Towards Language Support for Model-based Security Policy Engineering

被引:2
|
作者
Amthor, Peter [1 ]
Schlegel, Marius [1 ]
机构
[1] Tech Univ Ilmenau, Ilmenau, Germany
来源
PROCEEDINGS OF THE 17TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS (SECRYPT), VOL 1 | 2020年
关键词
Software Engineering; Security Engineering; Security Policies; Security Models; Specification Languages; Domain-specific Languages; Automatic Translation;
D O I
10.5220/0009893205130521
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Software engineering for security-critical systems is based on manual translations between languages from different domains: an informal security policy is translated to a formally verifiable model, and further to actual source code. This is an error-prone task, put at the risk of losing hard-acquired correctness guarantees. To mitigate this problem, we argue for a methodical support by domain-specific languages and tools. We present ongoing work on two languages that substantiate this thesis, including their usage in a practical setting, and discuss the benefits from combining them with appropriate tool support.
引用
收藏
页码:513 / 521
页数:9
相关论文
共 50 条
  • [1] Model-based security engineering
    Juerjens, Jan
    [J]. ICE-B 2006: Proceedings of the International Conference on e-Business, 2006, : IS23 - IS29
  • [2] Model-based security engineering
    Juerjens, Jan
    [J]. SIGMAP 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING AND MULTIMEDIA APPLICATIONS, 2006, : IS23 - IS29
  • [3] Model-based security engineering
    Juerjens, Jan
    [J]. SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2006, : IS23 - IS29
  • [4] Model-based security engineering
    Juerjens, Jan
    [J]. WINSYS 2006: Proceedings of the International Conference on Wireless Information Networks and Systems, 2006, : IS23 - IS29
  • [5] Model-based security engineering with UML
    Jürjens, J
    [J]. FOUNDATIONS OF SECURITY ANALYSIS AND DESIGN III, 2005, 3655 : 42 - 77
  • [6] Model-based security engineering for real
    Juerjens, Jan
    [J]. FM 2006: FORMAL METHODS, PROCEEDINGS, 2006, 4085 : 600 - 606
  • [7] WorSE: A Workbench for Model-based Security Engineering
    Amthor, Peter
    Kuehnhauser, Winfried E.
    Poelck, Anja
    [J]. COMPUTERS & SECURITY, 2014, 42 : 40 - 55
  • [8] Security & Safety by Model-based Requirements Engineering
    Japs, Sergej
    [J]. 2020 28TH IEEE INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE (RE'20), 2020, : 422 - 427
  • [9] Bridging model-based and language-based security
    Heldal, R
    Hultin, F
    [J]. COMPUTER SECURITY - ESORICS 2003, PROCEEDINGS, 2003, 2808 : 235 - 252
  • [10] Model-based security engineering with UML:: Introducing security aspects
    Juerjens, Jan
    [J]. FORMAL METHODS FOR COMPONENTS AND OBJECTS, 2006, 4111 : 64 - 87
12345