A Tool Support for Secure Software Integration

2010 ◽  
Vol 1 (2) ◽  
pp. 35-56
Author(s):  
Khaled Md Khan ◽  
Jun Han
Keyword(s):  
Security Requirements ◽  
Tool Support ◽  
Software Integration ◽  
Research Outcomes ◽  
Secure Software ◽  
Security Properties ◽  
Automatic Tool ◽  
Software Services

This paper presents a tool for the integration of security-aware services based applications that is constructed on the principles of security characterization of individual software services. The tool uses the technique of reasoning between the ensured security properties of the services and the security requirements of the user’s system. Rather than reporting the research outcomes, in this paper the authors describe the architecture and capabilities of the tool for secure software integration. The main objective of this paper is to show that an automatic tool support could assist the process of security-aware service based software integration.

A Tool Support for Secure Software Integration

2012 ◽  
pp. 248-268
Author(s):  
Khaled M. Khan ◽  
Jun Han
Keyword(s):  
Security Requirements ◽  
Tool Support ◽  
Software Integration ◽  
Research Outcomes ◽  
Secure Software ◽  
Security Properties ◽  
Automatic Tool ◽  
Software Services

This paper presents a tool for the integration of security-aware services based applications that is constructed on the principles of security characterization of individual software services. The tool uses the technique of reasoning between the ensured security properties of the services and the security requirements of the user’s system. Rather than reporting the research outcomes, in this paper the authors describe the architecture and capabilities of the tool for secure software integration. The main objective of this paper is to show that an automatic tool support could assist the process of security-aware service based software integration.

scholarly journals Secure MEReq: A Tool Support to Check for Completeness of Security Requirements

2019 ◽  
Vol 8 (2S11) ◽  
pp. 768-771
Keyword(s):  
Software Development ◽  
Natural Language ◽  
Security Requirements ◽  
Tool Support ◽  
The Real ◽  
Prototype Tool ◽  
Considerable Research ◽  
Secure Software ◽  
Secure Software Development ◽  
Key Features

Quality security requirements help secure software development to succeed. While considerable research can be discovered in the field of demands elicitation, less attention has been paid to the writing of full security specifications. The demands engineers (REs) are still challenged and tedious in implementing and reporting full safety needs derived from Natural language. This is due to their tendency to misunderstand the real needs and the security terms used by inexperienced REs leading to incomplete security requirements. Motivated from these problems, we have developed a prototype tool, called SecureMEReq to improve the writing of complete security requirements. This tool provides four important key-features, which are (1) extraction of template-based components from client-stakeholders; (2) analysis of template-based density from SRCLib; (3) analysis of requirements syntax density from SecLib; and (4) analysis of completeness prioritization. To do this, we used our pattern libraries: SecLib and SRCLib to support the automation process of elicitation, especially in writing the security requirements. Our evaluation results show that our prototype tool is capable to facilitate the writing of complete security requirements and useful in assisting the REs to elicit the security requirements.

scholarly journals Security assurance cases—state of the art of an emerging approach

2021 ◽  
Vol 26 (4) ◽  
Author(s):  
Mazen Mohamad ◽  
Jan-Philipp Steghöfer ◽  
Riccardo Scandariato
Keyword(s):  
State Of The Art ◽  
Tool Support ◽  
Security Assurance ◽  
The Past ◽  
Depth Analysis ◽  
Structured Argumentation ◽  
Security Properties ◽  
Standards And Regulations ◽  
Assurance Cases ◽  
Security Standards

AbstractSecurity Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations. Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated. In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC. Our review resulted in an in-depth analysis and comparison of 51 papers. Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.

