A Model Driven Engineering Approach to Build Secure Information Systems PDF Download
Are you looking for read ebook online? Search for your book and save it on your Kindle device, PC, phones or tablets. Download A Model Driven Engineering Approach to Build Secure Information Systems PDF full book. Access full book title A Model Driven Engineering Approach to Build Secure Information Systems by Thi Mai Nguyen. Download full books in PDF and EPUB format.
Author: Thi Mai Nguyen
Publisher:
ISBN:
Category :
Languages : en
Pages : 0
Get Book Here
Book Description
Nowadays, organizations rely more and more on information systems to collect, manipulate, and exchange their relevant and sensitive data. In these systems, security plays a vital role. Indeed, any security breach may cause serious consequences, even destroy an organization's reputation. Hence, sufficient precautions should be taken into account. Moreover, it is well recognized that the earlier an error is discovered, the easier and cheaper it is debugged. The objective of this thesis is to define adequate security policies since the early development phases and ensure their correct deployment on a given technological infrastructure. Our approach starts by specifying a set of security requirements, i.e. static and dynamic rules, along with the functional aspect of a system based on the Unified Modeling Language (UML). Fundamentally, the functional aspect is expressed using a UML class diagram, the static security requirements are modeled using SecureUML diagrams, and the dynamic rules are represented using secure activity diagrams. We then define translation rules to obtain B specifications from these graphical models. The translation aims at giving a precise semantics to these diagrams, thus proving the correctness of these models and verifying security policies with respect to the related functional model using the AtelierB prover and the ProB animator. The obtained B specification is successively refined to a database-like implementation based on the AOP paradigm. The B refinements are also proved to make sure that the implementation is correct with respect to the initial abstract specification. Our translated AspectJ-based program allows separating the security enforcement code from the rest of the application. This approach avoids scattering and tangling the application's code, thus it is easier to track and maintain. Finally, we develop a tool that automates the generation of the B specification from UML-based models and of the AspectJ program connected to a relational database management system from the B implementation. The tool helps disburden developers of the difficult and error-prone task and improve the productivity of the development process.
Author: Thi Mai Nguyen
Publisher:
ISBN:
Category :
Languages : en
Pages : 0
Get Book Here
Book Description
Nowadays, organizations rely more and more on information systems to collect, manipulate, and exchange their relevant and sensitive data. In these systems, security plays a vital role. Indeed, any security breach may cause serious consequences, even destroy an organization's reputation. Hence, sufficient precautions should be taken into account. Moreover, it is well recognized that the earlier an error is discovered, the easier and cheaper it is debugged. The objective of this thesis is to define adequate security policies since the early development phases and ensure their correct deployment on a given technological infrastructure. Our approach starts by specifying a set of security requirements, i.e. static and dynamic rules, along with the functional aspect of a system based on the Unified Modeling Language (UML). Fundamentally, the functional aspect is expressed using a UML class diagram, the static security requirements are modeled using SecureUML diagrams, and the dynamic rules are represented using secure activity diagrams. We then define translation rules to obtain B specifications from these graphical models. The translation aims at giving a precise semantics to these diagrams, thus proving the correctness of these models and verifying security policies with respect to the related functional model using the AtelierB prover and the ProB animator. The obtained B specification is successively refined to a database-like implementation based on the AOP paradigm. The B refinements are also proved to make sure that the implementation is correct with respect to the initial abstract specification. Our translated AspectJ-based program allows separating the security enforcement code from the rest of the application. This approach avoids scattering and tangling the application's code, thus it is easier to track and maintain. Finally, we develop a tool that automates the generation of the B specification from UML-based models and of the AspectJ program connected to a relational database management system from the B implementation. The tool helps disburden developers of the difficult and error-prone task and improve the productivity of the development process.
