SwePub
Sök i SwePub databas

  Utökad sökning

Träfflista för sökning "WFRF:(Scandariato Riccardo 1975) "

Sökning: WFRF:(Scandariato Riccardo 1975)

  • Resultat 1-44 av 44
Sortera/gruppera träfflistan
   
NumreringReferensOmslagsbildHitta
1.
  • Alshareef, Hanaa, 1985, et al. (författare)
  • Precise Analysis of Purpose Limitation in Data Flow Diagrams
  • 2022
  • Ingår i: ACM International Conference Proceeding Series. - New York, NY, USA : ACM.
  • Konferensbidrag (refereegranskat)abstract
    • Data Flow Diagrams (DFDs) are primarily used for modelling functional properties of a system. In recent work, it was shown that DFDs can be used to also model non-functional properties, such as security and privacy properties, if they are annotated with appropriate security- and privacy-related information. An important privacy principle one may wish to model in this way is purpose limitation. But previous work on privacy-aware DFDs (PA-DFDs) considers purpose limitation only superficially, without explaining how the purpose of DFD activators and flows ought to be specified, checked or inferred. In this paper, we define a rigorous formal framework for (1) annotating DFDs with purpose labels and privacy signatures, (2) checking the consistency of labels and signatures, and (3) inferring labels from signatures. We implement our theoretical framework in a proof-of concept tool consisting of a domain-specific language (DSL) for specifying privacy signatures and algorithms for checking and inferring purpose labels from such signatures. Finally, we evaluate our framework and tool through a case study based on a DFD from the privacy literature.
  •  
2.
  • Antignac, Thibaud, 1986, et al. (författare)
  • A Privacy-Aware Conceptual Model for Handling Personal Data
  • 2016
  • Ingår i: Lecture Notes in Computer Science, volume 9952. - Cham : Springer. - 0302-9743 .- 1611-3349. - 9783319471655 ; , s. 942-957
  • Bokkapitel (refereegranskat)abstract
    • Handling personal data adequately is one of the biggest challenges of our era. Consequently, law and regulations are in the process of being released, like the European General Data Protection Regulation (GDPR), which attempt to deal with these challenging issue early on. The core question motivating this work is how software developers can validate their technical design vis-a-vis the prescriptions of the privacy legislation. In this paper, we outline the technical concepts related to privacy that need to be taken into consideration in a software design. Second, we extend a popular design notation in order to support the privacy concepts illustrated in the previous point. Third, we show how some of the prescriptions of the privacy legislation and standards may be related to a technical design that employs our enriched notation, which would facilitate reasoning about compliance.
  •  
3.
  • Antignac, Thibaud, et al. (författare)
  • Privacy Compliance Via Model Transformations
  • 2018
  • Ingår i: International Workshop on Privacy Engineering (IWPE'18) at IEEE EuroS&P. - : IEEE. - 9781538654453
  • Konferensbidrag (refereegranskat)abstract
    • © 2018 IEEE. Due to the upcoming, more restrictive regulations (like the European GDPR), designing privacy preserving architectures for information systems is becoming a pressing concern for practitioners. In particular, verifying that a design is compliant with the regulations might be a challenging task for engineers. This work presents an approach based on model transformations, which guarantee that an architectural design encompasses regulation-oriented principles such as purpose limitation, or accountability of the data controller. Our work improves the state of the art along two main dimensions. The approach we propose (i) embeds privacy principles coming from regulations, thus helping to bridge the gap between the technical and the legal worlds, (ii) systematize the embedding of the privacy principles coming from regulations, thus enabling a constructive approach to privacy by design.
  •  
4.
  • Billawa, Priyanka, et al. (författare)
  • SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices
  • 2022
  • Ingår i: ACM International Conference Proceeding Series. - New York, NY, USA : ACM.
  • Konferensbidrag (refereegranskat)abstract
    • Cloud-based application deployment is becoming increasingly popular among businesses, thanks to the emergence of microservices. However, securing such architectures is a challenging task since traditional security concepts cannot be directly applied to microservice architectures due to their distributed nature. The situation is exacerbated by the scattered nature of guidelines and best practices advocated by practitioners and organizations in this field. In this research paper we aim to shay light over the current microservice security discussions hidden within Grey Literature (GL) sources. Particularly, we identify the challenges that arise when securing microservice architectures, as well as solutions recommended by practitioners to address these issues. For this, we conducted a systematic GL study on the challenges and best practices of microservice security present in the Internet with the goal of capturing relevant discussions in blogs, white papers, and standards. We collected 312 GL sources from which 57 were rigorously classified and analyzed. This analysis on the one hand validated past academic literature studies in the area of microservice security, but it also identified improvements to existing methodologies pointing towards future research directions.
  •  
5.
  •  
6.
  •  
7.
  •  
8.
  • Erlenhov, Linda, 1979, et al. (författare)
  • Current and Future Bots in Software Development
  • 2019
  • Ingår i: 2019 IEEE/ACM 1st International Workshop on Bots in Software Engineering (BotSE). - 9781728122625 ; , s. 7-11
  • Konferensbidrag (refereegranskat)abstract
    • Bots that support software development ("DevBots") are seen as a promising approach to deal with the ever-increasing complexity of modern software engineering and development. Existing DevBots are already able to relieve developers from routine tasks such as building project images or keeping dependencies up-to-date. However, advances in machine learning and artificial intelligence hold the promise of future, significantly more advanced, DevBots. In this paper, we introduce the terminology of contemporary and ideal DevBots. Contemporary DevBots represent the current state of practice, which we characterise using a facet-based taxonomy. We exemplify this taxonomy using 11 existing, industrial-strength bots. We further provide a vision and definition of future (ideal) DevBots, which are not only autonomous, but also adaptive, as well as technically and socially competent. These properties may allow ideal DevBots to act more akin to artificial team mates than simple development tools.
