Jens Bürger

Maintaining Requirements for Long-Living Software Systems by Incorporating Security Knowledge

Security is an increasingly important quality facet in modern information systems and needs to be retained. Due to a constantly changing environment, long-living software systems “age” not by wearing out, but by failing to keep up-to-date with their environment. The problem is that requirements engineers usually do not have a complete overview of the security-related knowledge necessary to retain security of long-living software systems. This includes security standards, principles and guidelines as well as reported security incidents. In this paper, we focus on the identification of known vulnerabilities (and their variations) in natural-language requirements by leveraging security knowledge. For this purpose, we present an integrative security knowledge model and a heuristic method to detect vulnerabilities in requirements based on reported security incidents. To support knowledge evolution, we further propose a method based on natural language analysis to refine and to adapt security knowledge. Our evaluation indicates that the proposed assessment approach detects vulnerable requirements more reliable than other methods (Bayes, SVM, k-NN). Thus, requirements engineers can react faster and more effectively to a changing environment that has an impact on the desired security level of the information system.

Restoring Security of Long-Living Systems by Co-evolution

Security is an important quality aspect for modern information systems. Security properties may however be violated if the information system operates in an evolving environment. Environmental changes then trigger reactions which lead to co-evolution of the security design and the corresponding system model. However, updating the security design manually is time-consuming and error-prone. We present an approach to support semi-automatic system co-evolution which responds to environmental knowledge evolution, using the UML security extension UMLsec and graph transformation. The aim is to enable software engineers to react more reliably and effectively to environmental changes and to ensure lifelong compliance of information systems. To evaluate our approach, we conducted a case study on the open-source project iTrust.

Restoring security of evolving software models using graph transformation

Security certification of complex systems requires a high amount of effort. As a particular challenge, today’s systems are increasingly long-living and subject to continuous change. After each change of some part of the system, the whole system needs to be re-certified from scratch (since security properties are not in general modular), which is usually far too much effort. When models for software get changed, this can lead to security weaknesses that are also part of the software system that is derived from those models. Hence, it is important to check the models with respect to security properties and correct them respectively. To address this challenge, we present an approach which not only finds security weaknesses but can also correct them in a tool-supported way. As time goes by, a diverse number of changing requirements that may be security-related and non-security-related lead to an evolving system that met its security requirements at design time but can contain vulnerabilities with respect to meanwhile updated security knowledge. Supported by patterns we can describe and detect potential flaws that may arise in models, such as inconsistencies in security requirements. Potential violations can be formalized in the patterns as well as the correction alternatives to fix these. It is based on graph transformation and can be applied to different types of models and violations. For flaw detection, these patterns are used as the left-hand sides of graph transformation rules. Using graph transformation, we can further correct the models and establish that they no longer violate the security requirements under investigation. The approach is supported by a tool which can check whether these patterns arise in models and assist the user in correcting the security vulnerabilities.

Towards Adaptation and Evolution of Domain-Specific Knowledge for Maintaining Secure Systems

Creating and maintaining secure software require a good understanding of the system and its environment. Knowledge management is therefore one of the key factors to maintain secure software successfully. However, acquiring and modeling knowledge is a labor-intensive and time-consuming task. Thus, knowledge ought to be shared among different projects and must be adapted to their specific needs. In this paper, we present an approach allowing the stepwise adaptation from domain- to project-specific knowledge based on OWL ontologies. For this purpose, we define a basic set of adaptation operators which allows effective and frugal changes. Moreover, we discuss how our approach can be integrated into common software process models in order to adapt knowledge required for maintenance. Since domain- and project-specific knowledge changes over time, we show how our approach copes with changes efficiently, so that the affected knowledge remains consistent. The shared use of knowledge significantly reduces the complexity and effort to model required knowledge in various projects. Our case study and tool implementation shows the benefits for maintaining secure systems.

Model-Based Security Engineering: Managed Co-evolution of Security Knowledge and Software Models

We explain UMLsec and associated techniques to incorporate security aspects in model-based development. Additionally, we show how UMLsec can be used in the context of software evolution. More precisely, we present the SecVolution approach which supports monitoring changes in external security knowledge sources (such as compliance regulations or security databases) in order to react to security related modification and to support the associated co-evolution of the UMLsec models.

A framework for semi-automated co-evolution of security knowledge and system models

Abstract Security is an important and challenging quality aspect of software-intensive systems, becoming even more demanding regarding long-living systems. Novel attacks and changing laws lead to security issues that did not necessarily rise from a flawed initial design, but also when the system fails to keep up with a changing environment. Thus, security requires maintenance throughout the operation phase. Ongoing adaptations in response to changed security knowledge are inevitable. A necessary prerequisite for such adaptations is a good understanding of the security-relevant parts of the system and the security knowledge. We present a model-based framework for supporting the maintenance of security during the long-term evolution of a software system. It uses ontologies to manage the system-specific and the security knowledge. With model queries, graph transformation and differencing techniques, knowledge changes are analyzed and the system model is adapted. We introduce the novel concept of Security Maintenance Rules to couple the evolution of security knowledge with co-evolutions of the system model. As evaluation, community knowledge about vulnerabilities is used (Common Weakness Enumeration database). We show the applicability of the framework to the iTrust system from the medical care domain and hence show the benefits of supporting co-evolution for maintaining secure systems.