Towards a Model-Driven Security Assurance of Open Source Components
| Autor: | Irum Rauf, Elena Troubitsyna |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
Stateless protocol
Process (engineering) Computer science 020207 software engineering 02 engineering and technology Computer security computer.software_genre Open source Software security assurance Component (UML) Scalability 0202 electrical engineering electronic engineering information engineering 020201 artificial intelligence & image processing Software verification and validation Architecture computer |
| Zdroj: | Lecture Notes in Computer Science ISBN: 9783319659473 SERENE |
| Popis: | Open Source software is increasingly used in a wide spectrum of applications. While the benefits of the open source components are unquestionable now, there is a great concern over security assurance provided by such components. Often open source software is a subject of frequent updates. The updates might introduce or remove a diverse range of features and hence violate security properties of the previous releases. Obviously, a manual inspection of security would be prohibitively slow and inefficient. Therefore, there is a great demand for the techniques that would allow the developers to automate the process of security assurance in the presence of frequent releases. The problem of security assurance is especially challenging because to ensure scalability, such main open source initiatives, as OpenStack adopt RESTful architecture. This requires new security assurance techniques to cater to stateless nature of the system. In this paper, we propose a model-driven framework that would allow the designers to model the security concerns and facilitate verification and validation of them in an automated manner. It enables a regular monitoring of the security features even in the presence of frequent updates. We exemplify our approach with the Keystone component of OpenStack. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|