A framework for semi-automated co-evolution of security knowledge and system models

Security is an important and challenging quality aspect of software-intensive systems, and it becomes even more demanding in the case of long-living systems. Security issues do not necessarily arise from a flawed design, but can also manifest when the system fails to keep up with a changing environment, e.g., when a novel attack is discovered or a new law is passed. Thus, ongoing adaptations at system operation phase in response to security knowledge changes are inevitable.