Skip to main content
SpringerLink
Log in
Book cover

European Conference on a Service-Based Internet

ServiceWave 2011: Towards a Service-Based Internet pp 134–143Cite as

Orchestrating Security and System Engineering for Evolving Systems

(Invited Paper)

  • Conference paper

  • 2136 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6994))

Abstract

How to design a security engineering process that can cope with the dynamic evolution of Future Internet scenarios and the rigidity of existing system engineering processes? The SecureChange approach is to orchestrate (as opposed to integrate) security and system engineering concerns by two types of relations between engineering processes: (i) vertical relations between successive security-related processes; and (ii) horizontal relations between mainstream system engineering processes and concurrent security-related processes. This approach can be extended to cover the complete system/ software lifecycle, from early security requirement elicitation to runtime configuration and monitoring, via high-level architecting, detailed design, development, integration and design-time testing. In this paper we illustrate the high-level scientific principles of the approach.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bergmann, G., et al.: Change-Driven Model Transformations. Change (in) the Rule to Rule the Change. In: Software and System Modeling (to appear, 2011)

    Google Scholar 

  2. Bergmann, G., Horváth, Á., Ráth, I., Varró, D., Balogh, A., Balogh, Z., Ökrös, A.: Incremental evaluation of model queries over EMF models. In: Petriu, D.C., Rouquette, N., Haugen, Ø. (eds.) MODELS 2010. LNCS, vol. 6394, pp. 76–90. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. Breu, M., Breu, R., Löw, S.: Living on the MoVE: Towards an Architecture for a Living Models Infrastructure. International Journal on Advances in Software, 290–295 (2010)

    Google Scholar 

  4. Chechik, M., et al.: Relationship-based change propagation: A case study. In: Proc. of the ICSE Workshop on Modeling in Software Engineering (MISE 2009), pp. 7–12. IEEE, Los Alamitos (2009)

    Chapter  Google Scholar 

  5. De Win, B., et al.: On the secure software development process: CLASP, SDL and Touchpoints compared. Information and Software Technology 51(7), 1152–1171 (2009)

    Article  Google Scholar 

  6. Deliverable 3.2 “A Methodology for Evolutionary Requirements”, http://www.securechange.eu

  7. DOORS, http://www-01.ibm.com/software/awdtools/doors/

  8. Dragoni, N., et al.: A Load Time Policy Checker for Open Multi-Application Smart Cards. In: Proc. of IEEE Policy 2011. IEEE, Los Alamitos (2011)

    Google Scholar 

  9. Elahi, G., Yu, E., Zannone, N.: A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requirements Engineering 15, 41–62 (2010)

    Article  Google Scholar 

  10. Félix, E., Delande, O., Massacci, F., Paci, F.: Managing Changes with Legacy Security Engineering Processes. In: Proc. of IEEE Int. Conf. on Intelligence and Security Informatics (2011)

    Google Scholar 

  11. Fourneret, E., et al.: Selective Test Generation Method for Evolving Critical Systems. In: Proc. of 1st Int. Workshop on Regression Testing. IEEE, Los Alamitos (2011)

    Google Scholar 

  12. Fourneret, E., et al.: Model-Based Security Verification and Testing for Smart-cards. In: Proc. of ARES 2011. IEEE, Los Alamitos (2011)

    Google Scholar 

  13. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering for trust management: model, methodology, and reasoning. Internat. Journal of Information Security 5(4), 257–274 (2006)

    Article  MATH  Google Scholar 

  14. Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Trans. Softw. Eng. 34, 133–153 (2008)

    Article  Google Scholar 

  15. Hassine, J., Rilling, J., Hewitt, J.: Change impact analysis for requirement evolution using use case maps. In: Proc. of the 8th Intl. Workshop on Principles of Software Evolution, pp. 81–90. IEEE, Los Alamitos (2005)

    Google Scholar 

  16. Innerhofer-Oberperfler, F., Hafner, M., Breu, R.: Living Security – Collaborative Security Management in a Changing World. In: Proc. of IASTED Int. Conf. on Soft. Eng. (2011)

    Google Scholar 

  17. ISO 12207, Systems and software engineering — Software life cycle processes, ISO (2008)

    Google Scholar 

  18. ISO 15288, Systems and software engineering — System life cycle processes, ISO (2008)

    Google Scholar 

  19. ISO 31000, Risk management – Principles and guidelines, ISO (2009)

    Google Scholar 

  20. Jacobs, B., Piessens, F.: Expressive modular fine-grained concurrency specification. In: Proc. of POPL 2011, pp. 271–282. ACM, New York (2011)

