SlideShare uma empresa Scribd logo

Nessos securechange cluster meeting

F
fcleary
TecnologiaNegócios
1 de 9
Baixar para ler offline
Fabio Massacci, UNITN, Federica Paci, UNITN Stephane Paul, MANAGING SECURITY AND THALES CHANGES AT MODEL LEVEL (SECURE CHANGE)
SECURE CHANGE PROJECT Challenge: support evolution while maintaining security at all levels of the software development process Solution: Change driven security engineering process Interplay between risk assessment and different phases of software engineering process Models as basic unit of change Change propagation is supported by identifying mappings at conceptual level and orchestrating the respective analysis process 02/08/2011 2
SECURITY ENGINEERING PROCESS Interplay between software life-cycle phases and risk assessment activities Change management artefacts and methodologies are sprinkled throughout the whole phases 02/08/2011 3
CHANGE PROPAGATION Concepts are mapped amongst the requirement and risk domains The mapped concepts are the basis for processes orchestration and change propagation When a change affects a concept of the interface, the change is propagated to the other domain. 02/08/2011 4
A POSSIBLE INSTANTIATION Requirements models are Si* models – goal oriented requirements language by UNITN Risk Models are RA DSML models – domain specific language for risk analysis by THALES Mapped concepts Rem. Business Object - Risk. Essential Elements Rem.Goal - Risk.Security Objective Rem.Security Goal – Risk.Security Requirement Rem.Process – Risk Security Solution 02/08/2011 5
AN EXAMPLE – BEFORE REQUIREMNT MODEL Evolution in ATM Domain - Introduction of a new tool to support the controllers during approach phase 02/08/2011 6
AN EXAMPLE –EVOLUTION IN ATM Risk analyst identifies a new risk Failure in the provisioning of correct or optimal arrival information due to ATCO mistakes Two security objectives are defined: The system shall be computed automatically by an Arrival Manager system The update of the system should be handled through a dedicated role of Sequence Manager Security objectives are refined into security requirements: The system should integrate an AMAN The organization should integrate a SQM 02/08/2011 7
AN EXAMPLE – AFTER REQUIREMENT MODEL 02/08/2011 8
More details about the project at www.securechange.eu 02/08/2011 9

Recomendados

8. operational risk management
8. operational risk management8. operational risk management
8. operational risk managementSekaransrinivasan Srini
 
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Tope Omitola
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meetingfcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectivesfcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meetingfcleary
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meetingfcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meetingfcleary
 

Recomendados

8. operational risk management
8. operational risk management8. operational risk management
8. operational risk managementSekaransrinivasan Srini
 
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Tope Omitola
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meetingfcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectivesfcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meetingfcleary
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meetingfcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meetingfcleary
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meetingfcleary
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meetingfcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meetingfcleary
 
Tdl
TdlTdl
Tdlfcleary
 
Syssec
SyssecSyssec
Syssecfcleary
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trustfcleary
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meetingfcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides amsfcleary
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisifcleary
 
Nessos
NessosNessos
Nessosfcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1fcleary
 
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxmattinsonjanel
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation IJECEIAES
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Vincenzo De Florio
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringVincenzo De Florio
 
Attack scripts generation for security validation fr
Attack scripts generation for security validation frAttack scripts generation for security validation fr
Attack scripts generation for security validation frra992634
 
Security challenges in mobile ad hoc
Security challenges in mobile ad hocSecurity challenges in mobile ad hoc
Security challenges in mobile ad hocIJCSES Journal
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXNGINX, Inc.
 
Information Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxInformation Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxlanagore871
 

Mais conteúdo relacionado

Destaque

Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meetingfcleary
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meetingfcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meetingfcleary
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trustfcleary
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meetingfcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides amsfcleary
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisifcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1fcleary
 

Destaque (13)

Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meeting
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
 
Tdl
TdlTdl
Tdl
 
Syssec
SyssecSyssec
Syssec
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trust
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
 
Nessos
NessosNessos
Nessos
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
 

Semelhante a Nessos securechange cluster meeting

TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxmattinsonjanel
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation IJECEIAES
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Vincenzo De Florio
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringVincenzo De Florio
 
Attack scripts generation for security validation fr
Attack scripts generation for security validation frAttack scripts generation for security validation fr
Attack scripts generation for security validation frra992634
 
Security challenges in mobile ad hoc
Security challenges in mobile ad hocSecurity challenges in mobile ad hoc
Security challenges in mobile ad hocIJCSES Journal
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXNGINX, Inc.
 
