Towards a Model-driven based Security Framework

被引:0
|
作者
Abdallah, Rouwaida [1 ]
Yakymets, Nataliya [1 ]
Lanusse, Agnes [1 ]
机构
[1] CEA, LIST, Lab Model Driven Engn Embedded Syst, Gif Sur Yvette, France
来源
MODELSWARD 2015 PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON MODEL-DRIVEN ENGINEERING AND SOFTWARE DEVELOPMENT | 2015年
关键词
Security; Model-driven; UML Profiles; EBIOS; Attack Trees; Papyrus Tool;
D O I
暂无
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
In this paper, we propose a model-driven framework for security analysis. We present a security analysis process that begins from the design phase of the system architecture then allows performing several security analysis methods. Our approach presents mainly two advantages: First, it allows the traceability of the security analysis methods with the system architecture. Second, this framework can include several security analysis methods. Moreover it allows information reuse which is complicated when we use separate methods dedicated tools. Thus, we can have more consistent and accurate security analysis results for a system. We chose to implement two methods: A qualitative method named EBIOS which is simple and helps to identify areas of focus within the system. Then, to get more accurate results, we implement a quantitative method, the Attack trees. Attack trees can be automatically generated from the Ebios analysis phase and can be completed later on to get more specific results.
引用
收藏
页码:639 / 645
页数:7
相关论文
共 50 条
  • [1] OpenPMF: A model-driven security framework for distributed systems
    Lang, U
    Schreiner, R
    [J]. ISSE 2004 - SECURING ELECTRONIC BUSINESS PROCESSES, 2004, : 138 - 147
  • [2] Towards a model-driven transformation framework for scientific workflows
    Scherp, G.
    Hasselbring, W.
    [J]. ICCS 2010 - INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE, PROCEEDINGS, 2010, 1 (01): : 1513 - 1520
  • [3] Towards a Subject-Oriented Model-Driven Framework
    Amaya, Pablo
    Gonzalez, Carlos
    Murillo, Juan M.
    [J]. ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2006, 163 (01) : 31 - 44
  • [4] Towards a Tracing Framework for Model-Driven Software Systems
    Hojaji, Fazilat
    Zamani, Bahman
    Hamou-Lhadj, Abdelwahab
    [J]. 2016 6TH INTERNATIONAL CONFERENCE ON COMPUTER AND KNOWLEDGE ENGINEERING (ICCKE), 2016, : 298 - 303
  • [5] Model-driven architecture based security analysis
    Mili, Saoussen
    Nguyen, Nga
    Chelouah, Rachid
    [J]. SYSTEMS ENGINEERING, 2021, 24 (05) : 307 - 321
  • [6] A Model-Driven Framework for Security Labs using Blockchain Methodology
    Abbas, Moneeb
    Rashid, Muhammad
    Azam, Farooque
    Rasheed, Yawar
    Anwar, Muhammad Waseem
    Humdani, Maryum
    [J]. 15th Annual IEEE International Systems Conference, SysCon 2021 - Proceedings, 2021,
  • [7] Towards the Model-Driven Engineering of Security Requirements for Embedded Systems
    Roudier, Yves
    Idrees, Muhammad Sabir
    Apvrille, Ludovic
    [J]. 2013 3RD INTERNATIONAL WORKSHOP ON MODEL-DRIVEN REQUIREMENTS ENGINEERING (MODRE), 2013, : 55 - 64
  • [8] Towards a Model-Driven Security Assurance of Open Source Components
    Rauf, Irum
    Troubitsyna, Elena
    [J]. SOFTWARE ENGINEERING FOR RESILIENT SYSTEMS, SERENE 2017, 2017, 10479 : 65 - 80
  • [9] A Model-Driven Framework for Security Labs using Blockchain Methodology
    Abbas, Moneeb
    Rashid, Muhammad
    Azam, Farooque
    Rasheed, Yawar
    Anwar, Muhammad Waseem
    Humdani, Maryum
    [J]. 2021 15TH ANNUAL IEEE INTERNATIONAL SYSTEMS CONFERENCE (SYSCON 2021), 2021,
  • [10] Model-driven security based on a Web services security architecture
    Nakamura, Y
    Tatsubori, M
    Imamura, T
    Ono, K
    [J]. 2005 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, VOL 1, PROCEEDINGS, 2005, : 7 - 15
12345