Author: Sven Matthias Peldszus
Publisher: Springer Nature
ISBN: 3658376651
Category : Computers
Languages : en
Pages : 490
Book Description
For ensuring a software system's security, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. An additional burden are variants of software systems. To ensure security in this context, we present an approach based on continuous automated change propagation, allowing security experts to specify security requirements on the most suitable system representation. We automatically check all system representations against these requirements and provide security-preserving refactorings for preserving security compliance. For both, we show the application to variant-rich software systems. To support legacy systems, we allow to reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate the approach in two open-source case studies, the iTrust electronics health records system and the Eclipse Secure Storage.
Security Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants
Author: Sven Matthias Peldszus
Publisher: Springer Nature
ISBN: 3658376651
Category : Computers
Languages : en
Pages : 490
Book Description
For ensuring a software system's security, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. An additional burden are variants of software systems. To ensure security in this context, we present an approach based on continuous automated change propagation, allowing security experts to specify security requirements on the most suitable system representation. We automatically check all system representations against these requirements and provide security-preserving refactorings for preserving security compliance. For both, we show the application to variant-rich software systems. To support legacy systems, we allow to reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate the approach in two open-source case studies, the iTrust electronics health records system and the Eclipse Secure Storage.
Publisher: Springer Nature
ISBN: 3658376651
Category : Computers
Languages : en
Pages : 490
Book Description
For ensuring a software system's security, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. An additional burden are variants of software systems. To ensure security in this context, we present an approach based on continuous automated change propagation, allowing security experts to specify security requirements on the most suitable system representation. We automatically check all system representations against these requirements and provide security-preserving refactorings for preserving security compliance. For both, we show the application to variant-rich software systems. To support legacy systems, we allow to reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate the approach in two open-source case studies, the iTrust electronics health records system and the Eclipse Secure Storage.
Ernst Denert Award for Software Engineering 2022
Author: Eric Bodden
Publisher: Springer Nature
ISBN: 3031444124
Category : Electronic books
Languages : en
Pages : 178
Book Description
Zusammenfassung: This open access book provides an overview of the dissertations of the five nominees for the Ernst Denert Award for Software Engineering in 2022. The prize, kindly sponsored by the Gerlind & Ernst Denert Stiftung, is awarded for excellent work within the discipline of Software Engineering, which includes methods, tools and procedures for better and efficient development of high quality software. An essential requirement for the nominated work is its applicability and usability in industrial practice. The book contains five papers that describe the works by Jannik Fischbach (Netlight Consulting GmbH and fortiss GmbH), who won the award, entitled Conditional Statements in Requirements Artifacts: Logical Interpretation, Use Cases for Automated Software Engineering, and Fine-Grained Extraction, Christian Kirchhof's (RWTH Aachen University) From Design to Reality: An Overview of the MontiThings Ecosystem for Model-Driven IoT Applications, Sven Peldszus's (Ruhr University Bochum) research about Security Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants, Florian Rademacher's (RWTH Aachen University) work on Model-Driven Engineering of Microservice Architectures, and Alexander Trautsch's (University of Passau) Usefulness of Automatic Static Analysis Tools: Evidence from Four Case Studies. The chapters describe key findings of the respective works, show their relevance and applicability to practice and industrial software engineering projects, and provide additional information and findings that have only been discovered afterwards, e.g. when applying the results in industry. This way, the book is not only interesting to other researchers, but also to industrial software professionals who would like to learn about the application of state-of-the-art methods in their daily work.
Publisher: Springer Nature
ISBN: 3031444124
Category : Electronic books
Languages : en
Pages : 178
Book Description
Zusammenfassung: This open access book provides an overview of the dissertations of the five nominees for the Ernst Denert Award for Software Engineering in 2022. The prize, kindly sponsored by the Gerlind & Ernst Denert Stiftung, is awarded for excellent work within the discipline of Software Engineering, which includes methods, tools and procedures for better and efficient development of high quality software. An essential requirement for the nominated work is its applicability and usability in industrial practice. The book contains five papers that describe the works by Jannik Fischbach (Netlight Consulting GmbH and fortiss GmbH), who won the award, entitled Conditional Statements in Requirements Artifacts: Logical Interpretation, Use Cases for Automated Software Engineering, and Fine-Grained Extraction, Christian Kirchhof's (RWTH Aachen University) From Design to Reality: An Overview of the MontiThings Ecosystem for Model-Driven IoT Applications, Sven Peldszus's (Ruhr University Bochum) research about Security Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants, Florian Rademacher's (RWTH Aachen University) work on Model-Driven Engineering of Microservice Architectures, and Alexander Trautsch's (University of Passau) Usefulness of Automatic Static Analysis Tools: Evidence from Four Case Studies. The chapters describe key findings of the respective works, show their relevance and applicability to practice and industrial software engineering projects, and provide additional information and findings that have only been discovered afterwards, e.g. when applying the results in industry. This way, the book is not only interesting to other researchers, but also to industrial software professionals who would like to learn about the application of state-of-the-art methods in their daily work.