  •  
9.
  • Exploring security in software architecture and design
  • 2019
  • Samlingsverk (redaktörskap) (refereegranskat)abstract
    • Cyber-attacks continue to rise as more individuals rely on storing personal information on networks. Even though these networks are continuously checked and secured, cybercriminals find new strategies to break through these protections. Thus, advanced security systems, rather than simple security patches, need to be designed and developed. Exploring Security in Software Architecture and Design is an essential reference source that discusses the development of security-aware software systems that are built into every phase of the software architecture. Featuring research on topics such as migration techniques, service-based software, and building security, this book is ideally designed for computer and software engineers, ICT specialists, researchers, academicians, and field experts.
  •  
10.
  • Faily, Shamal, et al. (författare)
  • Contextualisation of Data Flow Diagrams for Security Analysis
  • 2020
  • Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 12419 LNCS, s. 186-197
  • Konferensbidrag (refereegranskat)abstract
    • Data flow diagrams (DFDs) are popular for sketching systems for subsequent threat modelling. Their limited semantics make reasoning about them difficult, but enriching them endangers their simplicity and subsequent ease of take up. We present an approach for reasoning about tainted data flows in design-level DFDs by putting them in context with other complementary usability and requirements models. We illustrate our approach using a pilot study, where tainted data flows were identified without any augmentations to either the DFD or its complementary models.
  •  
11.
  • Hovsepyan, Aram, et al. (författare)
  • Is Newer Always Better?: The Case of Vulnerability Prediction Models
  • 2016
  • Ingår i: ESEM '16 Proceedings of the 10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement. - New York, NY, USA : Association for Computing Machinery. - 1949-3770 .- 1949-3789. - 9781450344272
  • Konferensbidrag (refereegranskat)abstract
    • © 2016 ACM. Finding security vulnerabilities in the source code as early as possible is becoming more and more essential. In this respect, vulnerability prediction models have the potential to help the security assurance activities by identifying code locations that deserve the most attention. In this paper, we investigate whether prediction models behave like milk (i.e., they turn with time) or wine (i.e., the improve with time) when used to predict future vulnerabilities. Our findings indicate that the recall values are largely in favor of predictors based on older versions. However, the better recall comes at the price of much higher file inspection ratio values.
  •  
12.
  •  
13.
  • Jolak, Rodi, et al. (författare)
  • CONSERVE: A framework for the selection of techniques for monitoring containers security
  • 2022
  • Ingår i: Journal of Systems and Software. - : Elsevier BV. - 0164-1212 .- 1873-1228. ; 186:April
  • Tidskriftsartikel (refereegranskat)abstract
    • Context: Container-based virtualization is gaining popularity in different domains, as it supports continuous development and improves the efficiency and reliability of run-time environments. Problem: Different techniques are proposed for monitoring the security of containers. However, there are no guidelines supporting the selection of suitable techniques for the tasks at hand. Objective: We aim to support the selection and design of techniques for monitoring container-based virtualization environments. Approach:: First, we review the literature and identify techniques for monitoring containerized environments. Second, we classify these techniques according to a set of categories, such as technical characteristic, applicability, effectiveness, and evaluation. We further detail the pros and cons that are associated with each of the identified techniques. Result: As a result, we present CONSERVE, a multi-dimensional decision support framework for an informed and optimal selection of a suitable set of container monitoring techniques to be implemented in different application domains. Evaluation: A mix of eighteen researchers and practitioners evaluated the ease of use, understandability, usefulness, efficiency, applicability, and completeness of the framework. The evaluation shows a high level of interest, and points out to potential benefits. © 2021 The Authors
  •  
14.
  • Jolak, Rodi, 1985, et al. (författare)
  • RIPOSTE: A Collaborative Cyber Attack Response Framework for Automotive Systems
  • 2022
  • Ingår i: Proceedings - 48th Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2022. - : IEEE conference proceedings. ; , s. 350-357
  • Konferensbidrag (refereegranskat)abstract
    • The automotive domain has got its own share of advancements in information and communication technology, providing more services and leading to more connectivity. However, more connectivity and openness raise cyber security and safety concerns. Indeed, services that depend on online connectivity can serve as entry points for attacks on different assets of the vehicle. This study explores collaborative ways of selecting response techniques to counter real-time cyber attacks on automotive systems. The aim is to mitigate the attacks more quickly than a single vehicle would be able to do, and increase the survivability chances of the collaborating vehicles. To achieve that, the design science research methodology is employed. As a result, we present RIPOSTE, a framework for collaborative real-time evaluation and selection of suitable response techniques when an attack is in progress. We evaluate the framework from a safety perspective by conducting a qualitative study involving domain experts. The proposed framework is deemed slightly unsafe, and insights into how to improve the overall safety of the framework are provided.
  •  
15.
