• DocumentCode
    2171509
  • Title

    Security Engineering Based on Structured Formal Reasoning

  • Author

    Fuchs, Adi ; Rudolph, Carsten

  • Author_Institution
    Fraunhofer Inst. for Secure Inf. Technol., Darmstadt, Germany
  • fYear
    2012
  • fDate
    14-16 Dec. 2012
  • Firstpage
    145
  • Lastpage
    152
  • Abstract
    Security by Design and Secure Engineering are among the most pressing challenges in IT Security research and practice. Increased attacker potential and dependence on IT-Systems in economy and in critical infrastructures cause a higher demand in securely engineered systems and thus in new approaches and methodologies. This paper introduces a consistent methodology for designing secure systems during the specification phase. The Security Modeling Framework SeMF serves as basis for its security vocabulary. We extend SeMF by the concept of SeMF Building Blocks SeBBs as reasoning tool and provide a security design process utilizing them as refinement artifacts. This process guides the decision making during the system specification phase focused on the security aspects and integrates with refinement driven functional engineering processes. Our approach further results in a security design documentation and residual assumptions that can serve as a basis for risk assessment, code review, and organizational security means during deployment.
  • Keywords
    formal specification; functional programming; reasoning about programs; risk analysis; security of data; IT security research; IT system; SeBB; SeMF building blocks; Security Modeling Framework; attacker potential; code review; critical infrastructure; decision making; economy; organizational security; reasoning tool; refinement artifact; refinement driven functional engineering process; residual assumption; risk assessment; secure engineering; secure system design; security aspect; security by design; security design documentation; security engineering; security vocabulary; structured formal reasoning; system specification; formal languages; formal methods; security by design; security engineering;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    BioMedical Computing (BioMedCom), 2012 ASE/IEEE International Conference on
  • Conference_Location
    Washington, DC
  • Print_ISBN
    978-1-4673-5495-0
  • Type

    conf

  • DOI
    10.1109/BioMedCom.2012.30
  • Filename
    6516443