2
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-88774-6
Online ISBN: 978-0-387-88775-3
eBook Packages: Computer ScienceComputer Science (R0)