  • Mohamad, Mazen, 1984, et al. (författare)
  • Asset-driven Security Assurance Cases with Built-in Quality Assurance
  • 2021
  • Ingår i: 2021 IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS 2021). - 9781665445535 ; , s. 29-36
  • Konferensbidrag (refereegranskat)abstract
    • Security Assurance Cases (SAC) are structured arguments and evidence bodies used to reason about the security of a certain system. SACs are gaining focus in the automotive domain as the needs for security assurance are growing. In this study, we present an approach for creating SAC. The approach is inspired by the upcoming security standards ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs). We created the approach by extracting relevant requirements from ISO/SAE-21434 and illustrated it using an example case of the headlamp items provided in the standard. We found that the approach is applicable and helps to satisfy the requirements for security assurance in the standard as well as the internal compliance needs in an automotive OEM.
  •  
16.
  • Mohamad, Mazen, 1984, et al. (författare)
  • Assurance Cases for Road Vehicles: an Industry Perspective
  • 2020
  • Ingår i: ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security.
  • Konferensbidrag (refereegranskat)abstract
    • Assurance cases are structured arguments that are commonly used to reason about the safety of a product or service. Currently, there is an ongoing push towards using assurance cases for also cybersecurity, especially in safety critical domains, like automotive. While the industry is faced with the challenge of defining a sound methodology to build security assurance cases, the state of the art is rather immature. Therefore, we have conducted a thorough investigation of the (external) constraints and (internal) needs that security assurance cases have to satisfy when used in the automotive industry. This has been done in the context of two large automotive companies. The end result is a set of recommendations that automotive companies can apply in order to define security assurance cases that are (i) aligned with the constraints imposed by the existing and upcoming standards and regulations and (ii) harmonized with the internal product development processes and organizational practices. We expect the results to be also of interest for product companies in other safety critical domains, like healthcare, transportation, and so on.
  •  
17.
  • Mohamad, Mazen, et al. (författare)
  • CASCADE: An Asset-driven Approach to Build Security Assurance Cases for Automotive Systems
  • 2023
  • Ingår i: Acm Transactions on Cyber-Physical Systems. - : Association for Computing Machinery (ACM). - 2378-962X .- 2378-9638. ; 7:1
  • Tidskriftsartikel (refereegranskat)abstract
    • Security Assurance Cases (SAC) are structured arguments and evidence bodies used to reason about the security of a certain system. SACs are gaining focus in the automotive industry, as the needs for security assurance are growing in this domain. However, the state-of-the-arts lack a mature approach able to suit the needs of the automotive industry. In this article, we present CASCADE, an asset-driven approach for creating SAC, which is inspired by the upcoming security standard ISO/SAE-21434 as well as the internal needs of automotive Original Equipment Manufacturers (OEMs). CASCADE also differentiates itself from the stateof-the-art by incorporating a way to reason about the quality of the constructed security assurance case. We created the approach by conducting an iterative design science research study. We illustrate the results using the example case of the road vehicle's headlamp provided in the ISO standard. We also illustrate how our approach aligns well with the structure and content of the ISO/SAE-21434 standard, hence demonstrating the practical applicability of CASCADE in an industrial context.
  •  
18.
  • Mohamad, Mazen, 1984, et al. (författare)
  • Identifying security-related requirements in regulatory documents based on cross-project classification
  • 2022
  • Ingår i: PROMISE 2022 - Proceedings of the 18th International Conference on Predictive Models and Data Analytics in Software Engineering, co-located with ESEC/FSE 2022. - New York, NY, USA : ACM. ; , s. 82-91
  • Konferensbidrag (refereegranskat)abstract
    • Security is getting substantial focus in many industries, especially safety-critical ones. When new regulations and standards which can run to hundreds of pages are introduced, it is necessary to identify the requirements in those documents which have an impact on security. Additionally, it is necessary to revisit the requirements of existing systems and identify the security related ones. We investigate the feasibility of using a classifier for security-related requirements trained on requirement specifications available online. We base our investigation on 15 requirement documents, randomly selected and partially pre-labelled, with a total of 3,880 requirements. To validate the model, we run a cross-project prediction on the data where each specification constitutes a group. We also test the model on three different United Nations (UN) regulations from the automotive domain with different magnitudes of security relevance. Our results indicate the feasibility of training a model from a heterogeneous data set including specifications from multiple domains and in different styles. Additionally, we show the ability of such a classifier to identify security requirements in real-life regulations and discuss scenarios in which such a classification becomes useful to practitioners.
  •  
19.
  • Mohamad, Mazen, 1984, et al. (författare)
  • Managing security evidence in safety-critical organizations
  • 2024
  • Ingår i: Journal of Systems and Software. - : Elsevier Inc.. - 0164-1212 .- 1873-1228. ; 214
  • Tidskriftsartikel (refereegranskat)abstract
    • With the increasing prevalence of open and connected products, cybersecurity has become a serious issue in safety-critical domains such as the automotive industry. As a result, regulatory bodies have become more stringent in their requirements for cybersecurity, necessitating security assurance for products developed in these domains. In response, companies have implemented new or modified processes to incorporate security into their product development lifecycle, resulting in a large amount of evidence being created to support claims about the achievement of a certain level of security. However, managing evidence is not a trivial task, particularly for complex products and systems. This paper presents a qualitative interview study conducted in six companies on the maturity of managing security evidence in safety-critical organizations. We find that the current maturity of managing security evidence is insufficient for the increasing requirements set by certification authorities and standardization bodies. Organizations currently fail to identify relevant artifacts as security evidence and manage this evidence on an organizational level. One part of the reason are educational gaps, the other a lack of processes. The impact of AI on the management of security evidence is still an open question.
  •  
20.
