| Title | An Asset-Based Assistance for Secure by Design |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Messe, Nan, Belloir, Nicolas, Chiprianov, Vanea, El-Hachem, Jamal, Fleurquin, Régis, Sadou, Salah |
| Conference Name | 2020 27th Asia-Pacific Software Engineering Conference (APSEC) |
| Date Published | Dec. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-9553-7 |
| Keywords | Architecture and Design, attack pattern, Automated Secure Software Engineering, composability, Computer architecture, Proposals, pubcrawl, resilience, Resiliency, secure-by-design, security, Security Assistance, software engineering, Software systems, System analysis and design, Systems architecture |
| Abstract | With the growing numbers of security attacks causing more and more serious damages in software systems, security cannot be added as an afterthought in software development. It has to be built in from the early development phases such as requirement and design. The role responsible for designing a software system is termed an “architect”, knowledgeable about the system architecture design, but not always well-trained in security. Moreover, involving other security experts into the system design is not always possible due to time-to-market and budget constraints. To address these challenges, we propose to define an asset-based security assistance in this paper, to help architects design secure systems even if these architects have limited knowledge in security. This assistance helps alert threats, and integrate the security controls over vulnerable parts of system into the architecture model. The central concept enabling this assistance is that of asset. We apply our proposal on a telemonitoring case study to show that automating such an assistance is feasible. |
| URL | https://ieeexplore.ieee.org/document/9359259 |
| DOI | 10.1109/APSEC51365.2020.00026 |
| Citation Key | messe_asset-based_2020 |
An Asset-Based Assistance for Secure by Design