Abstract
Today's software systems are too complex to ensure security after the fact – security has to be built into systems by design. To this end, model-based techniques such as UMLsec support the design-time specification and analysis of security requirements by providing custom model annotations and checks. Yet, a particularly challenging type of complexity arises from the variability of software product lines. Analyzing the security of all products separately is generally infeasible. In this work, we propose SecPL, a methodology for ensuring security in a software product line. SecPL allows developers to annotate the system design model with product-line variability and security requirements. To keep the exponentially large configuration space tractable during security checks, SecPL provides a family-based security analysis. In our experiments, this analysis outperforms the naive strategy of checking all products individually. Finally, we present the results of a user study that indicates the usability of our overall methodology.
| Originalsprog | Engelsk |
|---|---|
| Titel | Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences - GPCE 2018 |
| Udgivelsessted | New York, USA |
| Forlag | Association for Computing Machinery |
| Publikationsdato | 2018 |
| Sider | 93 - 106 |
| ISBN (Trykt) | 9781450360456, 9781450360456 |
| DOI | |
| Status | Udgivet - 2018 |
| Udgivet eksternt | Ja |
| Begivenhed | International Conference on Generative Programming: Concepts and Experiences - Boston, USA Varighed: 5 nov. 2018 → 6 nov. 2018 Konferencens nummer: 17 https://searchworks.stanford.edu/view/14195785 |
Konference
| Konference | International Conference on Generative Programming: Concepts and Experiences |
|---|---|
| Nummer | 17 |
| Land/Område | USA |
| By | Boston |
| Periode | 05/11/2018 → 06/11/2018 |
| Internetadresse |