  • Mohamad, Mazen, 1984, et al. (författare)
  • Managing security evidence in safety-critical organizations
  • 2024
  • Ingår i: JOURNAL OF SYSTEMS AND SOFTWARE. - : Elsevier Inc.. - 0164-1212 .- 1873-1228. ; 214
  • Tidskriftsartikel (refereegranskat)abstract
    • With the increasing prevalence of open and connected products, cybersecurity has become a serious issue in safety-critical domains such as the automotive industry. As a result, regulatory bodies have become more stringent in their requirements for cybersecurity, necessitating security assurance for products developed in these domains. In response, companies have implemented new or modified processes to incorporate security into their product development lifecycle, resulting in a large amount of evidence being created to support claims about the achievement of a certain level of security. However, managing evidence is not a trivial task, particularly for complex products and systems. This paper presents a qualitative interview study conducted in six companies on the maturity of managing security evidence in safety-critical organizations. We find that the current maturity of managing security evidence is insufficient for the increasing requirements set by certification authorities and standardization bodies. Organizations currently fail to identify relevant artifacts as security evidence and manage this evidence on an organizational level. One part of the reason are educational gaps, the other a lack of processes. The impact of AI on the management of security evidence is still an open question.
  •  
21.
  • Mohamad, Mazen, et al. (författare)
  • Security assurance cases-state of the art of an emerging approach
  • 2021
  • Ingår i: Empirical Software Engineering. - : Springer Science and Business Media LLC. - 1382-3256 .- 1573-7616. ; 26:4
  • Tidskriftsartikel (refereegranskat)abstract
    • Security Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations. Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated. In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC. Our review resulted in an in-depth analysis and comparison of 51 papers. Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.
  •  
22.
  • Nassar, Bashar, 1986, et al. (författare)
  • Traceability data in early development phases as an enabler for decision support
  • 2016
  • Ingår i: XP 2016 Scientific Workshops; Edinburgh; UK; 24 May 2016 (ACM International Conference Proceeding Series). - New York, NY, USA : ACM. - 9781450341349 ; 24-May-2016, s. art no 2962710-
  • Konferensbidrag (refereegranskat)abstract
    • Traceability information between requirements, architectural elements and the results of test cases can be used to unearth interesting relationships between the early phases of the software development process and the software faults in the end product. For instance, complex dependencies between features and software components could lead to an increased level of flaws in the code. Such patterns can be detected and visualized as early warnings to the relevant stakeholders (e.g., the architect or the project manager). Ultimately, a fully-fledged prediction model can be developed if enough historical information is available from previous software projects. In this paper we introduce a method for building a decision support system based on historic product data.
  •  
23.
  • Nassar, B., et al. (författare)
  • Traceability Metrics as Early Predictors of Software Defects?
  • 2017
  • Ingår i: 2017 Ieee International Conference on Software Architecture (Icsa 2017). - New York : IEEE. - 9781509057290
  • Konferensbidrag (refereegranskat)abstract
    • This paper investigates two metrics related to the traceability relationships that exist between requirements and architectural design. In particular, we look into cross-cutting requirements, i.e., requirements that are implemented by several components, and, conversely, into overloaded components, i.e., components that implement several requirements. The intuition is that intricate dependencies between requirements and architectural components might be the precursors of software defects. Using empirical data from one industrial application in the automotive domain, we study the predictive power of such metrics.
  •  
24.
  • Nguyen, P. H., et al. (författare)
  • SoSPa: A System of Security Design Patterns for Systematically Engineering Secure Systems
  • 2015
  • Ingår i: 2015 Acm/Ieee 18th International Conference on Model Driven Engineering Languages and Systems (Models). - : IEEE. - 9781467369084
  • Konferensbidrag (refereegranskat)abstract
    • Model-Driven Security (MDS) for secure systems development still has limitations to be more applicable in practice. A recent systematic review of MDS shows that current MDS approaches have not dealt with multiple security concerns systematically. Besides, catalogs of security patterns which can address multiple security concerns have not been applied efficiently. This paper presents an MDS approach based on a unified System of Security design Patterns (SoSPa). In SoSPa, security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically addressing multiple security concerns. SoSPa consists of not only interrelated security design patterns but also a refinement process towards their application. We applied SoSPa to design the security of crisis management systems. The result shows that multiple security concerns in the case study have been addressed by systematically integrating different security solutions.
  •  
25.
  • Peldszus, Sven, et al. (författare)
  • Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings
  • 2019
  • Ingår i: Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019. ; , s. 23-33
  • Konferensbidrag (refereegranskat)abstract
    • During the development of security-critical software, the system implementation must capture the security properties postulated by the architectural design. This paper presents an approach to support secure data-flow compliance checks between design models and code. To iteratively guide the developer in discovering such compliance violations we introduce automated mappings. These mappings are created by searching for correspondences between a design-level model (Security Data Flow Diagram) and an implementation-level model (Program Model). We limit the search space by considering name similarities between model elements and code elements as well as by the use of heuristic rules for matching data-flow structures. The main contributions of this paper are three-fold. First, the automated mappings support the designer in an early discovery of implementation absence, convergence, and divergence with respect to the planned software design. Second, the mappings also support the discovery of secure data-flow compliance violations in terms of illegal asset flows in the software implementation. Third, we present our implementation of the approach as a publicly available Eclipse plugin and its evaluation on five open source Java projects (including Eclipse secure storage).
  •  
26.
