Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Nessos securechange cluster meeting
1. Fabio Massacci,
UNITN,
Federica Paci,
UNITN
Stephane Paul, MANAGING SECURITY AND
THALES
CHANGES AT MODEL LEVEL
(SECURE CHANGE)
2. SECURE CHANGE PROJECT
Challenge: support evolution while maintaining security at all
levels of the software development process
Solution: Change driven security engineering process
Interplay between risk assessment and different phases of software
engineering process
Models as basic unit of change
Change propagation is supported by identifying mappings at conceptual
level and orchestrating the respective analysis process
02/08/2011 2
3. SECURITY ENGINEERING PROCESS
Interplay between software life-cycle phases and risk assessment activities
Change management artefacts and methodologies are sprinkled throughout the whole
phases
02/08/2011 3
4. CHANGE PROPAGATION
Concepts are mapped amongst the requirement and risk domains
The mapped concepts are the basis for processes orchestration
and change propagation
When a change affects a concept of the interface, the change is
propagated to the other domain.
02/08/2011 4
5. A POSSIBLE INSTANTIATION
Requirements models are Si* models – goal oriented
requirements language by UNITN
Risk Models are RA DSML models – domain specific language
for risk analysis by THALES
Mapped concepts
Rem. Business Object - Risk. Essential Elements
Rem.Goal - Risk.Security Objective
Rem.Security Goal – Risk.Security Requirement
Rem.Process – Risk Security Solution
02/08/2011 5
6. AN EXAMPLE – BEFORE REQUIREMNT MODEL
Evolution in ATM Domain - Introduction of a new tool to support the
controllers during approach phase
02/08/2011 6
7. AN EXAMPLE –EVOLUTION IN ATM
Risk analyst identifies a new risk
Failure in the provisioning of correct or optimal arrival information due to ATCO
mistakes
Two security objectives are defined:
The system shall be computed automatically by an Arrival Manager system
The update of the system should be handled through a dedicated role of Sequence
Manager
Security objectives are refined into security requirements:
The system should integrate an AMAN
The organization should integrate a SQM
02/08/2011 7
8. AN EXAMPLE – AFTER REQUIREMENT MODEL
02/08/2011 8