Model-based Security Analysis of Feature-oriented Software Product Lines
Today’s software systems are too complex to ensure security after the fact – security has to be built into systems by design. To this end, model-based techniques such as UMLsec support the design-time specification and analysis of security requirements by providing custom model annotations and checks. Yet, a particularly challenging type of complexity arises from the variability of software product lines. Analyzing the security of all products separately is generally infeasible. In this work, we propose SecPL, a methodology for ensuring security in a software product line. SecPL allows developers to annotate the system design model with product-line variability and security requirements. To keep the exponentially large configuration space tractable during security checks, SecPL provides a family-based security analysis. In our experiments, this analysis outperforms the naive strategy of checking all products individually. Finally, we present the results of a user study that indicates the usability of our overall methodology.
Mon 5 NovDisplayed time zone: Guadalajara, Mexico City, Monterrey change
15:30 - 17:00 | |||
15:30 30mTalk | Meta-programming for cross-domain tensor optimizations GPCE 2018 Adilla Susungi MINES ParisTech, France, Norman A. Rink TU Dresden, Germany, Albert Cohen Google, Jeronimo Castrillon TU Dresden, Germany, Claude Tadonki MINES ParisTech, France | ||
16:00 30mTalk | Model-based Security Analysis of Feature-oriented Software Product Lines GPCE 2018 Sven Peldszus University of Koblenz-Landau, Daniel Strüber University of Koblenz-Landau, Germany, Jan Jürjens University of Koblenz-Landau DOI Pre-print | ||
16:30 30mTalk | Orchestrating Dynamic Analyses of Distributed Processes for Full-Stack JavaScript Programs GPCE 2018 Laurent Christophe VUB, Coen De Roover Vrije Universiteit Brussel, Elisa Gonzalez Boix Vrije Universiteit Brussel, Wolfgang De Meuter Vrije Universiteit Brussel |