  • Rosenstatter, Thomas, 1992, et al. (författare)
  • REMIND: A Framework for the Resilient Design of Automotive Systems
  • 2020
  • Bok (övrigt vetenskapligt/konstnärligt)abstract
    • In the past years, great effort has been spent on enhancing the security and safety of vehicular systems. Current advances in information and communication technology have increased the complexity of these systems and lead to extended functionalities towards self-driving and more connectivity. Unfortunately, these advances open the door for diverse and newly emerging attacks that hamper the security and, thus, the safety of vehicular systems. In this paper, we contribute to supporting the design of resilient automotive systems. We review and analyze scientific literature on resilience techniques, fault tolerance, and dependability. As a result, we present the REMIND resilience framework providing techniques for attack detection, mitigation, recovery, and resilience endurance. Moreover, we provide guidelines on how the REMIND framework can be used against common security threats and attacks and further discuss the trade-offs when applying these guidelines.
  •  
27.
  • Scandariato, Riccardo, 1975, et al. (författare)
  • Generative secure design, defined
  • 2018
  • Ingår i: Proceedings - International Conference on Software Engineering. - New York, NY, USA : ACM. - 0270-5257. ; Part F137347, s. 1-4
  • Konferensbidrag (refereegranskat)abstract
    • In software-intensive industries, companies face the constant challenge of not having enough security experts on staff in order to validate the design of the high-complexity projects they run. Many of these companies are now realizing that increasing automation in their secure development process is the only way forward in order to cope with the ultra-large scale of modern systems. This paper embraces that viewpoint. We chart the roadmap to the development of a generative design tool that iteratively produces several design alternatives, each attempting to solve the security goals by incorporating security mechanisms. The tool explores the possible solutions by starting from well-known security techniques and by creating variations via mutations and crossovers. By incorporating user feedback, the tool generates increasingly better design alternatives.
  •  
28.
  • Sion, Laurens, et al. (författare)
  • A modular meta-model for security solutions
  • 2017
  • Ingår i: Proceedings of Programming ’17, Brussels, Belgium, April 03-06. - New York, NY, USA : Association for Computing Machinery. - 9781450348362 ; Part F129681
  • Konferensbidrag (refereegranskat)abstract
    • © 2017 ACM. Designing a secure software system requires the ability to represent and reason about a wide variety of security concerns. Existing modelling representations lack a comprehensive set of security building blocks or lack support for composition or refinement of the design under consideration. We propose a new modular metamodel for representing these security designs. This model supports both composition for more complex solutions and representing different levels of abstraction to model the underlying details. This meta-model can subsequently be used for the construction of security solutions, supporting a wide range of mechanisms on a wide variety of abstraction levels, thereby providing a foundation for the security-by-design approach.
  •  
29.
  • Sion, L., et al. (författare)
  • MASC: Modelling Architectural Security Concerns
  • 2015
  • Ingår i: 2015 IEEE/ACM 7th International Workshop on Modeling in Software Engineering. - : IEEE.
  • Konferensbidrag (refereegranskat)abstract
    • Security decisions are an important part of software architecture design, and thus deserve to be explicitly represented in the design documentation. While UML is the best-known language for creating such documentation, it lacks security specific notations, which makes it difficult to represent the effect of the security decisions. Several security extensions for UML exist in the literature, but they represent security concerns at a lower level of abstraction, or only support a limited subset of security concerns. We propose a new notation, MASC, to model security concerns at the architectural level. It has been designed as an extension of UML, and is based on recurring security concepts that have been distilled from well-known security principles, goals, and patterns. By using our notation, a designer obtains a technique to express security concerns more explicitly in the architectural design documentation.
  •  
30.
  • Sion, Laurens, et al. (författare)
  • Towards Automated Security Design Flaw Detection
  • 2019
  • Ingår i: Proceedings - 2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshops, ASEW 2019. ; , s. 49-56
  • Konferensbidrag (refereegranskat)abstract
    • Efficiency of security-by-design has become an important goal for organizations implementing software engineering practices such as Agile, DevOps, and Continuous Integration. Software architectures are (often manually) analyzed at design time for potential security design flaws, based on natural language descriptions of security weaknesses (e.g., CWE, CAPEC). The use of natural language hinders the application of such knowledge bases in an automated fashion. In this paper, we analyze an existing catalog of 19 security design flaws in order to identify conceptual, technology-independent requirements on architectural models that enable automatically detecting these flaws. This constitutes the first step towards automated assessment of design-level security. Our findings are illustrated on an IoT-based smart home system.
  •  
31.
  • Staron, Miroslaw, 1977, et al. (författare)
  • Data veracity in intelligent transportation systems: the slippery road warning scenario
  • 2016
  • Ingår i: IEEE. - : IEEE.
  • Konferensbidrag (refereegranskat)abstract
    • Intelligent transportation systems rely on the availability of high quality data in order to allow its multiple actors to make correct decisions in diverse traffic situations. Traditionally, high quality is associated with the correctness of the data, its timeliness or integrity. Going beyond data quality, this paper explores the notion of data veracity, which we approach from the perspective of the truthfulness of the data with respect to reality, or, in other words, its ability to be free from `lies'. Starting from the concrete case of the slippery road warning scenario (which comes from an industrial player), we define an initial taxonomy of data veracity (which is derived from the study of the literature) and use such taxonomy as a means to analyze the threats to data veracity in the above mentioned scenario. Additionally, this paper has the ambition to draw the attention of researchers and practitioners on the emerging challenges in the fiels of data veracity and to define a research roadmap to tackle such challenges.
  •  
32.
  • Stuckman, J., et al. (författare)
  • The Effect of Dimensionality Reduction on Software Vulnerability Prediction Models
  • 2017
  • Ingår i: IEEE Transactions on Reliability. - : Institute of Electrical and Electronics Engineers (IEEE). - 1558-1721 .- 0018-9529. ; 66:1, s. 17-37
  • Tidskriftsartikel (refereegranskat)abstract
    • Statistical prediction models can be an effective technique to identify vulnerable components in large software projects. Two aspects of vulnerability prediction models have a profound impact on their performance: 1) the features (i.e., the characteristics of the software) that are used as predictors and 2) the way those features are used in the setup of the statistical learning machinery. In a previous work, we compared models based on two different types of features: software metrics and term frequencies (text mining features). In this paper, we broaden the set of models we compare by investigating an array of techniques for the manipulation of said features. These techniques fall under the umbrella of dimensionality reduction and have the potential to improve the ability of a prediction model to localize vulnerabilities. We explore the role of dimensionality reduction through a series of cross-validation and cross-project prediction experiments. Our results show that in the case of software metrics, a dimensionality reduction technique based on confirmatory factor analysis provided an advantage when performing cross-project prediction, yielding the best F-measure for the predictions in five out of six cases. In the case of text mining, feature selection can make the prediction computationally faster, but no dimensionality reduction technique provided any other notable advantage.
  •  
33.
  • Therodouou, Vaslieios, 1980, et al. (författare)
  • Theta Architecture: Preserving the Quality of Analytics in Data-Driven Systems
  • 2017
  • Ingår i: Workshop on Novel Techniques for Integrating Big Data (BigNovelTI 2017).
  • Konferensbidrag (refereegranskat)abstract
    • With the recent advances in Big Data storage and processing, there is a real potential of data-driven software systems, i.e., systems that employ analysis of large amounts of data to inform their runtime decisions. However, for these decisions to be trustworthy and dependable, one needs to deal with the well-known challenges on the data analysis domain: data scarcity, low-quality of data available for analysis, low veracity of data and subsequent analysis results, data privacy constraints that hinder the analysis. A promising solution is to introduce exibility in the data analytics part of the system enabling optimization at runtime of the algorithms and data streams based on the combination of veracity, privacy and scarcity in order to preserve the target level of quality of the data-driven decisions. In this paper, we investigate this solution by providing an adaptive reference architecture and illustrate its applicability with an example from the trac management domain.
  •  
34.
  • Tuma, Katja, 1991, et al. (författare)
  • Automating the early detection of security design flaws
  • 2020
  • Ingår i: Proceedings - 23rd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, MODELS 2020. - New York, NY, USA : ACM. ; :MODELS '20, s. 332-342
  • Konferensbidrag (refereegranskat)abstract
    • Security by design is a key principle for realizing secure software systems and it is advised to hunt for security flaws from the very early stages of development. At design-time, security analysis is often performed manually by means of either threat modeling or expert-based design inspections. However, when leveraging the wide range of established knowledge bases on security design flaws (e.g., CWE, CAWE), these manual assessments become too time consuming, error-prone, and infeasible in the context of contemporary development practices with frequent iterations. This paper focuses on design inspection and explores the potential for automating the application of inspection rules to speed up the security analysis. The contributions of this paper are: (i) the creation of a publicly available data set consisting of 26 design models annotated with security flaws, (ii) an automated approach for following inspection guidelines using model query patterns, and (iii) an empirical comparison of the results from this automated approach with those from manual inspection. Even though our results show that a complete automation of the security design flaw detection is hard to achieve, we find that some flaws (e.g., insecure data exposure) are more amenable to automation. Compared to manual analysis techniques, our results are encouraging and suggest that the automated technique could guide security analysts towards a more complete inspection of the software design, especially for large models.
  •  
35.
  • Tuma, Katja, 1991, et al. (författare)
  • Flaws in Flows : Unveiling Design Flaws via Information Flow Analysis
  • 2019
  • Ingår i: Proceedings - 2019 IEEE International Conference on Software Architecture, ICSA 2019. - : IEEE. - 9781728105284 ; , s. 191-200
  • Konferensbidrag (refereegranskat)abstract
    • This paper presents a practical and formal approach to analyze security-centric information flow policies at the level of the design model. Specifically, we focus on data confidentiality and data integrity objectives. In its guiding principles, the approach is meant to be amenable for designers (e.g., software architects) that have very limited or no background in formal models, logics, and the like. To this aim, we provide an intuitive graphical notation, which is based on the familiar Data Flow Diagrams, and which requires as little effort as possible in terms of extra security-centric information the designer has to provide. The result of the analysis algorithm is the early discovery of design flaws in the form of violations of the intended security properties. The approach is implemented as a publicly available plugin for Eclipse and evaluated with four real-world case studies from publicly available literature.
  •  
36.
  • Tuma, Katja, 1991, et al. (författare)
  • Inspection guidelines to identify security design flaws
  • 2019
  • Ingår i: ACM International Conference Proceeding Series. - New York, NY, USA : ACM. ; 2, s. 116-122
  • Konferensbidrag (refereegranskat)abstract
    • Recent trends in the software development practices (Agile, De-vOps, CI) have shortened the development life-cycle causing the need for efficient security-by-design approaches. In this context, software architectures are analyzed for potential vulnerabilities and design flaws. Yet, design flaws are often documented with natural language and require a manual analysis, which is inefficient. Besides low-level vulnerability databases (e.g., CWE, CAPEC) there is little systematized knowledge on security design flaws. The purpose of this work is to present and evaluate a catalog of security design flaws accompanied by inspection guidelines for their detection. To this aim, we conduct empirical studies with master and doctoral students. This paper presents a catalog of 19 inspection guidelines for detecting security design flaws and contributes with an empirical evaluation of the inspection guidelines. We also account for the shortcomings of the inspection guidelines and make suggestions for their improvement with respect to the generalization of guidelines, catalog re-organization, and format of documentation. We record similar precision, recall, and productivity in both empirical studies.
