Checking security compliance between models and code

Katja Tuma; Sven Peldszus; Daniel Struber; Riccardo Scandariato; Jan Juerjens

doi:10.1007/S10270-022-00991-5

Checking security compliance between models and code

Katja Tuma
, Sven Peldszus
, Daniel Struber
, Riccardo Scandariato
, Jan Juerjens

Research output: Journal Article or Conference Article in Journal › Journal article › Research › peer-review

Abstract

It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor intensive and can be error-prone. This work introduces the first semi-automatic technique for secure data flow compliance checks between design models and code. We develop heuristic-based automated mappings between a design-level model (SecDFD, provided by humans) and a code-level
representation (Program Model, automatically extracted from the implementation) in order to guide users in discovering compliance violations, and hence, potential security flaws in the code. These mappings enable an automated, and projectspecific static analysis of the implementation with respect to the desired security properties of the design model. We developed two types of security compliance checks and evaluated the entire approach on open source Java projects.

Original language	English
Journal	Software and Systems Modeling
Volume	22
Pages (from-to)	273–296
ISSN	1619-1366
DOIs	https://doi.org/10.1007/S10270-022-00991-5
Publication status	Published - 2023
Externally published	Yes

Access to Document

10.1007/S10270-022-00991-5

Cite this

@article{9df42d000f984d70a67774b030a8efcf,

title = "Checking security compliance between models and code",

abstract = "It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor intensive and can be error-prone. This work introduces the first semi-automatic technique for secure data flow compliance checks between design models and code. We develop heuristic-based automated mappings between a design-level model (SecDFD, provided by humans) and a code-level representation (Program Model, automatically extracted from the implementation) in order to guide users in discovering compliance violations, and hence, potential security flaws in the code. These mappings enable an automated, and projectspecific static analysis of the implementation with respect to the desired security properties of the design model. We developed two types of security compliance checks and evaluated the entire approach on open source Java projects.",

author = "Katja Tuma and Sven Peldszus and Daniel Struber and Riccardo Scandariato and Jan Juerjens",

year = "2023",

doi = "10.1007/S10270-022-00991-5",

language = "English",

volume = "22",

pages = "273–296",

journal = "Software and Systems Modeling",

issn = "1619-1366",

publisher = "Springer",

}

TY - JOUR

T1 - Checking security compliance between models and code

AU - Tuma, Katja

AU - Peldszus, Sven

AU - Struber, Daniel

AU - Scandariato, Riccardo

AU - Juerjens, Jan

PY - 2023

Y1 - 2023

N2 - It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor intensive and can be error-prone. This work introduces the first semi-automatic technique for secure data flow compliance checks between design models and code. We develop heuristic-based automated mappings between a design-level model (SecDFD, provided by humans) and a code-level representation (Program Model, automatically extracted from the implementation) in order to guide users in discovering compliance violations, and hence, potential security flaws in the code. These mappings enable an automated, and projectspecific static analysis of the implementation with respect to the desired security properties of the design model. We developed two types of security compliance checks and evaluated the entire approach on open source Java projects.

AB - It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor intensive and can be error-prone. This work introduces the first semi-automatic technique for secure data flow compliance checks between design models and code. We develop heuristic-based automated mappings between a design-level model (SecDFD, provided by humans) and a code-level representation (Program Model, automatically extracted from the implementation) in order to guide users in discovering compliance violations, and hence, potential security flaws in the code. These mappings enable an automated, and projectspecific static analysis of the implementation with respect to the desired security properties of the design model. We developed two types of security compliance checks and evaluated the entire approach on open source Java projects.

UR - https://publons.com/wos-op/publon/55121355/

U2 - 10.1007/S10270-022-00991-5

DO - 10.1007/S10270-022-00991-5

M3 - Journal article

SN - 1619-1366

VL - 22

SP - 273

EP - 296

JO - Software and Systems Modeling

JF - Software and Systems Modeling

ER -

Checking security compliance between models and code

Abstract

Access to Document

Fingerprint

Cite this