Fabio Massacci, UNITN,Federica Paci, UNITN Stephane Paul, MANAGING SECURITY AND THALES CHANGES AT MODEL LEVEL (SECURE CHANGE)
SECURE CHANGE PROJECT Challenge: support evolution while maintaining security at all levels of the software development process Solution: Change driven security engineering process Interplay between risk assessment and different phases of software engineering process Models as basic unit of change Change propagation is supported by identifying mappings at conceptual level and orchestrating the respective analysis process 02/08/2011 2
SECURITY ENGINEERING PROCESS Interplay between software life-cycle phases and risk assessment activities Change management artefacts and methodologies are sprinkled throughout the whole phases 02/08/2011 3
CHANGE PROPAGATION Concepts are mapped amongst the requirement and risk domains The mapped concepts are the basis for processes orchestration and change propagation When a change affects a concept of the interface, the change is propagated to the other domain. 02/08/2011 4
A POSSIBLE INSTANTIATION Requirements models are Si* models – goal oriented requirements language by UNITN Risk Models are RA DSML models – domain specific language for risk analysis by THALES Mapped concepts Rem. Business Object - Risk. Essential Elements Rem.Goal - Risk.Security Objective Rem.Security Goal – Risk.Security Requirement Rem.Process – Risk Security Solution 02/08/2011 5
AN EXAMPLE – BEFORE REQUIREMNT MODELEvolution in ATM Domain - Introduction of a new tool to support thecontrollers during approach phase 02/08/2011 6
AN EXAMPLE –EVOLUTION IN ATM Risk analyst identifies a new risk Failure in the provisioning of correct or optimal arrival information due to ATCO mistakes Two security objectives are defined: The system shall be computed automatically by an Arrival Manager system The update of the system should be handled through a dedicated role of Sequence Manager Security objectives are refined into security requirements: The system should integrate an AMAN The organization should integrate a SQM 02/08/2011 7
AN EXAMPLE – AFTER REQUIREMENT MODEL 02/08/2011 8
More details about the project at www.securechange.eu 02/08/2011 9
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.