東華大學圖書館 |

Language: English

Help

回圖書館首頁

手機版館藏查詢

Back

Switch To: Labeled | MARC Mode | ISBD

Security compliance in model-driven ...

Peldszus, Sven Matthias.

Linked to FindBook

Google Book

Amazon

博客來

Security compliance in model-driven development of software systems in presence of long-term evolution and variants

Record Type:	Electronic resources : Monograph/item
Title/Author:	Security compliance in model-driven development of software systems in presence of long-term evolution and variants/ by Sven Matthias Peldszus.
Author:	Peldszus, Sven Matthias.
Published:	Wiesbaden :Springer Fachmedien Wiesbaden : : 2022.,
Description:	xxxvi, 476 p. :ill. (some col.), digital ;24 cm.
[NT 15003449]:	Introduction -- Running Example: iTrust -- State of the Art in Secure Software Systems Development -- A Walkthrough of the Proposed Development Approach -- Program Model for Object-oriented Languages -- Model-Synchronization and Tracing -- Application to Legacy Projects using Reverse-Engineering -- Static Security Compliance Checks -- Verification and Enforcement of Security at Run-time -- Specification of Variability throughout Variant-rich Software Systems -- Security in UML Product Lines -- Security Compliance and Restructuring in Variant-rich Software Systems -- The GRaViTY Framework -- Case Studies -- Related Work -- Conclusion.
Contained By:	Springer Nature eBook
Subject:	Computer security. -
Online resource:	https://doi.org/10.1007/978-3-658-37665-9
ISBN:	9783658376659

Security compliance in model-driven development of software systems in presence of long-term evolution and variants
Peldszus, Sven Matthias.

Security compliance in model-driven development of software systems in presence of long-term evolution and variants[electronic resource] /by Sven Matthias Peldszus. - Wiesbaden :Springer Fachmedien Wiesbaden :2022. - xxxvi, 476 p. :ill. (some col.), digital ;24 cm.

Introduction -- Running Example: iTrust -- State of the Art in Secure Software Systems Development -- A Walkthrough of the Proposed Development Approach -- Program Model for Object-oriented Languages -- Model-Synchronization and Tracing -- Application to Legacy Projects using Reverse-Engineering -- Static Security Compliance Checks -- Verification and Enforcement of Security at Run-time -- Specification of Variability throughout Variant-rich Software Systems -- Security in UML Product Lines -- Security Compliance and Restructuring in Variant-rich Software Systems -- The GRaViTY Framework -- Case Studies -- Related Work -- Conclusion.

For ensuring a software system's security, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. An additional burden are variants of software systems. To ensure security in this context, we present an approach based on continuous automated change propagation, allowing security experts to specify security requirements on the most suitable system representation. We automatically check all system representations against these requirements and provide security-preserving refactorings for preserving security compliance. For both, we show the application to variant-rich software systems. To support legacy systems, we allow to reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate the approach in two open-source case studies, the iTrust electronics health records system and the Eclipse Secure Storage. About the author Since 2016, Sven Matthias Peldszus has been working as a research associate at the University of Koblenz-Landau and joined the Ruhr University Bochum after defending this thesis. His research interests include continuous tracing of non-functional requirements over the entire software life cycle and software quality analysis in variant-rich software systems.

ISBN: 9783658376659

Standard No.: 10.1007/978-3-658-37665-9doiSubjects--Topical Terms:

540555
Computer security.

LC Class. No.: QA76.9.A25 / P45 2022

Dewey Class. No.: 005.8

Security compliance in model-driven development of software systems in presence of long-term evolution and variants
LDR:03271nmm a2200349 a 4500 001 2302440
003 DE-He213
005 20220713150431.0
006 m d
007 cr nn 008maaau
008 230409s2022 gw s 0 eng d
020 $a 9783658376659 $q (electronic bk.)
020 $a 9783658376642 $q (paper)
024 7 $a 10.1007/978-3-658-37665-9 $2 doi
035 $a 978-3-658-37665-9
040 $a GP $c GP
041 0 $a eng
050 4 $a QA76.9.A25 $b P45 2022
072 7 $a UR $2 bicssc
072 7 $a UTN $2 bicssc
072 7 $a COM053000 $2 bisacsh
072 7 $a UR $2 thema
072 7 $a UTN $2 thema
082 0 4 $a 005.8 $2 23
090 $a QA76.9.A25 $b P381 2022
100 1 $a Peldszus, Sven Matthias. $3 3602768
245 1 0 $a Security compliance in model-driven development of software systems in presence of long-term evolution and variants $h [electronic resource] / $c by Sven Matthias Peldszus.
260 $a Wiesbaden : $b Springer Fachmedien Wiesbaden : $b Imprint: Springer Vieweg, $c 2022.
300 $a xxxvi, 476 p. : $b ill. (some col.), digital ; $c 24 cm.
505 0 $a Introduction -- Running Example: iTrust -- State of the Art in Secure Software Systems Development -- A Walkthrough of the Proposed Development Approach -- Program Model for Object-oriented Languages -- Model-Synchronization and Tracing -- Application to Legacy Projects using Reverse-Engineering -- Static Security Compliance Checks -- Verification and Enforcement of Security at Run-time -- Specification of Variability throughout Variant-rich Software Systems -- Security in UML Product Lines -- Security Compliance and Restructuring in Variant-rich Software Systems -- The GRaViTY Framework -- Case Studies -- Related Work -- Conclusion.
520 $a For ensuring a software system's security, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. An additional burden are variants of software systems. To ensure security in this context, we present an approach based on continuous automated change propagation, allowing security experts to specify security requirements on the most suitable system representation. We automatically check all system representations against these requirements and provide security-preserving refactorings for preserving security compliance. For both, we show the application to variant-rich software systems. To support legacy systems, we allow to reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate the approach in two open-source case studies, the iTrust electronics health records system and the Eclipse Secure Storage. About the author Since 2016, Sven Matthias Peldszus has been working as a research associate at the University of Koblenz-Landau and joined the Ruhr University Bochum after defending this thesis. His research interests include continuous tracing of non-functional requirements over the entire software life cycle and software quality analysis in variant-rich software systems.
650 0 $a Computer security. $3 540555
650 0 $a Computer software $x Development. $3 542671
650 0 $a Model-driven software architecture. $3 907577
650 1 4 $a Data and Information Security. $3 3538510
650 2 4 $a Security Services. $3 3382346
650 2 4 $a Principles and Models of Security. $3 3382356
710 2 $a SpringerLink (Online service) $3 836513
773 0 $t Springer Nature eBook
856 4 0 $u https://doi.org/10.1007/978-3-658-37665-9
950 $a Computer Science (SpringerNature-11645)