Mastering Linux Security
Author: Cybellium Ltd
Publisher: Cybellium Ltd
ISBN:
Category : Computers
Languages : en
Pages : 271
Book Description
Are you ready to take charge of fortifying your Linux systems against the relentless tide of cyber threats? "Mastering Linux Security" is your comprehensive guide to mastering the art of securing Linux environments against a spectrum of digital dangers. Whether you're an IT professional guarding critical servers or a Linux enthusiast striving to bolster personal security, this book equips you with the knowledge and tools to establish an unyielding defense. Key Features: 1. Thorough Exploration of Linux Security: Dive deep into the core principles of Linux security, understanding the intricacies of user management, permissions, and cryptography. Develop a solid foundation that empowers you to create a secure infrastructure. 2. Understanding Cyber Threats: Navigate the dynamic landscape of cyber threats. Learn about malware, exploits, social engineering attacks, and more, enabling you to stay ahead of adversaries and safeguard your systems effectively. 3. Hardening Linux Systems: Discover strategies for hardening Linux systems to reduce vulnerabilities. Implement best practices for securing SSH, firewalls, intrusion detection systems, and more to create a robust barrier. 4. Access Control and Identity Management: Delve into access control mechanisms and identity management strategies. Learn how to implement least privilege principles, multi-factor authentication, and centralized user management for enhanced security. 5. Network Security Measures: Master network security measures to shield Linux systems from cyber threats. Explore techniques for implementing firewalls, intrusion detection and prevention systems, and securing network services. 6. Secure Software Development: Learn how to develop secure software for Linux systems. Explore techniques for mitigating common vulnerabilities, implementing secure coding practices, and performing code audits. 7. Incident Response and Recovery: Develop a comprehensive incident response plan to handle security breaches effectively. Understand the steps for isolating threats, recovering compromised systems, and learning from security incidents. 8. Data Protection and Encryption: Uncover the world of data protection and encryption techniques on Linux. Implement secure storage, encryption, and secure data transmission methods to safeguard sensitive information. 9. Cloud Security Considerations: Navigate the complexities of securing Linux systems in cloud environments. Understand the unique challenges and solutions associated with Linux security in cloud settings. Who This Book Is For: "Mastering Linux Security" is an invaluable resource for IT professionals, system administrators, security analysts, and Linux enthusiasts tasked with protecting Linux systems from cyber threats. Whether you're well-versed in cybersecurity or a novice exploring the world of Linux security, this book will guide you through the complexities and empower you to establish an impregnable defense.
Publisher: Cybellium Ltd
ISBN:
Category : Computers
Languages : en
Pages : 271
Book Description
Are you ready to take charge of fortifying your Linux systems against the relentless tide of cyber threats? "Mastering Linux Security" is your comprehensive guide to mastering the art of securing Linux environments against a spectrum of digital dangers. Whether you're an IT professional guarding critical servers or a Linux enthusiast striving to bolster personal security, this book equips you with the knowledge and tools to establish an unyielding defense. Key Features: 1. Thorough Exploration of Linux Security: Dive deep into the core principles of Linux security, understanding the intricacies of user management, permissions, and cryptography. Develop a solid foundation that empowers you to create a secure infrastructure. 2. Understanding Cyber Threats: Navigate the dynamic landscape of cyber threats. Learn about malware, exploits, social engineering attacks, and more, enabling you to stay ahead of adversaries and safeguard your systems effectively. 3. Hardening Linux Systems: Discover strategies for hardening Linux systems to reduce vulnerabilities. Implement best practices for securing SSH, firewalls, intrusion detection systems, and more to create a robust barrier. 4. Access Control and Identity Management: Delve into access control mechanisms and identity management strategies. Learn how to implement least privilege principles, multi-factor authentication, and centralized user management for enhanced security. 5. Network Security Measures: Master network security measures to shield Linux systems from cyber threats. Explore techniques for implementing firewalls, intrusion detection and prevention systems, and securing network services. 6. Secure Software Development: Learn how to develop secure software for Linux systems. Explore techniques for mitigating common vulnerabilities, implementing secure coding practices, and performing code audits. 7. Incident Response and Recovery: Develop a comprehensive incident response plan to handle security breaches effectively. Understand the steps for isolating threats, recovering compromised systems, and learning from security incidents. 8. Data Protection and Encryption: Uncover the world of data protection and encryption techniques on Linux. Implement secure storage, encryption, and secure data transmission methods to safeguard sensitive information. 9. Cloud Security Considerations: Navigate the complexities of securing Linux systems in cloud environments. Understand the unique challenges and solutions associated with Linux security in cloud settings. Who This Book Is For: "Mastering Linux Security" is an invaluable resource for IT professionals, system administrators, security analysts, and Linux enthusiasts tasked with protecting Linux systems from cyber threats. Whether you're well-versed in cybersecurity or a novice exploring the world of Linux security, this book will guide you through the complexities and empower you to establish an impregnable defense.