Information Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxInformation Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxlanagore871
 
Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...IJECEIAES
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsArun Prabhakar
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security InitiativesMarco Morana
 
2015 03-04 presentation1
2015 03-04 presentation12015 03-04 presentation1
2015 03-04 presentation1ifi8106tlu
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesAvi Networks
 
Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...Luigi Buglione
 
Automating safety engineering with model based techniques
Automating safety engineering with model based techniquesAutomating safety engineering with model based techniques
Automating safety engineering with model based techniquesJuha-Pekka Tolvanen
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementSatya Harish
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management FraDustiBuckner14
 

Semelhante a Nessos securechange cluster meeting (20)

TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems Engineering
 
Attack scripts generation for security validation fr
Attack scripts generation for security validation frAttack scripts generation for security validation fr
Attack scripts generation for security validation fr
 
Security challenges in mobile ad hoc
Security challenges in mobile ad hocSecurity challenges in mobile ad hoc
Security challenges in mobile ad hoc
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINX
 
Information Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxInformation Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docx
 
Se project-methodology-for-security-project-web
Se project-methodology-for-security-project-webSe project-methodology-for-security-project-web
Se project-methodology-for-security-project-web
 
Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification Solutions
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
 
2015 03-04 presentation1
2015 03-04 presentation12015 03-04 presentation1
2015 03-04 presentation1
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery Pipelines
 
Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...
 
Automating safety engineering with model based techniques
Automating safety engineering with model based techniquesAutomating safety engineering with model based techniques
Automating safety engineering with model based techniques
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event Management
 
Paper4
Paper4Paper4
Paper4
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Fra
 

Mais de fcleary

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meetingfcleary
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meetingfcleary
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus wsfcleary
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingfcleary
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meetingfcleary
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fclearyfcleary
 

Mais de fcleary (7)

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meeting
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meeting
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fcleary
 

Último

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 

Último (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 

Nessos securechange cluster meeting

  • 1. Fabio Massacci, UNITN, Federica Paci, UNITN Stephane Paul, MANAGING SECURITY AND THALES CHANGES AT MODEL LEVEL (SECURE CHANGE)
  • 2. SECURE CHANGE PROJECT Challenge: support evolution while maintaining security at all levels of the software development process Solution: Change driven security engineering process Interplay between risk assessment and different phases of software engineering process Models as basic unit of change Change propagation is supported by identifying mappings at conceptual level and orchestrating the respective analysis process 02/08/2011 2
  • 3. SECURITY ENGINEERING PROCESS Interplay between software life-cycle phases and risk assessment activities Change management artefacts and methodologies are sprinkled throughout the whole phases 02/08/2011 3
  • 4. CHANGE PROPAGATION Concepts are mapped amongst the requirement and risk domains The mapped concepts are the basis for processes orchestration and change propagation When a change affects a concept of the interface, the change is propagated to the other domain. 02/08/2011 4
  • 5. A POSSIBLE INSTANTIATION Requirements models are Si* models – goal oriented requirements language by UNITN Risk Models are RA DSML models – domain specific language for risk analysis by THALES Mapped concepts Rem. Business Object - Risk. Essential Elements Rem.Goal - Risk.Security Objective Rem.Security Goal – Risk.Security Requirement Rem.Process – Risk Security Solution 02/08/2011 5
  • 6. AN EXAMPLE – BEFORE REQUIREMNT MODEL Evolution in ATM Domain - Introduction of a new tool to support the controllers during approach phase 02/08/2011 6
  • 7. AN EXAMPLE –EVOLUTION IN ATM Risk analyst identifies a new risk Failure in the provisioning of correct or optimal arrival information due to ATCO mistakes Two security objectives are defined: The system shall be computed automatically by an Arrival Manager system The update of the system should be handled through a dedicated role of Sequence Manager Security objectives are refined into security requirements: The system should integrate an AMAN The organization should integrate a SQM 02/08/2011 7
  • 8. AN EXAMPLE – AFTER REQUIREMENT MODEL 02/08/2011 8
  • 9. More details about the project at www.securechange.eu 02/08/2011 9