Abstract
We present our paper published at the 2019 edition of the International Conference on Model Driven Engineering Languages and Systems (MODELS) [Pe19]. During the development of security-critical software, the system implementation must capture the security properties postulated by
the architectural design. To iteratively guide the developer in discovering such compliance violations we introduce automated mappings. These mappings are created by searching for correspondences between a design-level model (Security Data Flow Diagram) and an implementation-level model (Program Model). We limit the search space by considering name similarities between model elements and code elements as well as by the use of heuristic rules for matching data-Ćow structures. The automated mappings support the designer in an early discovery of implementation absence, convergence, and divergence with respect to the planned software design as well as the discovery of secure data-Ćow
compliance violations. We provide a publicly available implementation of the approach and its evaluation on Ąve open source Java projects.
the architectural design. To iteratively guide the developer in discovering such compliance violations we introduce automated mappings. These mappings are created by searching for correspondences between a design-level model (Security Data Flow Diagram) and an implementation-level model (Program Model). We limit the search space by considering name similarities between model elements and code elements as well as by the use of heuristic rules for matching data-Ćow structures. The automated mappings support the designer in an early discovery of implementation absence, convergence, and divergence with respect to the planned software design as well as the discovery of secure data-Ćow
compliance violations. We provide a publicly available implementation of the approach and its evaluation on Ąve open source Java projects.
| Original language | English |
|---|---|
| Title of host publication | Software engineering 2020 |
| Place of Publication | Bonn, Germany |
| Publisher | Gesellschaft für Informatik |
| Publication date | 2020 |
| ISBN (Print) | 9783885796947, 3885796945 |
| DOIs | |
| Publication status | Published - 2020 |
| Externally published | Yes |
| Event | International Conference on Software Engineering - VIRTUAL Duration: 6 Jul 2020 → 11 Jul 2020 Conference number: 42 |
Conference
| Conference | International Conference on Software Engineering |
|---|---|
| Number | 42 |
| City | VIRTUAL |
| Period | 06/07/2020 → 11/07/2020 |
Keywords
- Security-by-design
- Security compliance
- Data Flow Diagram (DFD)
- Model-to-Model Transformation (M2M)
Fingerprint
Dive into the research topics of 'Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings (Summary)'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver