{"title":"基于结构化形式推理的安全工程","authors":"A. Fuchs, C. Rudolph","doi":"10.1109/BIOMEDCOM.2012.30","DOIUrl":null,"url":null,"abstract":"Security by Design and Secure Engineering are among the most pressing challenges in IT Security research and practice. Increased attacker potential and dependence on IT-Systems in economy and in critical infrastructures cause a higher demand in securely engineered systems and thus in new approaches and methodologies. This paper introduces a consistent methodology for designing secure systems during the specification phase. The Security Modeling Framework SeMF serves as basis for its security vocabulary. We extend SeMF by the concept of SeMF Building Blocks SeBBs as reasoning tool and provide a security design process utilizing them as refinement artifacts. This process guides the decision making during the system specification phase focused on the security aspects and integrates with refinement driven functional engineering processes. Our approach further results in a security design documentation and residual assumptions that can serve as a basis for risk assessment, code review, and organizational security means during deployment.","PeriodicalId":146495,"journal":{"name":"2012 ASE/IEEE International Conference on BioMedical Computing (BioMedCom)","volume":"86 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security Engineering Based on Structured Formal Reasoning\",\"authors\":\"A. Fuchs, C. Rudolph\",\"doi\":\"10.1109/BIOMEDCOM.2012.30\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security by Design and Secure Engineering are among the most pressing challenges in IT Security research and practice. Increased attacker potential and dependence on IT-Systems in economy and in critical infrastructures cause a higher demand in securely engineered systems and thus in new approaches and methodologies. This paper introduces a consistent methodology for designing secure systems during the specification phase. The Security Modeling Framework SeMF serves as basis for its security vocabulary. We extend SeMF by the concept of SeMF Building Blocks SeBBs as reasoning tool and provide a security design process utilizing them as refinement artifacts. This process guides the decision making during the system specification phase focused on the security aspects and integrates with refinement driven functional engineering processes. Our approach further results in a security design documentation and residual assumptions that can serve as a basis for risk assessment, code review, and organizational security means during deployment.\",\"PeriodicalId\":146495,\"journal\":{\"name\":\"2012 ASE/IEEE International Conference on BioMedical Computing (BioMedCom)\",\"volume\":\"86 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-12-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 ASE/IEEE International Conference on BioMedical Computing (BioMedCom)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/BIOMEDCOM.2012.30\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 ASE/IEEE International Conference on BioMedical Computing (BioMedCom)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/BIOMEDCOM.2012.30","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Engineering Based on Structured Formal Reasoning
Security by Design and Secure Engineering are among the most pressing challenges in IT Security research and practice. Increased attacker potential and dependence on IT-Systems in economy and in critical infrastructures cause a higher demand in securely engineered systems and thus in new approaches and methodologies. This paper introduces a consistent methodology for designing secure systems during the specification phase. The Security Modeling Framework SeMF serves as basis for its security vocabulary. We extend SeMF by the concept of SeMF Building Blocks SeBBs as reasoning tool and provide a security design process utilizing them as refinement artifacts. This process guides the decision making during the system specification phase focused on the security aspects and integrates with refinement driven functional engineering processes. Our approach further results in a security design documentation and residual assumptions that can serve as a basis for risk assessment, code review, and organizational security means during deployment.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
