Towards a Methodological Tool Support for Modeling Security-Oriented Processes (original) (raw)

Abstract

Development processes for software construction are common knowledge and widely used in most development organizations. Unfortunately, these processes often offer only little or no support in order to meet security requirements. In our work, we propose a methodology to build domain specific process models with security concepts on the foundations of industry-relevant security approaches, backed by a security-oriented process model specification language. Instead of building domain specific security-oriented process models from the ground, the methodology allows process designers to fall back on existing well established security approaches and add domain relevant concepts and repository-centric approaches, as well as supplementary information security risk management standards (e.g., Common Criteria), to fulfill the demand for secure software engineering. Supplementary and/or domain specific concepts can be added trough our process modeling language in an easy and direct way. The methodology and the process modeling language we propose have been successfully evaluated by the TERESA project for specifying development processes for trusted applications and integrating security concepts into existing process models used in the railway domain.

Similar content being viewed by others

Introduction

Chapter © 2017

References

1. Common Criteria: common criteria for information technology security evaluation v3.1r4. Technical report CCMB-2012-09-001/002/003, Common Criteria (2012)
   Google Scholar
2. Die Beauftragte der Bundesregierung für Informationstechnik. V-modell XT (2005)
   Google Scholar
3. Forsberg, K., Mooz, H., Cotterman, H.: Visualizing Project Management. A Model for Business and Technical Success, 2nd edn. Wiley, New york (2000)
   Google Scholar
4. Geisel, J., Hamid, B., Bruel, J.-M.: Repository-centric process modeling – example of a pattern based development process. In: Lee, L. (ed.) Software Engineering Research, Management and Applications. Studies in Computational Intelligence, vol. 496, pp. 247–261. Springer, Switzerland (2014)
   Chapter Google Scholar
5. Gonzalez-Perez, C., Henderson-Sellers, B.: Modelling software development methodologies: a conceptual foundation. J. Syst. Softw. 80(11), 1778–1796 (2007)
   Article Google Scholar
6. Hamid, B., Geisel, J., Ziani, A., Gonzalez, D.: Safety lifecycle development process modeling for embedded systems - example of railway domain. In: Avgeriou, P. (ed.) SERENE 2012. LNCS, vol. 7527, pp. 63–75. Springer, Heidelberg (2012)
   Chapter Google Scholar
7. Hug, C., Front, A., Rieu, D., Henderson-Sellers, B.: A method to build information systems engineering process metamodels. J. Syst. Softw. 82(10), 1730–1742 (2009)
   Article Google Scholar
8. Kruchten, P.: The Rational Unified Process: An Introduction, 3rd edn. Addison-Wesley Longman Publishing Co., Inc., Boston (2003)
   Google Scholar
9. McGraw, G.: Software Security: Building Security, 3rd edn. Addison-Wesley Professional, Boston (2006)
   Google Scholar
10. Microsoft: Microsoft Security Development Lifecycle (SDL) process guidance - version 5.2 (2012)
    Google Scholar
11. OBEO: Acceleo (2014). http://www.eclipse.org/acceleo/
12. OMG: Software and systems process engineering metamodel specification (SPEM) version 2.0. Technical report, Object Management Group Inc. (2008)
    Google Scholar
13. OWASP: OWASP CLASP V1.2. OWASP, November 2007
    Google Scholar
14. Selic, B.: The pragmatics of model-driven development. IEEE Softw. 20(5), 19–25 (2003)
    Article Google Scholar
15. SEMCO: System and software engineering for embedded systems applications with multi-concerns support (2010)
    Google Scholar

Download references

Author information

Authors and Affiliations

1. IRIT, University of Toulouse, Toulouse, France
   Jacob Geisel, Brahim Hamid & Jean-Michel Bruel
2. Ikerlan, Mandragon, Spain
   David Gonzales

Authors

1. Jacob Geisel
2. Brahim Hamid
3. David Gonzales
4. Jean-Michel Bruel

Corresponding author

Correspondence toJacob Geisel .

Editor information

Editors and Affiliations

1. LIAS/ISAE-ENSMA , Futuroscope Chasseneuil, France
   Ladjel Bellatreche
2. Department of Information Systems and Computation, Universitat Politècnica de València, Valencia, Spain
   Óscar Pastor
3. University of Almería , Almería, Spain
   Jesús M. Almendros Jiménez
4. IRIT / ENSEIHT , Toulouse, France
   Yamine Aït-Ameur

Rights and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Geisel, J., Hamid, B., Gonzales, D., Bruel, JM. (2016). Towards a Methodological Tool Support for Modeling Security-Oriented Processes. In: Bellatreche, L., Pastor, Ó., Almendros Jiménez, J., Aït-Ameur, Y. (eds) Model and Data Engineering. MEDI 2016. Lecture Notes in Computer Science(), vol 9893. Springer, Cham. https://doi.org/10.1007/978-3-319-45547-1\_3

Download citation

• .RIS
• .ENW
• .BIB
• DOI: https://doi.org/10.1007/978-3-319-45547-1\_3
• Published: 07 September 2016
• Publisher Name: Springer, Cham
• Print ISBN: 978-3-319-45546-4
• Online ISBN: 978-3-319-45547-1
• eBook Packages: Computer ScienceComputer Science (R0)Springer Nature Proceedings Computer Science

Keywords

Publish with us