Secure Systems Development with UML
Author: Jan Jürjens
Publisher: Springer Science & Business Media
ISBN: 9783540007012
Category : Business & Economics
Languages : en
Pages : 336
Book Description
Attacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness. Jürjens presents the UML extension UMLsec for secure systems development. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using a formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As one example, Jürjens uncovers a flaw in the Common Electronic Purse Specification, and proposes and verifies a correction. With a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications.
Publisher: Springer Science & Business Media
ISBN: 9783540007012
Category : Business & Economics
Languages : en
Pages : 336
Book Description
Attacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness. Jürjens presents the UML extension UMLsec for secure systems development. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using a formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As one example, Jürjens uncovers a flaw in the Common Electronic Purse Specification, and proposes and verifies a correction. With a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications.
Managed Software Evolution
Author: Ralf Reussner
Publisher: Springer
ISBN: 3030134997
Category : Computers
Languages : en
Pages : 439
Book Description
This open access book presents the outcomes of the “Design for Future – Managed Software Evolution” priority program 1593, which was launched by the German Research Foundation (“Deutsche Forschungsgemeinschaft (DFG)”) to develop new approaches to software engineering with a specific focus on long-lived software systems. The different lifecycles of software and hardware platforms lead to interoperability problems in such systems. Instead of separating the development, adaptation and evolution of software and its platforms, as well as aspects like operation, monitoring and maintenance, they should all be integrated into one overarching process. Accordingly, the book is split into three major parts, the first of which includes an introduction to the nature of software evolution, followed by an overview of the specific challenges and a general introduction to the case studies used in the project. The second part of the book consists of the main chapters on knowledge carrying software, and cover tacit knowledge in software evolution, continuous design decision support, model-based round-trip engineering for software product lines, performance analysis strategies, maintaining security in software evolution, learning from evolution for evolution, and formal verification of evolutionary changes. In turn, the last part of the book presents key findings and spin-offs. The individual chapters there describe various case studies, along with their benefits, deliverables and the respective lessons learned. An overview of future research topics rounds out the coverage. The book was mainly written for scientific researchers and advanced professionals with an academic background. They will benefit from its comprehensive treatment of various topics related to problems that are now gaining in importance, given the higher costs for maintenance and evolution in comparison to the initial development, and the fact that today, most software is not developed from scratch, but as part of a continuum of former and future releases.
Publisher: Springer
ISBN: 3030134997
Category : Computers
Languages : en
Pages : 439
Book Description
This open access book presents the outcomes of the “Design for Future – Managed Software Evolution” priority program 1593, which was launched by the German Research Foundation (“Deutsche Forschungsgemeinschaft (DFG)”) to develop new approaches to software engineering with a specific focus on long-lived software systems. The different lifecycles of software and hardware platforms lead to interoperability problems in such systems. Instead of separating the development, adaptation and evolution of software and its platforms, as well as aspects like operation, monitoring and maintenance, they should all be integrated into one overarching process. Accordingly, the book is split into three major parts, the first of which includes an introduction to the nature of software evolution, followed by an overview of the specific challenges and a general introduction to the case studies used in the project. The second part of the book consists of the main chapters on knowledge carrying software, and cover tacit knowledge in software evolution, continuous design decision support, model-based round-trip engineering for software product lines, performance analysis strategies, maintaining security in software evolution, learning from evolution for evolution, and formal verification of evolutionary changes. In turn, the last part of the book presents key findings and spin-offs. The individual chapters there describe various case studies, along with their benefits, deliverables and the respective lessons learned. An overview of future research topics rounds out the coverage. The book was mainly written for scientific researchers and advanced professionals with an academic background. They will benefit from its comprehensive treatment of various topics related to problems that are now gaining in importance, given the higher costs for maintenance and evolution in comparison to the initial development, and the fact that today, most software is not developed from scratch, but as part of a continuum of former and future releases.
