Affiliation:
1. University of Koblenz-Landau, Germany
Abstract
Today's software systems are too complex to ensure security after the fact – security has to be built into systems by design. To this end, model-based techniques such as UMLsec support the design-time specification and analysis of security requirements by providing custom model annotations and checks. Yet, a particularly challenging type of complexity arises from the variability of software product lines. Analyzing the security of all products separately is generally infeasible. In this work, we propose SecPL, a methodology for ensuring security in a software product line. SecPL allows developers to annotate the system design model with product-line variability and security requirements. To keep the exponentially large configuration space tractable during security checks, SecPL provides a family-based security analysis. In our experiments, this analysis outperforms the naive strategy of checking all products individually. Finally, we present the results of a user study that indicates the usability of our overall methodology.
Funder
Deutsche Forschungsgemeinschaft
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Graphics and Computer-Aided Design,Software
Reference60 articles.
1. Model-based Privacy and Security Analysis with CARiSMA;Ahmadian Amir Shayan;FSE.,2017
2. A Product Line Modeling and Configuration Methodology to Support Model-Based Testing: An Industrial Case Study;Ali Shaukat;MoDELS.,2012
3. Oracle Corporation and/or its affiliates. 2018. OpenJDK. (2018). http://openjdk.java.net/. Oracle Corporation and/or its affiliates. 2018. OpenJDK. (2018). http://openjdk.java.net/.
4. Sven Apel Don S. Batory Christian Kästner and Gunter Saake. 2013. Feature-Oriented Software Product Lines - Concepts and Implementation. Springer. Sven Apel Don S. Batory Christian Kästner and Gunter Saake. 2013. Feature-Oriented Software Product Lines - Concepts and Implementation . Springer.
5. Runtime verification of cryptographic protocols
Cited by
5 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Incremental Identification of T-Wise Feature Interactions;Proceedings of the 18th International Working Conference on Variability Modelling of Software-Intensive Systems;2024-02-07
2. Microservice Security Metrics for Secure Communication, Identity Management, and Observability;ACM Transactions on Software Engineering and Methodology;2023-01-31
3. Effects of variability in models: a family of experiments;Empirical Software Engineering;2022-03-17
4. The architectural divergence problem in security and privacy of eHealth IoT product lines;Proceedings of the 25th ACM International Systems and Software Product Line Conference - Volume A;2021-09-06
5. Variability representations in class models;Proceedings of the 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems;2020-10-16