Consistency Management for Security Annotations for Continuous Verification

被引：0

作者：

Reiche, Frederik ^{[1
]}

Weber, Thomas ^{[1
]}

Becker, Simeon ^{[2
]}

Weber, Sebastian ^{[3
]}

Heinrich, Robert ^{[1
]}

Burger, Erik ^{[1
]}

机构：

[1] Karlsruhe Inst Technol, KASTEL, Karlsruhe, Germany

[2] Karlsruhe Inst Technol, Karlsruhe, Germany

[3] FZI Res Ctr Informat Technol, Karlsruhe, Germany

来源：

ACM/IEEE 27TH INTERNATIONAL CONFERENCE ON MODEL DRIVEN ENGINEERING LANGUAGES AND SYSTEMS: COMPANION PROCEEDINGS, MODELS 2024 | 2024年

关键词：

Model-based Analysis; Consistency Management; Development Framework; Early and Continuous Verification; MODEL;

D O I：

10.1145/3652620.3687821

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

Analyses on the architecture of systems can yield valuable insights into a system even before it is built. The applicability of the results of these design time analyses to the system requires the system to be built according to its specification, i.e., to not violate constraints defined on the architecture. The conformance of the results of static code analyses and design time analyses ensures the system is built according to its specification. The first step for conforming results of these analyses is to ensure that the system and its specification is represented consistently in the input of the design time analysis and static code analysis, i.e., they comprise corresponding system elements and specifications for them. To achieve conforming inputs, we used consistency specifications between architecture and code models and implemented them between annotation models that enrich the architecture description with security annotations on the architecture level, as well as security annotations on the code level. This allows the continuous conformance checking during implementation and later during evolution of the system. We implemented the consistency specifications in the Vitruvius framework for an ADL and Java and tested it on case studies.

引用

页码：1096 / 1105

页数：10

共 30 条

[1]

Ahrendt Wolfgang, 2016, Lecture notes in computer science, V10001, DOI 10.1007/978-3-319-49812-6

[2]

Almorsy M, 2013, PROCEEDINGS OF THE 35TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE 2013), P662, DOI 10.1109/ICSE.2013.6606612

[3]

[Anonymous], 2007, Secure programming with static analysis

[4]

Armbruster M., 2022, Tech. rep., DOI [10.5445/IR/1000149186, DOI 10.5445/IR/1000149186]

[5] Fundamental Realization Strategies for Multi-View Specification Environments [J].

Atkinson, Colin ;

Tunjic, Christian ;

Moeller, Torben .

PROCEEDINGS OF THE 2015 IEEE 19TH INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE, 2015, :40-49

[6] Model consistency as a heuristic for eventual correctness [J].

David, Istvan ;

Vangheluwe, Hans ;

Syriani, Eugene .

JOURNAL OF COMPUTER LANGUAGES, 2023, 76

[7] LATTICE MODEL OF SECURE INFORMATION-FLOW [J].

DENNING, DE .

COMMUNICATIONS OF THE ACM, 1976, 19 (05) :236-243

[8] Precise Analysis of Java']Java Programs using JOANA [J].

Giffhorn, Dennis ;

Hammer, Christian .

EIGHTH IEEE INTERNATIONAL WORKING CONFERENCE ON SOURCE CODE ANALYSIS AND MANIPULATION, PROCEEDINGS, 2008, :267-268

[9] Enforcing Architectural Security Decisions [J].

Jasser, Stefanie .

IEEE 17TH INTERNATIONAL CONFERENCE ON SOFTWARE ARCHITECTURE (ICSA 2020), 2020, :35-45

[10]

Jurjens J., 2002, "UML" 2002 - Unified Modeling Language. Model Engineering, Concepts, and Tools. 5th International Conference. Proceedings (Lecture Notes in Computer Science Vol.2460), P412

← 1 2 3 →