A Methodology for Security Assurance Driven Development
نویسندگان
چکیده
In this work we introduce an assurance methodology that integrates assurance case creation with system development. It has been developed in order to provide trust and privacy assurance to the evolving European project PICOS (Privacy and Identity Management for Community Services), an international research project focused on mobile communities and community-supporting services, with special emphasis on aspects such as privacy, trust, and identity management. The leading force behind the approach is the ambition to develop a methodology for building and maintaining security cases throughout the system development life cycle in a typical system engineering effort, when much of the information relevant for assurance is produced and feedback can be provided to system developers. The first results of the application of the methodology to the development of the PICOS platform are presented.
منابع مشابه
Implementing a model-driven and iterative quality assessment life-cycle: a case study
Assessing software quality through quantitative and reliable information is a major concern of software engineering. However, software is a complex product involving interrelated models with different abstraction levels targeting different stakeholders and requiring specific quality assurance methods. As a result, although Software Quality has gained maturity from a theoretical point of view, t...
متن کاملAssurance Case Driven Design based on the Harmonized Framework of Safety and Security Requirements
Assurance (Security and Safety) Case is an approach to prove critical systems and software compliance with security and safety requirements. We propose an advanced framework named as Assurance Case Driven Design (AC DD) to improve cost-effectiveness of certification and licensing processes. AC DD is based on Claim-Argument-Evidence-Criteria (CAEC) notation and Development-Verification&Validatio...
متن کاملComputer-Aided Sensor Development Focused on Security Issues
The paper examines intelligent sensor and sensor system development according to the Common Criteria methodology, which is the basic security assurance methodology for IT products and systems. The paper presents how the development process can be supported by software tools, design patterns and knowledge engineering. The automation of this process brings cost-, quality-, and time-related advant...
متن کاملModel-Driven Development of a Secure eHealth Application
We report on our use of ActionGUI to develop a secure eHealth application based on the NESSoS eHealth case study. ActionGUI is a novel model-driven methodology with an associated tool for developing secure data-management applications with three distinguishing features. First, it enables a model-based separation of concerns, where behavior and security are modeled individually and subsequently ...
متن کاملA Model-Driven Decision Support System for Software Cost Estimation (Case Study: Projects in NASA60 Dataset)
Estimating the costs of software development is one of the most important activities in software project management. Inaccuracies in such estimates may cause irreparable loss. A low estimate of the cost of projects will result in failure on delivery on time and indicates the inefficiency of the software development team. On the other hand, high estimates of resources and costs for a project wil...
متن کامل