Automatic Enforcement of Security Properties

Description

Ensuring the security requirements of an application is not a straightforward task. Security properties (e.g., confidentiality, anonymity) need to be satisfied in different ways in different parts of the same application. Software architects are usually required to manually define security components and their dependencies with the base application, customize them to the application's requirements, identify the points where security is incorporated, and verify that the selected places are correct. The last two steps are especially complex and errorprone. In our approach, we aim to provide a solution that helps software architects to identify the correct places to incorporate the security functionality and to verify the correctness of the composed application architecture. This is achieved by identifying a set of general structural patterns for incorporating security into the application architecture, and by providing a model-driven SPL solution to customize these patterns to each application's requirements.

Abstract

Junta de Andalucía MAGIC P12-TIC1814

Abstract

Ministerio de Ciencia, Innovación y Universidades HADAS TIN2015-64841-R

Additional details