research-article

Towards safe and productive development of secure software: FADES and model-based software engineering

Authors:
Riham Hassan

Arab Academy for Science and Technology

Arab Academy for Science and Technology
View Profile

,
Shawn Bohner

Rose Hulman Institute of Technology

Rose Hulman Institute of Technology
View Profile

,
Mohamed Eltoweissy

Pacific Northwest National Laboratory

Pacific Northwest National Laboratory
View Profile

CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence ResearchApril 2010Article No.: 20Pages 1–4https://doi.org/10.1145/1852666.1852689

Published:21 April 2010Publication History

CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research

Pages 1–4

ABSTRACT

Cost effective development of secure software is a key goal for many software organizations as they seek to manage the risks of misbehaving software. Employing Formal Methods (FMs) in the Model-Based Software Engineering (MBSE) paradigm that systematically produces software systems through modeling, simulation, reuse and automation provides a reasonable approach for developing highly secure software in a productive manner. MBSE approaches introduce some complexities at the beginning of the lifecycle, but save substantial time in production and delivery by identifying and resolving defects/errors early and reducing rework. On the other hand, the expertise needed for FMs and the concomitant costs often inhibit their wide employment in securing large and complex software systems. In this paper, we report our experience with Formal Analysis and Design for Engineering Security (FADES) an approach we introduced two years ago at this venue. Through systematic and automated transformation from semiformal requirements specifications to formal design, FADES facilitates embedding FMs into the development lifecycle of secure software systems. We outline the case studies and validation of FADES feasibility for the design and implementation of secure software systems. Promising experience with FADES was a necessary precursor to our work on generalizing FADES and our proposal to direct FADES toward being an MBSE approach. We discuss how the formality, transformation, reuse and automation in FADES may further enhance the MBSE-based production and delivery of secure software.

Supplemental Material

Available for Download

pdf

Supplemental material. (4.3 MB)

References

A. van Lamsweerde, "Elaborating Security Requirements by Construction of Intentional Anti-Models", Proc. ICSE'04: 26th Intl. Conf. on Software Engineering, May 2004. Google ScholarDigital Library
Hassan, R., "Formal Analysis and Design for Engineering Security (FADES)," Ph.D Thesis, Virginia Tech, 2009.Google Scholar
Hassan, R., Eltoweissy, M., Bohner, S., and El-Kassas, S., "The FADES Automated Derivation of Formal Software Security Specifications from Goal-Oriented Security Requirements", IET Software Journal, in press.Google Scholar
Fontaine, P. J., Goal-Oriented Elaboration of Security Requirements, M. S. Thesis, Dept. Computing Science, University of Louvain, June 2001.Google Scholar
Stepney, Susan, Cooper, et. al., "An Electronic Purse Specification, Refinement, and Proof", Programming Research Group, Oxford University Computing Labarotory, July 2000.Google Scholar
A. van Lamsweerde and E. Letier, "Handling Obstacles in Goal-Oriented Requirements Engineering", IEEE Transactions on Software Engineering, Special Issue on Exception Handling, Vol. 26 No. 10, Oct. 2000, 978--1005. Google ScholarDigital Library
S. Bohner, "An Era of Change-Tolerant Systems," IEEE Computer, Vol. 40, No. 6, pp. 100--102, 2007. Google ScholarDigital Library
T. Stahl and M. Volter, "Model-Driven Software Development," John Wiley and Sons, Ltd. Publishing, 2005.Google Scholar
S. Bohner and S. Mohan, "Model-Based Engineering of Software: Three Productivity Perspectives," IEEE Software Engineering Workshop, Skovede, Sweden, November 2009. Google ScholarDigital Library
Homeland Security, A Roadmap for Cybersecurity Research, Nov. 2009, http://www.cyber.st.dhs.gov/docs/DHS-Cybersecurity-Roadmap.pdf.Google Scholar
National Cyber Leap Year Summit 2009, Co-Chairs' Report, http://www.nitrd.gov/NCLYSummit.aspx.Google Scholar

Index Terms

Towards safe and productive development of secure software: FADES and model-based software engineering

Recommendations

Software development: what it is, what it should be, and how to get there

Developing large software systems is notoriously difficult and unpredictable. Software projects are often canceled, finish late and over budget, or yield low quality results --- setting software engineering apart from established engineering ...
Read More
Costing Secure Software Development: A Systematic Mapping Study
ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

Building more secure software is a recent concern for software engineers due to increasing incidences of data breaches and other types of cyber attacks. However, software security, through the introduction of specialized practices in the software ...
Read More
Towards a secure software development framework based on an integrated engineering process
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
April 2010
257 pages
ISBN:9781450300179
DOI:10.1145/1852666
Editors:
Frederick T. Sheldon
Oak Ridge National Laboratory
,
Stacy Prowell
Oak Ridge National Laboratory
,
Robert K. Abercrombie
Oak Ridge National Laboratory
,
Axel Krings
University of Idaho
Copyright © 2010 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 21 April 2010
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- research-article
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 1
  Total Citations
  View Citations
- 279
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Towards safe and productive development of secure software: FADES and model-based software engineering

CSIIRW '10: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research

ABSTRACT

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

Software development: what it is, what it should be, and how to get there

Costing Secure Software Development: A Systematic Mapping Study

Towards a secure software development framework based on an integrated engineering process