| Title | Model-Based Security Analysis of Feature-Oriented Software Product Lines |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Peldszus, Sven, Strüber, Daniel, Jürjens, Jan |
| Conference Name | Proceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-6045-6 |
| Keywords | exponentiation, ocl, pubcrawl, Resiliency, Scalability, security, software product lines, UML |
| Abstract | Today's software systems are too complex to ensure security after the fact - security has to be built into systems by design. To this end, model-based techniques such as UMLsec support the design-time specification and analysis of security requirements by providing custom model annotations and checks. Yet, a particularly challenging type of complexity arises from the variability of software product lines. Analyzing the security of all products separately is generally infeasible. In this work, we propose SecPL, a methodology for ensuring security in a software product line. SecPL allows developers to annotate the system design model with product-line variability and security requirements. To keep the exponentially large configuration space tractable during security checks, SecPL provides a family-based security analysis. In our experiments, this analysis outperforms the naive strategy of checking all products individually. Finally, we present the results of a user study that indicates the usability of our overall methodology. |
| DOI | 10.1145/3278122.3278126 |
| Citation Key | peldszus_model-based_2018 |
Model-Based Security Analysis of Feature-Oriented Software Product Lines