Author: Fabiano Dalpiaz
Publisher: MIT Press
ISBN: 0262034212
Category : Computers
Languages : en
Pages : 225
Get Book Here
Book Description
A novel, model-driven approach to security requirements engineering that focuses on socio-technical systems rather than merely technical systems. Security requirements engineering is especially challenging because designers must consider not just the software under design but also interactions among people, organizations, hardware, and software. Taking this broader perspective means designing a secure socio-technical system rather than a merely technical system. This book presents a novel, model-driven approach to designing secure socio-technical systems. It introduces the Socio-Technical Modeling Language (STS-ML) and presents a freely available software tool, STS-Tool, that supports this design approach through graphical modeling, automated reasoning capabilities to verify the models constructed, and the automatic derivation of security requirements documents. After an introduction to security requirements engineering and an overview of computer and information security, the book presents the STS-ML modeling language, introducing the modeling concepts used, explaining how to use STS-ML within the STS method for security requirements, and providing guidelines for the creation of models. The book then puts the STS approach into practice, introducing the STS-Tool and presenting two case studies from industry: an online collaborative platform and an e-Government system. Finally, the book considers other methods that can be used in conjunction with the STS method or that constitute an alternative to it. The book is suitable for course use or as a reference for practitioners. Exercises, review questions, and problems appear at the end of each chapter.
Author: Marco Brambilla
Publisher: Morgan & Claypool Publishers
ISBN: 1627056955
Category : Computers
Languages : en
Pages : 391
Get Book Here
Book Description
This book discusses how model-based approaches can improve the daily practice of software professionals. This is known as Model-Driven Software Engineering (MDSE) or, simply, Model-Driven Engineering (MDE). MDSE practices have proved to increase efficiency and effectiveness in software development, as demonstrated by various quantitative and qualitative studies. MDSE adoption in the software industry is foreseen to grow exponentially in the near future, e.g., due to the convergence of software development and business analysis. The aim of this book is to provide you with an agile and flexible tool to introduce you to the MDSE world, thus allowing you to quickly understand its basic principles and techniques and to choose the right set of MDSE instruments for your needs so that you can start to benefit from MDSE right away. The book is organized into two main parts. The first part discusses the foundations of MDSE in terms of basic concepts (i.e., models and transformations), driving principles, application scenarios, and current standards, like the well-known MDA initiative proposed by OMG (Object Management Group) as well as the practices on how to integrate MDSE in existing development processes. The second part deals with the technical aspects of MDSE, spanning from the basics on when and how to build a domain-specific modeling language, to the description of Model-to-Text and Model-to-Model transformations, and the tools that support the management of MDSE projects. The second edition of the book features: a set of completely new topics, including: full example of the creation of a new modeling language (IFML), discussion of modeling issues and approaches in specific domains, like business process modeling, user interaction modeling, and enterprise architecture complete revision of examples, figures, and text, for improving readability, understandability, and coherence better formulation of definitions, dependencies between concepts and ideas addition of a complete index of book content In addition to the contents of the book, more resources are provided on the book's website http://www.mdse-book.com, including the examples presented in the book.
Author: Markus Völter
Publisher: John Wiley & Sons
ISBN: 111872576X
Category : Computers
Languages : en
Pages : 414
Get Book Here
Book Description
Model-Driven Software Development (MDSD) is currently a highly regarded development paradigm among developers and researchers. With the advent of OMG's MDA and Microsoft's Software Factories, the MDSD approach has moved to the centre of the programmer's attention, becoming the focus of conferences such as OOPSLA, JAOO and OOP. MDSD is about using domain-specific languages to create models that express application structure or behaviour in an efficient and domain-specific way. These models are subsequently transformed into executable code by a sequence of model transformations. This practical guide for software architects and developers is peppered with practical examples and extensive case studies. International experts deliver: * A comprehensive overview of MDSD and how it relates to industry standards such as MDA and Software Factories. * Technical details on meta modeling, DSL construction, model-to-model and model-to-code transformations, and software architecture. * Invaluable insight into the software development process, plus engineering issues such as versioning, testing and product line engineering. * Essential management knowledge covering economic and organizational topics, from a global perspective. Get started and benefit from some practical support along the way!
