Upload
fcleary
View
286
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
MANAGING SECURITY AND
CHANGES AT MODEL LEVEL
(SECURE CHANGE)
Fabio Massacci,
UNITN,
Federica Paci,
UNITN
Stephane Paul,
THALES
SECURE CHANGE PROJECT
� Challenge: support evolution while maintaining security at all
levels of the software development process
� Solution: Change driven security engineering process
� Interplay between risk assessment and different phases of software
engineering process
�Models as basic unit of change
� Change propagation is supported by identifying mappings at conceptual
level and orchestrating the respective analysis process
02/08/2011 2
SECURITY ENGINEERING PROCESS
� Interplay between software life-cycle phases and risk assessment activities
� Change management artefacts and methodologies are sprinkled throughout the whole
phases
02/08/2011 3
CHANGE PROPAGATION
� Concepts are mapped amongst the requirement and risk domains
� The mapped concepts are the basis for processes orchestration
and change propagation
� When a change affects a concept of the interface, the change is
propagated to the other domain.
02/08/2011 4
A POSSIBLE INSTANTIATION
� Requirements models are Si* models – goal oriented
requirements language by UNITN
� Risk Models are RA DSML models – domain specific language
for risk analysis by THALES
� Mapped concepts
� Rem. Business Object - Risk. Essential Elements
� Rem.Goal - Risk.Security Objective
� Rem.Security Goal – Risk.Security Requirement
� Rem.Process – Risk Security Solution
02/08/2011 5
AN EXAMPLE – BEFORE REQUIREMNT MODEL
02/08/2011 6
Evolution in ATM Domain - Introduction of a new tool to support the controllers during approach phase
AN EXAMPLE –EVOLUTION IN ATM
� Risk analyst identifies a new risk
� Failure in the provisioning of correct or optimal arrival information due to ATCO
mistakes
� Two security objectives are defined:
� The system shall be computed automatically by an Arrival Manager system
� The update of the system should be handled through a dedicated role of Sequence
Manager
� Security objectives are refined into security requirements:
� The system should integrate an AMAN
� The organization should integrate a SQM
02/08/2011 7
AN EXAMPLE – AFTER REQUIREMENT MODEL
02/08/2011 8
More details about the project at
www.securechange.eu
02/08/2011 9