TUHH Open Research
Help
  • Log In
    New user? Click here to register.Have you forgotten your password?
  • English
  • Deutsch
  • Communities & Collections
  • Publications
  • Research Data
  • People
  • Institutions
  • Projects
  • Statistics
  1. Home
  2. TUHH
  3. Publications
  4. Checking security compliance between models and code
 
Options

Checking security compliance between models and code

Citation Link: https://doi.org/10.15480/882.4953
Publikationstyp
Journal Article
Date Issued
2023-02
Sprache
English
Author(s)
Tuma, Katja  
Peldszus, Sven  
Strüber, Daniel  
Scandariato, Riccardo  
Jürjens, Jan  
Institut
Software Security E-22  
TORE-DOI
10.15480/882.4953
TORE-URI
http://hdl.handle.net/11420/14026
Journal
Software and systems modeling  
Volume
22
Issue
1
Start Page
273-296
End Page
273-296
Citation
Software and Systems Modeling 22 (1): 273-296 (2023-02)
Publisher DOI
10.1007/s10270-022-00991-5
Scopus ID
2-s2.0-85126521475
Publisher
Springer
It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor intensive and can be error-prone. This work introduces the first semi-automatic technique for secure data flow compliance checks between design models and code. We develop heuristic-based automated mappings between a design-level model (SecDFD, provided by humans) and a code-level representation (Program Model, automatically extracted from the implementation) in order to guide users in discovering compliance violations, and hence, potential security flaws in the code. These mappings enable an automated, and project-specific static analysis of the implementation with respect to the desired security properties of the design model. We developed two types of security compliance checks and evaluated the entire approach on open source Java projects.
Subjects
Data flow diagram (DFD)
Security compliance
Security-by-design
Static program analysis
DDC Class
004: Informatik
Funding(s)
Assurance and certification in secure Multi-party Open Software and Services  
Publication version
publishedVersion
Lizenz
https://creativecommons.org/licenses/by/4.0/
Loading...
Thumbnail Image
Name

s10270-022-00991-5-1.pdf

Size

2.02 MB

Format

Adobe PDF

TUHH
Weiterführende Links
  • Contact
  • Send Feedback
  • Cookie settings
  • Privacy policy
  • Impress
DSpace Software

Built with DSpace-CRIS software - Extension maintained and optimized by 4Science
Design by effective webwork GmbH

  • Deutsche NationalbibliothekDeutsche Nationalbibliothek
  • ORCiD Member OrganizationORCiD Member Organization
  • DataCiteDataCite
  • Re3DataRe3Data
  • OpenDOAROpenDOAR
  • OpenAireOpenAire
  • BASE Bielefeld Academic Search EngineBASE Bielefeld Academic Search Engine
Feedback