Formal Specification of Information Transmission Architecture Based on Automatic Generation of Primitives in Digital Campus

2013 ◽  
Vol 846-847 ◽  
pp. 1644-1647
Author(s):  
Xiao Le Li ◽  
Ying Wen ◽  
Ming Weng
Keyword(s):  
Information Transmission ◽  
Formal Analysis ◽  
Automatic Generation ◽  
Comprehensive Analysis ◽  
Security Requirements ◽  
Digital Campus ◽  
Application Systems ◽  
Secure Information ◽  
Common Framework ◽  
Automatic Tool

Based on comprehensive analysis on security requirements of information transmission, security primitive is generated by automatic tool in asymmetric key cryptosystem, and improved with addition of compositional factors. And then, formal processes of secure information transmission are constructed with composition method. Formal analysis shows that, secrecy, integrity, availability, controllability, non-repudiation and identifiability during information transmission can be insured by this architecture, as a common framework for development of various application systems in digital campus from the viewpoint of information security.

scholarly journals Anonymously Establishing Digital  Provenance in Reseller Chains

2021 ◽  
Author(s):  
◽  
Benjamin Philip Palmer
Keyword(s):  
Security Analysis ◽  
Security Requirements ◽  
Model Checker ◽  
Extended Version ◽  
Design Development ◽  
Provenance Information ◽  
Security Properties ◽  
History Of ◽  
Sequential Processes ◽  
A Chain

<p>An increasing number of products are exclusively digital items, such as media files, licenses, services, or subscriptions. In many cases customers do not purchase these items directly from the originator of the product but through a reseller instead. Examples of some well known resellers include GoDaddy, the iTunes music store, and Amazon. This thesis considers the concept of provenance of digital items in reseller chains. Provenance is defined as the origin and ownership history of an item. In the context of digital items, the origin of the item refers to the supplier that created it and the ownership history establishes a chain of ownership from the supplier to the customer. While customers and suppliers are concerned with the provenance of the digital items, resellers will not want the details of the transactions they have taken part in made public. Resellers will require the provenance information to be anonymous and unlinkable to prevent third parties building up large amounts of information on the transactions of resellers. This thesis develops security mechanisms that provide customers and suppliers with assurances about the provenance of a digital item, even when the reseller is untrusted, while providing anonymity and unlinkability for resellers . The main contribution of this thesis is the design, development, and analysis of the tagged transaction protocol. A formal description of the problem and the security properties for anonymously providing provenance for digital items in reseller chains are defined. A thorough security analysis using proofs by contradiction shows the protocol fulfils the security requirements. This security analysis is supported by modelling the protocol and security requirements using Communicating Sequential Processes (CSP) and the Failures Divergences Refinement (FDR) model checker. An extended version of the tagged transaction protocol is also presented that provides revocable anonymity for resellers that try to conduct a cloning attack on the protocol. As well as an analysis of the security of the tagged transaction protocol, a performance analysis is conducted providing complexity results as well as empirical results from an implementation of the protocol.</p>

Innovative Strategies for Secure Software Development

2014 ◽  
pp. 2099-2119
Author(s):  
Punam Bedi ◽  
Vandana Gandotra ◽  
Archana Singhal
Keyword(s):  
Fuzzy Logic ◽  
Security Requirements ◽  
Software Systems ◽  
Hybrid Technique ◽  
Security Measures ◽  
Failed State ◽  
Innovative Strategies ◽  
Secure Software ◽  
Attack Trees ◽  
Secure Software Development

This chapter discusses adoption of some proactive strategies in threat management for security of software systems. Security requirements play an important role for secure software systems which arise due to threats to the assets from malicious users. It is therefore imperative to develop realistic and meaningful security requirements. A hybrid technique has been presented in this chapter evolved by overlapping the strengths of misuse cases and attack trees for elicitation of flawless security requirements. This chapter also discusses an innovative technique using fuzzy logic as a proactive step to break the jinx of brittleness of present day security measures based on binary principle. In this mechanism, partially secure state evolved between safe state and failed state using fuzzy logic provides an alert signal to take appropriate additional preventive measures to save the system from entering into the failed state to the extent possible.

Sign in / Sign up

Export Citation Format

Share Document