| 000 | 03979nam a22005175i 4500 | ||
|---|---|---|---|
| 001 | 978-3-658-37665-9 | ||
| 003 | DE-He213 | ||
| 005 | 20240423125405.0 | ||
| 007 | cr nn 008mamaa | ||
| 008 | 220713s2022 gw | s |||| 0|eng d | ||
| 020 |
_a9783658376659 _9978-3-658-37665-9 |
||
| 024 | 7 |
_a10.1007/978-3-658-37665-9 _2doi |
|
| 050 | 4 | _aQA76.9.A25 | |
| 072 | 7 |
_aUR _2bicssc |
|
| 072 | 7 |
_aUTN _2bicssc |
|
| 072 | 7 |
_aCOM053000 _2bisacsh |
|
| 072 | 7 |
_aUR _2thema |
|
| 072 | 7 |
_aUTN _2thema |
|
| 082 | 0 | 4 |
_a005.8 _223 |
| 100 | 1 |
_aPeldszus, Sven Matthias. _eauthor. _4aut _4http://id.loc.gov/vocabulary/relators/aut |
|
| 245 | 1 | 0 |
_aSecurity Compliance in Model-driven Development of Software Systems in Presence of Long-Term Evolution and Variants _h[electronic resource] / _cby Sven Matthias Peldszus. |
| 250 | _a1st ed. 2022. | ||
| 264 | 1 |
_aWiesbaden : _bSpringer Fachmedien Wiesbaden : _bImprint: Springer Vieweg, _c2022. |
|
| 300 |
_aXXXVI, 476 p. 138 illus., 80 illus. in color. _bonline resource. |
||
| 336 |
_atext _btxt _2rdacontent |
||
| 337 |
_acomputer _bc _2rdamedia |
||
| 338 |
_aonline resource _bcr _2rdacarrier |
||
| 347 |
_atext file _bPDF _2rda |
||
| 505 | 0 | _aIntroduction -- Running Example: iTrust -- State of the Art in Secure Software Systems Development -- A Walkthrough of the Proposed Development Approach -- Program Model for Object-oriented Languages -- Model-Synchronization and Tracing -- Application to Legacy Projects using Reverse-Engineering -- Static Security Compliance Checks -- Verification and Enforcement of Security at Run-time -- Specification of Variability throughout Variant-rich Software Systems -- Security in UML Product Lines -- Security Compliance and Restructuring in Variant-rich Software Systems -- The GRaViTY Framework -- Case Studies -- Related Work -- Conclusion. | |
| 520 | _aFor ensuring a software system's security, it is vital to keep up with changing security precautions, attacks, and mitigations. Although model-based development enables addressing security already at design-time, design models are often inconsistent with the implementation or among themselves. An additional burden are variants of software systems. To ensure security in this context, we present an approach based on continuous automated change propagation, allowing security experts to specify security requirements on the most suitable system representation. We automatically check all system representations against these requirements and provide security-preserving refactorings for preserving security compliance. For both, we show the application to variant-rich software systems. To support legacy systems, we allow to reverse-engineer variability-aware UML models and semi-automatically map existing design models to the implementation. Besides evaluations of the individual contributions, we demonstrate the approach in two open-source case studies, the iTrust electronics health records system and the Eclipse Secure Storage. About the author Since 2016, Sven Matthias Peldszus has been working as a research associate at the University of Koblenz-Landau and joined the Ruhr University Bochum after defending this thesis. His research interests include continuous tracing of non-functional requirements over the entire software life cycle and software quality analysis in variant-rich software systems. | ||
| 650 | 0 | _aData protection. | |
| 650 | 0 | _aComputer security. | |
| 650 | 1 | 4 | _aData and Information Security. |
| 650 | 2 | 4 | _aSecurity Services. |
| 650 | 2 | 4 | _aPrinciples and Models of Security. |
| 710 | 2 | _aSpringerLink (Online service) | |
| 773 | 0 | _tSpringer Nature eBook | |
| 776 | 0 | 8 |
_iPrinted edition: _z9783658376642 |
| 776 | 0 | 8 |
_iPrinted edition: _z9783658376666 |
| 856 | 4 | 0 | _uhttps://doi.org/10.1007/978-3-658-37665-9 |
| 912 | _aZDB-2-SCS | ||
| 912 | _aZDB-2-SXCS | ||
| 942 | _cSPRINGER | ||
| 999 |
_c177418 _d177418 |
||