Security of Dependable Systems
2
Citation
49
Reference
10
Related Paper
Citation Trend
Abstract:
Security and dependability are crucial for designing trustworthy systems. The approach “security as an add-on” is not satisfactory, yet the integration of security in the development process is still an open problem. Especially, a common framework for specifying dependability and security is very much needed. There are many pressing challenges however; here, we address some of them. Firstly, security for dependable systems is a broad concept and traditional view of security, e.g., in terms of confidentiality, integrity and availability, does not suffice. Secondly, a clear definition of security in the dependability context is not agreed upon. Thirdly, security attacks cannot be modeled as a stochastic process, because the adversary’s strategy is often carefully planned. In this chapter, we explore these challenges and provide some directions toward their solutions.Keywords:
Trustworthiness
Security Testing
Security Testing
Security through obscurity
Security convergence
Cite
Citations (10)
Purpose The purpose of this paper is that of linking security requirements for web services with security patterns, both at the architectural and the design level, obtaining in a systematic way a web services security software architecture that contains a set of security patterns, thus ensuring that the security requirements of the internet‐based application that have been elicited are fulfilled. Additionally, the security patterns are linked with the most appropriate standards for their implementation. Design/methodology/approach To develop secure WS‐based applications, one must know the main security requirements specified that applications have to fulfil and find appropriate security patterns that assure, through combination or relationships between them, the fulfilment of the implicated security requirements. That is why a possible link or connection between requirements and patterns will have to be found, attempting to select for a determined security requirement the best security patterns that solve this requirement, thus guaranteeing the security properties for internet‐based applications. Findings Using security patterns, that drive and guide one towards a secure development as well as towards security software architecture, one can be sure that this design based on these patterns fulfils and guarantees the most important security requirements of the internet‐based applications through the design and implementation of security solutions that provide reliable security services. Practical implications Security architecture for internet‐based applications and web services can be designed considering the security requirement types that it must fulfil and using the most appropriate security patterns. Originality/value This paper proposes a relationship between security requirements that can be specified for internet‐based applications and the possible security patterns that can be used in the design and implementation of the secure system based on the internet, guaranteeing that these security requirements are fulfilled.
Security Testing
Security through obscurity
Security convergence
Security association
Security engineering
Cite
Citations (32)
Security engineering is a new research area in software engineering that covers the definition of processes, plans and designs for security. The researchers are working in this area and however there is a lack in security requirements treatment in this field. The security requirements is one of the non functional requirements which acts as constrains on the functions of the system. An increasing part of the communication and sharing of information in our society utilizes electronic media. Many organizations, especially distributed and Net-centric are entirely dependent on well functioning information systems. Thus IT security is becoming central to the ability to fulfill business goals, build trustworthy systems, and protect assets. In order to develop systems with adequate security features, it is essential to capture the corresponding security needs and requirements. Security requirements engineering is emerging as a branch of software engineering, spurred by the realization that security must be dealt with early during requirements phase. A number of researchers’ proposals have major limitations as they treat security in system oriented terms. In this paper we present a view on Security Requirements, Security Requirements issues, types, and the framework for Security Requirements Engineering. We also have presented about the challenges to web application security and evaluated the Security Requirements Engineering framework for web applications.
Security engineering
Security Testing
Security through obscurity
Security convergence
Cite
Citations (2)
Cite
Citations (4)
When applying information security, we need to go beyond the analysis of individual security protocols and consider how they are used within distributed systems, software applications and services. Important as they are, security protocols only form a part of the overall security engineering design for a particular distributed system. The effective use of any security protocol will typically depend upon certain structural data such as key information being available for use by some and at the same time made unavailable to others. Systems need to be designed with requirements like these in mind ([1–4]).
Security Testing
Security through obscurity
Security engineering
Security convergence
Cite
Citations (3)
Security Policy
Security Testing
Security through obscurity
Security convergence
Application security
Security engineering
Information security standards
Cite
Citations (1)
In today's information society, the information security is more and more regarded. It is mainly divided into five parts: physical security, network security, host security, application security and data security. Among them, the host security is in the first floor of the whole information system. However, the host security depended on operating system (OS) security necessarily. It is obvious that the OS security is the essential precondition and foundation of the whole computer information system security. In this article, firstly, it discussed the importance of the OS security; secondly, it further introduced the OS security mechanism, security demand, security policy and security model; finally, it discussed the host vulnerability evaluation, and put forward the function that a testing all-around host evaluation tool ought to carry out.
Security through obscurity
Security Testing
Security convergence
Vulnerability
Information security management
Cite
Citations (6)
Security has become the key issue in the development of large-scale information system. Piling security products and security technologies simply rather than functional integration and making full use of these products and technologies will cause resource wasting, and not meet the needs for flexible and diverse security requirements. This paper proposes a security architecture design based on SOA. Firstly, security devices and technologies are decomposed into basic security components which form the basic security service layer. Secondly, various extended security components that make up the extended security service layer are realized based on functional combination and process control. Then security services are provided through these two levels for upper security applications. At last, this paper gives the core architecture design of the security service core for dealing with the scalability bottlenecks in distributed system. The design solves effectively the security of large-scale information system.
Security Testing
Security through obscurity
Security convergence
Cite
Citations (2)
Service-oriented Architectures (SOA) provide a flexible infrastructure to allow independently developed software components to communicate in a seamless manner. Increased connectivity entails significant higher security risks. To face these risks, a broad range of specifications e.g. WS-Security and WS-Trust has emerged to ensure security in SOA. These specifications are supported by all major Web Service Frameworks and enforced by security modules provided by these frameworks to apply security to ingoing and outgoing messages. In general, a security module is configured declaratively using a security policy e.g. WS-SecurityPolicy that expresses security goals and related configurations. To support a broad range of use cases, these security policy languages offer a variety of settings and options.However, the complexity of security policy languages leads to an error-prone and tedious creation of security policies. To simplify and support the generation of Web Services, we present an architecture for a security advisor in this paper. This security advisor facilitates the configuration of security modules for service-based systems based on a pattern-driven approach that enables the transformation from general security goals to concrete security configurations. Therefore, we will introduce a security pattern system which is used to resolve concrete protocols and security mechanisms at a technical level.
Security through obscurity
Security convergence
Security Testing
Security Policy
Security engineering
Cite
Citations (12)
For interconnected and complex systems, security is paramount for establishing trust in their correctness and design adequacy. Thus, security needs to be assured and a corresponding security assurance case needs to be presented to system stakeholders, security assessors, as well as to system users. However, security is dynamic by its nature and to maintain its acceptable security level, frequent updates might be required. Traditionally, a security assurance case is built from scratch whenever a change occurs, however given the cost of resources needed for such a task, a more effective and less time consuming way of handling updates is needed. Hence, the challenge of security case run-time adaptation is considered in this work. We survey the state of the art in security assurance and security case development to refine the challenge and identify system decomposition as one the enablers for security case run-time adaptation. We propose to apply system decomposition in terms of services and use service choreographies to facilitate security case run-time adaptation. The proposed approach is illustrated on an E-gas example.
Security Testing
Security through obscurity
Security convergence
Cite
Citations (1)