  •  
37.
  • Tuma, Katja, 1991, et al. (författare)
  • Threat analysis of software systems: A systematic literature review
  • 2018
  • Ingår i: Journal of Systems and Software. - : Elsevier BV. - 0164-1212. ; 144, s. 275-294
  • Tidskriftsartikel (refereegranskat)abstract
    • Architectural threat analysis has become an important cornerstone for organizations concerned with developing secure software. Due to the large number of existing techniques it is becoming more challenging for practitioners to select an appropriate threat analysis technique. Therefore, we conducted a systematic literature review (SLR) of the existing techniques for threat analysis. In our study we compare 26 methodologies for what concerns their applicability, characteristics of the required input for analysis, characteristics of analysis procedure, characteristics of analysis outcomes and ease of adoption. We also provide insight into the obstacles for adopting the existing approaches and discuss the current state of their adoption in software engineering trends (e.g. Agile, DevOps, etc.). As a summary of our findings we have observed that: the analysis procedure is not precisely defined, there is a lack of quality assurance of analysis outcomes and tool support and validation are limited.
  •  
38.
  • Tuma, Katja, 1991, et al. (författare)
  • Towards security threats that matter
  • 2017
  • Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 10683, s. 47-62
  • Konferensbidrag (refereegranskat)abstract
    • Architectural threat analysis is a pillar of security by design and is routinely performed in companies. STRIDE is a well-known technique that is predominantly used to this aim. This technique aims towards maximizing completeness of discovered threats and leads to discovering a large number of threats. Many of them are eventually ranked with the lowest importance during the prioritization process, which takes place after the threat elicitation. While low-priority threats are often ignored later on, the analyst has spent significant time in eliciting them, which is highly inefficient. Experience in large companies shows that there is a shortage of security experts, which have limited time when analyzing architectural designs. Therefore, there is a need for a more efficient use of the allocated resources. This paper attempts to mitigate the problem by introducing a novel approach consisting of a risk-first, end-to-end asset analysis. Our approach enriches the architectural model used during the threat analysis, with a particular focus on representing security assumptions and constraints about the solution space. This richer set of information is leveraged during the architectural threat analysis in order to apply the necessary abstractions, which result in a lower number of significant threats. We illustrate our approach by applying it on an architecture originating from the automotive industry.
  •  
39.
  • Tuma, Katja, 1991, et al. (författare)
  • Two architectural threat analysis techniques compared
  • 2018
  • Ingår i: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 11048 LNCS, s. 347-363
  • Konferensbidrag (refereegranskat)abstract
    • In an initial attempt to systematize the research field of architectural threat analysis, this paper presents a comparative study of two threat analysis techniques. In particular, the controlled experiment presented here compares two variants of Microsoft’s STRIDE. The two variants differ in the way the analysis is performed. In one case, each component of the software system is considered in isolation and scrutinized for potential security threats. In the other case, the analysis has a wider scope and considers the security threats that might occur in a pair of interacting software components. The study compares the techniques with respect to their effectiveness in finding security threats (benefits) as well as the time that it takes to perform the analysis (cost). We also look into other human aspects which are important for industrial adoption, like, for instance, the perceived difficulty in learning and applying the techniques as well as the overall preference of our experimental participants.
  •  
40.
  • Van Den Berghe, Alexander, et al. (författare)
  • A lingua franca for security by design
  • 2018
  • Ingår i: 2018 IEEE Cybersecurity Development Conference, SecDev 2018.
  • Konferensbidrag (refereegranskat)abstract
    • © 2018 IEEE. The principle of security by design is advocated by academia as well as industry. Unfortunately, its adoption in practice is not yet widespread. We believe a reason for this is the lack of a 'lingua franca' for security modelling. Such a language should support security specialists to precisely describe the security aspects in a software design, as well as simultaneously serve to communicate with a broader audience of stakeholders. For this paper, we have assessed how well a formally backed security modelling language we previously proposed, suits the needs of the needs of these two groups. Concretely, we report on a large user study investigating how well security novices are able to comprehend the foundations of our language. Furthermore, to assess our language's practicality, we show how it can be used to create a realistic model of authentication. We have found that our language's foundations are comprehensible to a broader audience and they allow to precisely model a design's security aspects, albeit some shortcomings requiring attention have been identified. Based on these findings, we believe that a precise yet comprehensible security by design lingua franca is within reach.
  •  
41.
  • van den Berghe, A., et al. (författare)
  • A Model for Provably Secure Software Design
  • 2017
  • Ingår i: IEEE/ACM 5th International FME Workshop on Formal Methods in Software Engineering (FormaliSE), 27-27 May 2017, Buenos Aires, Argentina. - : IEEE. - 9781538604229
  • Konferensbidrag (refereegranskat)abstract
    • Both academia and industry advocate the security by design principle to stress the importance of dealing with security from the earliest stages in software development. Nevertheless, designers often have to resort to their own knowledge and experience to pro-actively identify and mitigate potential security problems. Moreover, research shows that correctly applying security solutions is a much more significant challenge for designers, rather than finding an adequate solution. Therefore, there is a need for techniques that ensure a correct application of a security design solution. The contribution of this paper is a model in which the security-relevant aspects of a design can be precisely expressed in an integrated manner, enabling thorough reasoning about these aspects. We illustrate this model with a sizeable model of a banking system and show how the precise semantics of this model enables the tool-supported construction of proofs about the correctness of the applied design solutions. Our proposal thus enables designers to obtain stronger guarantees, ensuring the correctness of their solutions. The presented model can serve as the foundation for security by design, in time enabling automated security verification throughout the software development cycle.
