Maintaining Security Consistency During System Development with Security-Oriented Model Federation - Equipe Processes for Safe and Secure Software and Systems
Communication Dans Un Congrès Année : 2024

Maintaining Security Consistency During System Development with Security-Oriented Model Federation

Résumé

Multi-modeling is an approach within the MDE realm that promotes the development of complex systems by decomposing them in sets of heterogeneous models. These models are defined using different modeling languages and constructed using diverse tools. They represent different but often interdependent views. However, the models of a system are far from being static. They change to accommodate new requirements, functionality improvements, bug fixes, and other evolution events. These changes represent a challenge w.r.t. consistency. This is especially true in security-critical scenarios. Indeed, security information is often integrated within the systems models so that security requirements are met following what is called ”security-by-design”. In such scenarios, the security concern of the systems models must remain consistent across changes so that security properties continue to hold. In order to tackle this problem, we propose a methodology to enhance the (multi )model-based design phase of a system development process. It comprises the creation of a security federation in which security dependencies between the different models are reified and equipped with security rules expressing security consistency requirements. Then, whenever a model is changed, the security rules are evaluated to monitor the consistency of security across the system models. We evaluate the capabilities of this methodology by a prototype implementation and its application to different use cases.
Fichier principal
Vignette du fichier
Maintaining security consistency during system development.pdf (1.26 Mo) Télécharger le fichier
Origine Fichiers produits par l'(les) auteur(s)

Dates et versions

hal-04611757 , version 1 (14-06-2024)

Identifiants

Citer

Chahrazed Boudjemila, Fabien Dagnat, Salvador Martínez. Maintaining Security Consistency During System Development with Security-Oriented Model Federation. International Conference on Software and Systems Processes (ICSSP ’24), Sep 2024, Munich, Germany. ⟨10.1145/3666015.3666016⟩. ⟨hal-04611757⟩
62 Consultations
64 Téléchargements

Altmetric

Partager

More