GPCE 2018
Mon 5 - Tue 6 November 2018 Boston, Massachusetts, United States
co-located with SPLASH 2018
Mon 5 Nov 2018 16:00 - 16:30 at Studio 2 - III Chair(s): Sarah Nadi

Today’s software systems are too complex to ensure security after the fact – security has to be built into systems by design. To this end, model-based techniques such as UMLsec support the design-time specification and analysis of security requirements by providing custom model annotations and checks. Yet, a particularly challenging type of complexity arises from the variability of software product lines. Analyzing the security of all products separately is generally infeasible. In this work, we propose SecPL, a methodology for ensuring security in a software product line. SecPL allows developers to annotate the system design model with product-line variability and security requirements. To keep the exponentially large configuration space tractable during security checks, SecPL provides a family-based security analysis. In our experiments, this analysis outperforms the naive strategy of checking all products individually. Finally, we present the results of a user study that indicates the usability of our overall methodology.

Mon 5 Nov
Times are displayed in time zone: (GMT-05:00) Guadalajara, Mexico City, Monterrey change

15:30 - 17:00: GPCE 2018 - III at Studio 2
Chair(s): Sarah NadiUniversity of Alberta
gpce-201815:30 - 16:00
Adilla SusungiMINES ParisTech, France, Norman A. RinkTU Dresden, Germany, Albert CohenGoogle, Jeronimo CastrillonTU Dresden, Germany, Claude TadonkiMINES ParisTech, France
gpce-201816:00 - 16:30
Sven PeldszusUniversity of Koblenz-Landau, Daniel StrüberUniversity of Koblenz-Landau, Germany, Jan JürjensUniversity of Koblenz-Landau
DOI Pre-print
gpce-201816:30 - 17:00
Laurent ChristopheVUB, Coen De RooverVrije Universiteit Brussel, Elisa Gonzalez BoixVrije Universiteit Brussel, Wolfgang De MeuterVrije Universiteit Brussel