  •  
42.
  • vandenBerghe, Alexander, et al. (författare)
  • Design notations for secure software: a systematic literature review
  • 2017
  • Ingår i: Software and Systems Modeling. - : Springer Science and Business Media LLC. - 1619-1366 .- 1619-1374. ; 16, s. 809-831
  • Tidskriftsartikel (refereegranskat)abstract
    • © 2015, Springer-Verlag Berlin Heidelberg. In the past 10years, the research community has produced a significant number of design notations to represent security properties and concepts in a design artifact. These notations are aimed at documenting and analyzing security in a software design model. The fragmentation of the research space, however, has resulted in a complex tangle of different techniques. Hence, practitioners are confronted with the challenging task of scouting the right approach from a multitude of proposals. Similarly, it is hard for researchers to keep track of the synergies among the existing notations, in order to identify the existing opportunities for original contributions. This paper presents a systematic literature review that inventorizes the existing notations and provides an in-depth, comparative analysis for each.
  •  
43.
  • Wyrich, Marvin, et al. (författare)
  • Perception and acceptance of an autonomous refactoring bot
  • 2020
  • Ingår i: ICAART 2020 - Proceedings of the 12th International Conference on Agents and Artificial Intelligence. - : SCITEPRESS - Science and Technology Publications. ; 1, s. 303-310
  • Konferensbidrag (refereegranskat)abstract
    • The use of autonomous bots for automatic support in software development tasks is increasing. In the past, however, they were not always perceived positively and sometimes experienced a negative bias compared to their human counterparts. We conducted a qualitative study in which we deployed an autonomous refactoring bot for 41 days in a student software development project. In between and at the end, we conducted semi-structured interviews to find out how developers perceive the bot and whether they are more or less critical when reviewing the contributions of a bot compared to human contributions. Our findings show that the bot was perceived as a useful and unobtrusive contributor, and developers were no more critical of it than they were about their human colleagues, but only a few team members felt responsible for the bot.
  •  
44.
  •  
Skapa referenser, mejla, bekava och länka
  • Resultat 1-44 av 44
Typ av publikation
konferensbidrag (32)
tidskriftsartikel (8)
bokkapitel (2)
samlingsverk (redaktörskap) (1)
bok (1)
Typ av innehåll
refereegranskat (41)
övrigt vetenskapligt/konstnärligt (3)
Författare/redaktör
Scandariato, Riccard ... (44)
Steghöfer, Jan-Phili ... (7)
Joosen, Wouter (7)
Sion, Laurens (4)
Schneider, Gerardo, ... (3)
Jolak, Rodi (3)
visa fler...
Staron, Miroslaw, 19 ... (2)
Askerdal, Örjan, 197 ... (2)
Knauss, Eric, 1977 (2)
Jolak, Rodi, 1985 (2)
Leitner, Philipp, 19 ... (2)
Klein, J. (1)
Horkhoff, Jennifer (1)
Weyns, D. (1)
de Oliveira Neto, Fr ... (1)
Feldt, Robert, 1972 (1)
Balliu, Musard (1)
Hebig, Regina, 1984 (1)
Gomes, Francisco, 19 ... (1)
Calikli, Gul, 1978 (1)
Strüber, Daniel, 198 ... (1)
Olovsson, Tomas, 195 ... (1)
Alshareef, Hanaa, 19 ... (1)
Tuma, K. (1)
Stucki, Sandro, 1982 (1)
Antignac, Thibaud, 1 ... (1)
Antignac, Thibaud (1)
Nowdehi, Nasser, 198 ... (1)
Trubiani, Catia (1)
Peldszus, Sven (1)
Borg, Jörgen (1)
Shahrokni, Ali, 1982 (1)
Billawa, Priyanka (1)
Bambhore Tukaram, An ... (1)
Diaz Ferreyra, Nicol ... (1)
Simhandl, Georg (1)
Felderer, Michael (1)
Mirandola, R. (1)
Ceccato, Mariano (1)
Wagner, Stefan (1)
Duchien, Laurence (1)
Martinez, Elena Mari ... (1)
Koziolek, Anne (1)
Scandurra, Patrizia (1)
Quinton, Clément (1)
Erlenhov, Linda, 197 ... (1)
Erlenhov, Linda (1)
Faily, Shamal (1)
Shostack, Adam (1)
Ki-Aries, Duncan (1)
visa färre...
Lärosäte
Göteborgs universitet (35)
Chalmers tekniska högskola (34)
RISE (4)
Kungliga Tekniska Högskolan (1)
Språk
Engelska (44)
Forskningsämne (UKÄ/SCB)
Naturvetenskap (43)
Teknik (20)
Samhällsvetenskap (4)
Humaniora (2)

År

Kungliga biblioteket hanterar dina personuppgifter i enlighet med EU:s dataskyddsförordning (2018), GDPR. Läs mer om hur det funkar här.
Så här hanterar KB dina uppgifter vid användning av denna tjänst.

 
pil uppåt Stäng

Kopiera och spara länken för att återkomma till aktuell vy