nessos securechange cluster meeting
DESCRIPTION
TRANSCRIPT
![Page 1: Nessos securechange cluster meeting](https://reader035.vdocuments.us/reader035/viewer/2022073116/54c300804a795919718b458a/html5/thumbnails/1.jpg)
MANAGING SECURITY AND
CHANGES AT MODEL LEVEL
(SECURE CHANGE)
Fabio Massacci,
UNITN,
Federica Paci,
UNITN
Stephane Paul,
THALES
![Page 2: Nessos securechange cluster meeting](https://reader035.vdocuments.us/reader035/viewer/2022073116/54c300804a795919718b458a/html5/thumbnails/2.jpg)
SECURE CHANGE PROJECT
� Challenge: support evolution while maintaining security at all
levels of the software development process
� Solution: Change driven security engineering process
� Interplay between risk assessment and different phases of software
engineering process
�Models as basic unit of change
� Change propagation is supported by identifying mappings at conceptual
level and orchestrating the respective analysis process
02/08/2011 2
![Page 3: Nessos securechange cluster meeting](https://reader035.vdocuments.us/reader035/viewer/2022073116/54c300804a795919718b458a/html5/thumbnails/3.jpg)
SECURITY ENGINEERING PROCESS
� Interplay between software life-cycle phases and risk assessment activities
� Change management artefacts and methodologies are sprinkled throughout the whole
phases
02/08/2011 3
![Page 4: Nessos securechange cluster meeting](https://reader035.vdocuments.us/reader035/viewer/2022073116/54c300804a795919718b458a/html5/thumbnails/4.jpg)
CHANGE PROPAGATION
� Concepts are mapped amongst the requirement and risk domains
� The mapped concepts are the basis for processes orchestration
and change propagation
� When a change affects a concept of the interface, the change is
propagated to the other domain.
02/08/2011 4
![Page 5: Nessos securechange cluster meeting](https://reader035.vdocuments.us/reader035/viewer/2022073116/54c300804a795919718b458a/html5/thumbnails/5.jpg)
A POSSIBLE INSTANTIATION
� Requirements models are Si* models – goal oriented
requirements language by UNITN
� Risk Models are RA DSML models – domain specific language
for risk analysis by THALES
� Mapped concepts
� Rem. Business Object - Risk. Essential Elements
� Rem.Goal - Risk.Security Objective
� Rem.Security Goal – Risk.Security Requirement
� Rem.Process – Risk Security Solution
02/08/2011 5
![Page 6: Nessos securechange cluster meeting](https://reader035.vdocuments.us/reader035/viewer/2022073116/54c300804a795919718b458a/html5/thumbnails/6.jpg)
AN EXAMPLE – BEFORE REQUIREMNT MODEL
02/08/2011 6
Evolution in ATM Domain - Introduction of a new tool to support the controllers during approach phase
![Page 7: Nessos securechange cluster meeting](https://reader035.vdocuments.us/reader035/viewer/2022073116/54c300804a795919718b458a/html5/thumbnails/7.jpg)
AN EXAMPLE –EVOLUTION IN ATM
� Risk analyst identifies a new risk
� Failure in the provisioning of correct or optimal arrival information due to ATCO
mistakes
� Two security objectives are defined:
� The system shall be computed automatically by an Arrival Manager system
� The update of the system should be handled through a dedicated role of Sequence
Manager
� Security objectives are refined into security requirements:
� The system should integrate an AMAN
� The organization should integrate a SQM
02/08/2011 7
![Page 8: Nessos securechange cluster meeting](https://reader035.vdocuments.us/reader035/viewer/2022073116/54c300804a795919718b458a/html5/thumbnails/8.jpg)
AN EXAMPLE – AFTER REQUIREMENT MODEL
02/08/2011 8
![Page 9: Nessos securechange cluster meeting](https://reader035.vdocuments.us/reader035/viewer/2022073116/54c300804a795919718b458a/html5/thumbnails/9.jpg)
More details about the project at
www.securechange.eu
02/08/2011 9