Restoring Security of Long-Living Systems by Co-evolution

Security is an important quality aspect for modern information systems. Security properties may however be violated if the information system operates in an evolving environment. Environmental changes then trigger reactions which lead to co-evolution of the security design and the corresponding system model. However, updating the security design manually is time-consuming and error-prone. We present an approach to support semi-automatic system co-evolution which responds to environmental knowledge evolution, using the UML security extension UMLsec and graph transformation. The aim is to enable software engineers to react more reliably and effectively to environmental changes and to ensure lifelong compliance of information systems. To evaluate our approach, we conducted a case study on the open-source project iTrust.

[1]  Jan Jürjens Sound methods and effective tools for model-based security engineering with UML , 2005, ICSE '05.

[2]  Jens Bürger,et al.  Maintaining requirements for long-living software systems by incorporating security knowledge , 2014, 2014 IEEE 22nd International Requirements Engineering Conference (RE).

[3]  Jens Bürger,et al.  Restoring security of evolving software models using graph transformation , 2014, International Journal on Software Tools for Technology Transfer.

[4]  Adeel Ahmad,et al.  The Change Impact Analysis in BPM Based Software Applications: A Graph Rewriting and Ontology Based Approach , 2013, ICEIS.

[5]  Jennifer Pérez,et al.  Change-Impact Driven Agile Architecting , 2013, 2013 46th Hawaii International Conference on System Sciences.

[6]  Jens Bürger,et al.  Towards Adaptation and Evolution of Domain-Specific Knowledge for Maintaining Secure Systems , 2014, PROFES.

[7]  Nobukazu Yoshioka,et al.  Analyzing Impacts on Software Enhancement Caused by Security Design Alternatives with Patterns , 2012, Int. J. Secur. Softw. Eng..

[8]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[9]  Michael Gegick,et al.  On the design of more secure software-intensive systems by use of attack patterns , 2007, Inf. Softw. Technol..

[10]  Matthias Riebisch,et al.  Rule-Based Impact Analysis for Heterogeneous Software Artifacts , 2013, 2013 17th European Conference on Software Maintenance and Reengineering.

[11]  Gabriele Taentzer,et al.  Henshin: advanced concepts and tools for in-place EMF model transformations , 2010, MODELS'10.

[12]  Wouter Joosen,et al.  Change patterns , 2012, Software & Systems Modeling.