The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In model-based development, quality properties such as consistency of security requirements are often verified prior to code generation. Changed models have to be re-verified before re-generation. If several alternative evolutions of a model are possible, each alternative has to be modeled and verified to find the best model for further development.We present a verification strategy to analyze whether...
Minimizing the risk of system failure in any computer structure requires identifying those components whose failure is likely to impact on system functionality. Clearly, the degree of protection or prevention required against faults is not the same for all components. Tolerating soft errors can be much improved if critical components can be identified at an early design phase and measures are taken...
A novel approach to minimizing the risks of soft errors at modeling level of mobile and ubiquitous systems is outlined. From a pure dependability viewpoint, critical components, whose failure is likely to impact on system functionality, attract more attention of protection/prevention mechanisms (against soft errors) than others do. Tolerating soft errors can be much improved if critical components...
The principles and best practices of object oriented design require that modules in a program should match logical decomposition of the knowledge that the program implements. The violation of these modularization rules leads to several undesired consequences: (i) non-cohesive modules that mix different kinds of knowledge and (ii) logically coupled modules due to a dispersion of conceptually cohesive...
Traceability links among different software engineering artifacts make explicit how a software system was implemented to accommodate its requirements. For secure and dependable software system development, one must ensure the linked entities are truly traceable to each other and the links are updated to reflect true traceability among changed entities. However, traditional traceability relationships...
We have proposed in the past three separate methodologies for secure software development. We have found that they have many common and complementary aspects and we proposed a combination of them that appears as a good approach to secure software development. The combined methodology applies security at all stages, considers the architectural levels of the system, applies security policies through...
As libraries are the most widespread form of software reuse, the usability of their APIs substantially influences the productivity of programmers in all software development phases. In this paper we develop a framework to characterize domain-specific APIs along two directions: 1) how can the API users reference the domain concepts implemented by the API; 2) how are the domain concepts internally represented...
Domain specific APIs offer their clients ready-to-use implementations of domain concepts. Beside being interfaces between the worlds of humans and computers, domain specific APIs contain a considerable amount of domain knowledge. Due to the big abstraction gap between the real world and today's programming languages, in addition to the knowledge about their domain, these APIs are cluttered with a...
Compliance frameworks, laws and regulations such as Sarbanes Oxley, Basel II, Solvency II, HIPAA etc. demand from companies in a more and more rigorous way to demonstrate that their organisation, processes and supporting IT landscape implement and follow a set of guidelines at differing levels of abstraction. The work presented in this paper aims to contribute to a software engineering process which...
Mobile communication systems are increasingly used in companies. In order to make these applications secure, the security analysis has to be an integral part of the system design and IT management process for such mobile communication systems. This work presents the experiences and results from the security analysis of a mobile system architecture at a large German telecommunications company, by making...
We give an overview over the challenges in developing secure embedded systems and show how to use the approach of model-based security engineering (MBSE) to address them. In MBSE, recurring security requirements (such as secrecy, integrity, authenticity and others) and security assumptions on the system environment, can be specified either within a UML specification, or within the source code (Java...
Given the explosive growth of digitally stored information in modern enterprises, distributed information systems together with search engines are increasingly used in companies. By enabling the user to search all relevant information sources with one single query, however, crucial risks concerning information security arise. In order to make these applications secure, it is not sufficient to penetrate-...
Determining the security properties satisfied by software using cryptography is difficult: Security requirements such as secrecy, integrity and authenticity of data are notoriously hard to establish, especially in the context of cryptographic interactions. Nevertheless, little attention has been paid so far to the verification of such implementations with respect to the secure use of cryptography...
Understanding the security goals provided by cryptographic protocol implementations is known to be difficult, since security requirements such as secrecy, integrity and authenticity of data are notoriously hard to establish, especially in the context of cryptographic interactions. A lot of research has been devoted to developing formal techniques to analyze abstract specifications of cryptographic...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.