    Google Scholar 

  21. Jacobs, B., Smans, J., Piessens, F.: A quick tour of the VeriFast program verifier. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 304–311. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  22. Jürjens, J., Marchal, L., Ochoa, M., Schmidt, H.: Incremental security verification for evolving uMLsec models. In: France, R.B., Kuester, J.M., Bordbar, B., Paige, R.F. (eds.) ECMFA 2011. LNCS, vol. 6698, pp. 52–68. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  23. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)

    MATH  Google Scholar 

  24. Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis – The CORAS Approach. Springer, Heidelberg (2011)

    Book  MATH  Google Scholar 

  25. Lund, M.S., Solhaug, B., Stølen, K.: Risk Analysis of Changing and Evolving Systems Using CORAS. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 231–274. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  26. Massacci, F., Mylopolous, J., Paci, F., Tun, T.T., Yu, Y.: An Extended Ontology for Security Requirements. In: 1st Internat. Workshop on Information Systems Security Engineering (WISSE 2011), London (2011)

    Google Scholar 

  27. Massacci, F., Mylopoulos, J., Zannone, N.: Computer-aided support for Secure Tropos. Automated Software Eng. 14, 341–364 (2007)

    Article  Google Scholar 

  28. Normand, V., Félix, E.: Toward model-based security engineering: developing a security analysis DSML. In: Proc. of ECMDA-FA (2009)

    Google Scholar 

  29. Philippaerts, P., et al.: The Belgian Electronic Identity Card: A Verification Case Study. In: Proc. AVOCS 2011 (2011) (submitted)

    Google Scholar 

  30. System Security Eng. Capability Maturity Model, http://www.sse-cmm.org/index.html

  31. Tran, M.S., Massacci, F.: Dealing with Known Unknowns: Towards a Game-Theoretic Foundation for Software Requirement Evolution. In: Mouratidis, H., Rolland, C. (eds.) CAiSE 2011. LNCS, vol. 6741, pp. 62–76. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  32. Tun, T.T., Yu, Y., Laney, R., Nuseibeh, B.: Early identification of problem interactions: A tool-supported approach. In: Glinz, M., Heymans, P. (eds.) REFSQ 2009 Amsterdam. LNCS, vol. 5512, pp. 74–88. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  33. Tun, T.T., et al.: Model-based argument analysis for evolving security requirements. In: Proc. of the IEEE SSIRI 2010, pp. 88–97. IEEE, Los Alamitos (2010)

    Google Scholar 

  34. van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proc. of ICSE 2004, pp. 148–157. ACM, New York (2004)

    Google Scholar 

  35. Vogels, F., Jacobs, B., Piessens, F., Smans, J.: Annotation inference for separation logic based verifiers. In: Bruni, R., Dingel, J. (eds.) FORTE 2011 and FMOODS 2011. LNCS, vol. 6722, pp. 319–333. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Univ. of Trento, Italy

    Fabio Massacci & Federica Paci

  2. Lab. d’Inform. de Franche-Comtŕ, France

    Fabrice Bouquet & Elizabeta Fourneret

  3. TU. Dortmund, Germany

    Jan Jurjens & Sven Wenzel

  4. SINTEF ICT, Norway

    Mass S. Lund & Bjornar Solhaug

  5. Thales Research & Tech., France

    Sébastien Madelénat & Stéphane Paul

  6. Katholieke Univ. Leuven, Belgium

    JanTobias Muehlberg & Frank Piessens

Authors
  1. Fabio Massacci
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabrice Bouquet
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elizabeta Fourneret
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jan Jurjens
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mass S. Lund
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sébastien Madelénat
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. JanTobias Muehlberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Federica Paci
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Stéphane Paul
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Frank Piessens
    View author publications

    You can also search for this author in PubMed Google Scholar

  11. Bjornar Solhaug
    View author publications

    You can also search for this author in PubMed Google Scholar

  12. Sven Wenzel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Systems, Poznan University of Economics, al. Niepodleglosci 10, 61-875, Poznan, Poland

    Witold Abramowicz

  2. Complutense University of Madrid, C/Prof. Jose Garcia Santesmases s/n, 28040, Madrid, Spain

    Ignacio M. Llorente

  3. IT Innovation Centre, University of Southampton, Gamma House, Enterprise Road, SO16 7NS, Southampton, UK

    Mike Surridge

  4. Department of Computing, City University London, Northampton Square, EC1V 0HB, London, UK

    Andrea Zisman

  5. Smart Services CRC, Australian Technology Park, Locomotive Workshop, Suite 9003, 2 Locomotive Street, 2015, Eveleigh, NSW, Australia

    Julien Vayssière

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Massacci, F. et al. (2011). Orchestrating Security and System Engineering for Evolving Systems. In: Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., Vayssière, J. (eds) Towards a Service-Based Internet. ServiceWave 2011. Lecture Notes in Computer Science, vol 6994. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24755-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24755-2_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24754-5

  • Online ISBN: 978-3-642-24755-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation