Name
Abstract | ||
|---|---|---|
Today's software systems are too complex to ensure security after the fact – security has to be built into systems by design. To this end, model-based techniques such as UMLsec support the design-time specification and analysis of security requirements by providing custom model annotations and checks. Yet, a particularly challenging type of complexity arises from the variability of software product lines. Analyzing the security of all products separately is generally infeasible. In this work, we propose SecPL, a methodology for ensuring security in a software product line. SecPL allows developers to annotate the system design model with product-line variability and security requirements. To keep the exponentially large configuration space tractable during security checks, SecPL provides a family-based security analysis. In our experiments, this analysis outperforms the naive strategy of checking all products individually. Finally, we present the results of a user study that indicates the usability of our overall methodology.
|
Year | DOI | Venue |
|---|---|---|
2018 | 10.1145/3278122.3278126 | GPCE |
Keywords | DocType | ISBN |
Security, Software Product Lines, OCL, UML | Conference | 978-1-4503-6045-6 |
Citations | PageRank | References |
1 | 0.35 | 0 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Sven Peldszus | 1 | 15 | 5.76 |
| Daniel Strüber | 2 | 116 | 21.50 |
| Jan Jürjens | 3 | 1132 | 91.46 |