Title :
Security Goal Indicator Trees: A Model of Software Features that Supports Efficient Security Inspection
Author :
Peine, Holger ; Jawurek, Marek ; Mandel, Stefan
Author_Institution :
Fraunhofer IESE, Kaiserslautern
Abstract :
We analyze the specific challenges of inspecting software development documents for security: Most security goals are formulated as negative (i.e. avoidance) goals, and security is a non-local property of the whole system. We suggest a new type of model for security relevant features to address these challenges. Our model, named security goal indicator tree (SGIT), maps negative and non-local goals to positive, concrete features of the software that can be checked during an inspection. It supports inspection of software documents from various phases of the development process. An SGIT links a security goal with numerous indicators (which may be beneficial or detrimental for the achievement of the goal) and structures the set of indicators by Boolean and conditional relationships enabling an efficient selection of indicator subsets. We present SGIT examples, explain how to use them in an inspection, give advice on creating SGITs, and give an outlook on how SGITs will be embedded in a comprehensive method for software security inspection.
Keywords :
document handling; inspection; security of data; software engineering; security goal indicator trees; security relevant features; software development documents; software security inspection; Best practices; Concrete; Embedded software; Inspection; Programming; Security; Software performance; Software quality; Software systems; Systems engineering and theory; inspection; security; security analysis; security engineering; software engineering;
Conference_Titel :
High Assurance Systems Engineering Symposium, 2008. HASE 2008. 11th IEEE
Conference_Location :
Nanjing
Print_ISBN :
978-0-7695-3482-4
DOI :
10.1109/HASE.2008.57
