Software Security Engineering Monitoring and Control
نویسندگان
چکیده
Poorly constructed software can induce security weaknesses and defects, which can be exploited by attackers. Despite many security standards and mechanisms, a vast amount of software systems have security vulnerabilities. The security problems induce the necessity of monitoring and controlling software development and maintenance. In this paper, we propose a multi-agent system that supports security in development of new systems and modification of existing systems. Thus, the multi-agent system verifies and validates the goals and requirements during different phases of development lifecycle. For the verification and validation, searching for information and mapping are needed. Searching for information about the project and security documents such as, risks, list of threats and vulnerabilities is performed by software agents. Comparisons and analyzes of requirements and use cases as well as mapping of those to attack patterns is performed by meta-agents. The proposed multi-agent system supports confidentiality, integrity, availability, accountability, and non-repudiation.
منابع مشابه
Runtime Monitoring Using Policy Based Approach to Control Information Flow for Mobile Apps
Mobile applications are verified to check the correctness or evaluated to check the performance with respect to specific security properties such as Availability, Integrity and Confidentiality. Where they are made available to the end users of the mobile application is achievable only to a limited degree using software engineering static verification techniques. The more sensitive the informati...
متن کاملA Secure Software Architecture Description Language
Security is becoming a more and more important concern for software architecture and software components. Previous modeling approaches provide insufficient support for an indepth treatment of security. This paper argues for a more comprehensive treatment of an important security aspect, access control, at the architecture level. Our approach models security subject, resource, privilege, safegua...
متن کاملEngineering cybersecurity in cyber physical systems
Advances in the interconnected capabilities of cyber physical systems (CPS) affect virtually every engineered system. Today, software approaches dominate all aspects of connecting the physical and cyber worlds in part due to the convergence of computing, control and communications software technologies. Unfortunately, software technologies are more vulnerable to cybersecurity problems than trad...
متن کاملModel-Based Security Engineering: Managed Co-evolution of Security Knowledge and Software Models
We explain UMLsec and associated techniques to incorporate security aspects in model-based development. Additionally, we show how UMLsec can be used in the context of software evolution. More precisely, we present the SecVolution approach which supports monitoring changes in external security knowledge sources (such as compliance regulations or security databases) in order to react to security ...
متن کاملOpansec - security integrity monitoring for controllers
Industrial automation and control systems (IACS) are more and more a combination of standardized hardware and software components that are respectively linked. A continuous increase in digital Instrumentation and Control (I&C) in production lines and critical infrastructures lead to a remarkable increase in computer-based digital security risk [IE10]. The Internet of Things, services, data and ...
متن کامل