Effective Model-Based Systems Engineering
Author: John M. Borky
Publisher: Springer
ISBN: 3319956698
Category : Technology & Engineering
Languages : en
Pages : 788
Book Description
This textbook presents a proven, mature Model-Based Systems Engineering (MBSE) methodology that has delivered success in a wide range of system and enterprise programs. The authors introduce MBSE as the state of the practice in the vital Systems Engineering discipline that manages complexity and integrates technologies and design approaches to achieve effective, affordable, and balanced system solutions to the needs of a customer organization and its personnel. The book begins with a summary of the background and nature of MBSE. It summarizes the theory behind Object-Oriented Design applied to complex system architectures. It then walks through the phases of the MBSE methodology, using system examples to illustrate key points. Subsequent chapters broaden the application of MBSE in Service-Oriented Architectures (SOA), real-time systems, cybersecurity, networked enterprises, system simulations, and prototyping. The vital subject of system and architecture governance completes the discussion. The book features exercises at the end of each chapter intended to help readers/students focus on key points, as well as extensive appendices that furnish additional detail in particular areas. The self-contained text is ideal for students in a range of courses in systems architecture and MBSE as well as for practitioners seeking a highly practical presentation of MBSE principles and techniques.
Publisher: Springer
ISBN: 3319956698
Category : Technology & Engineering
Languages : en
Pages : 788
Book Description
This textbook presents a proven, mature Model-Based Systems Engineering (MBSE) methodology that has delivered success in a wide range of system and enterprise programs. The authors introduce MBSE as the state of the practice in the vital Systems Engineering discipline that manages complexity and integrates technologies and design approaches to achieve effective, affordable, and balanced system solutions to the needs of a customer organization and its personnel. The book begins with a summary of the background and nature of MBSE. It summarizes the theory behind Object-Oriented Design applied to complex system architectures. It then walks through the phases of the MBSE methodology, using system examples to illustrate key points. Subsequent chapters broaden the application of MBSE in Service-Oriented Architectures (SOA), real-time systems, cybersecurity, networked enterprises, system simulations, and prototyping. The vital subject of system and architecture governance completes the discussion. The book features exercises at the end of each chapter intended to help readers/students focus on key points, as well as extensive appendices that furnish additional detail in particular areas. The self-contained text is ideal for students in a range of courses in systems architecture and MBSE as well as for practitioners seeking a highly practical presentation of MBSE principles and techniques.
Scientific and Technical Aerospace Reports
Author:
Publisher:
ISBN:
Category : Aeronautics
Languages : en
Pages : 702
Book Description
Publisher:
ISBN:
Category : Aeronautics
Languages : en
Pages : 702
Book Description
Bulletin of the Atomic Scientists
Author:
Publisher:
ISBN:
Category :
Languages : en
Pages : 104
Book Description
The Bulletin of the Atomic Scientists is the premier public resource on scientific and technological developments that impact global security. Founded by Manhattan Project Scientists, the Bulletin's iconic "Doomsday Clock" stimulates solutions for a safer world.
Publisher:
ISBN:
Category :
Languages : en
Pages : 104
Book Description
The Bulletin of the Atomic Scientists is the premier public resource on scientific and technological developments that impact global security. Founded by Manhattan Project Scientists, the Bulletin's iconic "Doomsday Clock" stimulates solutions for a safer world.
Bulletin of the Atomic Scientists
Author:
Publisher:
ISBN:
Category :
Languages : en
Pages : 64
Book Description
The Bulletin of the Atomic Scientists is the premier public resource on scientific and technological developments that impact global security. Founded by Manhattan Project Scientists, the Bulletin's iconic "Doomsday Clock" stimulates solutions for a safer world.
Publisher:
ISBN:
Category :
Languages : en
Pages : 64
Book Description
The Bulletin of the Atomic Scientists is the premier public resource on scientific and technological developments that impact global security. Founded by Manhattan Project Scientists, the Bulletin's iconic "Doomsday Clock" stimulates solutions for a safer world.
Bulletin of the Atomic Scientists
Author:
Publisher:
ISBN:
Category :
Languages : en
Pages : 64
Book Description
The Bulletin of the Atomic Scientists is the premier public resource on scientific and technological developments that impact global security. Founded by Manhattan Project Scientists, the Bulletin's iconic "Doomsday Clock" stimulates solutions for a safer world.
Publisher:
ISBN:
Category :
Languages : en
Pages : 64
Book Description
The Bulletin of the Atomic Scientists is the premier public resource on scientific and technological developments that impact global security. Founded by Manhattan Project Scientists, the Bulletin's iconic "Doomsday Clock" stimulates solutions for a safer world.