Author: Philippe Desfray
Publisher: Springer
ISBN: 331927869X
Category : Computers
Languages : en
Pages : 447
Get Book Here
Book Description
This book constitutes thoroughly revised and selected papers from the Third International Conference on Model-Driven Engineering and Software Development, MODELSWARD 2015, held in Angers, France, in February 2015. The 25 thoroughly revised and extended papers presented in this volume were carefully reviewed and selected from 94 submissions. They are organized in topical sections named: invited papers; modeling languages, tools and architectures; methodologies, processes and platforms; applications and software development.
Author: Maritta Heisel
Publisher: Springer
ISBN: 3319074520
Category : Computers
Languages : en
Pages : 400
Get Book Here
Book Description
This State-of-the-Art Survey contains a selection of papers representing state-of-the-art results in the engineering of secure software-based Future Internet services and systems, produced by the NESSoS project researchers. The engineering approach of the Network of Excellence NESSoS, funded by the European Commission, is based on the principle of addressing security concerns from the very beginning in all software development phases, thus contributing to reduce the amount of software vulnerabilities and enabling the systematic treatment of security needs through the engineering process. The 15 papers included in this volume deal with the main NESSoS research areas: security requirements for Future Internet services; creating secure service architectures and secure service design; supporting programming environments for secure and composable services; enabling security assurance and integrating former results in a risk-aware and cost-aware software life-cycle.
Author: Mouratidis, H.
Publisher: IGI Global
ISBN: 1615208380
Category : Computers
Languages : en
Pages : 388
Get Book Here
Book Description
"This book provides coverage of recent advances in the area of secure software engineering that address the various stages of the development process from requirements to design to testing to implementation"--Provided by publisher.
Author: Michael Hafner
Publisher: Springer Science & Business Media
ISBN: 3540795391
Category : Computers
Languages : en
Pages : 248
Get Book Here
Book Description
Based on the paradigm of model-driven security, the authors of this book show how to systematically design and realize security-critical applications for SOAs. In a second step, they apply the principles of model-driven security to SOAs.
Author: Stefan Biffl
Publisher: Springer Nature
ISBN: 3030253120
Category : Computers
Languages : en
Pages : 507
Get Book Here
Book Description
This book examines the requirements, risks, and solutions to improve the security and quality of complex cyber-physical systems (C-CPS), such as production systems, power plants, and airplanes, in order to ascertain whether it is possible to protect engineering organizations against cyber threats and to ensure engineering project quality. The book consists of three parts that logically build upon each other. Part I "Product Engineering of Complex Cyber-Physical Systems" discusses the structure and behavior of engineering organizations producing complex cyber-physical systems, providing insights into processes and engineering activities, and highlighting the requirements and border conditions for secure and high-quality engineering. Part II "Engineering Quality Improvement" addresses quality improvements with a focus on engineering data generation, exchange, aggregation, and use within an engineering organization, and the need for proper data modeling and engineering-result validation. Lastly, Part III "Engineering Security Improvement" considers security aspects concerning C-CPS engineering, including engineering organizations’ security assessments and engineering data management, security concepts and technologies that may be leveraged to mitigate the manipulation of engineering data, as well as design and run-time aspects of secure complex cyber-physical systems. The book is intended for several target groups: it enables computer scientists to identify research issues related to the development of new methods, architectures, and technologies for improving quality and security in multi-disciplinary engineering, pushing forward the current state of the art. It also allows researchers involved in the engineering of C-CPS to gain a better understanding of the challenges and requirements of multi-disciplinary engineering that will guide them in their future research and development activities. Lastly, it offers practicing engineers and managers with engineering backgrounds insights into the benefits and limitations of applicable methods, architectures, and technologies for selected use cases.
Author: Liviu Gabriel Cretu
Publisher: CRC Press
ISBN: 1498706347
Category : Business & Economics
Languages : en
Pages : 368
Get Book Here
Book Description
This title includes a number of Open Access chapters.Model-driven engineering (MDE) is the automatic production of software from simplified models of structure and functionality. It mainly involves the automation of the routine and technologically complex programming tasks, thus allowing developers to focus on the true value-adding functionality th
