Security Goal Indicator Trees: A Model of Software Features that Supports Efficient Security Inspection
We analyze the specific challenges of inspecting software development documents for security. Most security goals are formulated as negative (i. e. avoidance)goals, and security is a non-local property of the wholesystem. We suggest a new type of model for security-relevant features to address these challenges. Our model,named Security Goal Indicator Tree (SGIT), mapsnegative and non-local goals to positive, concrete features of the software that can be checked during an inspection. It supports inspection of software documents from various phases of the development process. An SGIT links a security goal with numerous indicators (which may be beneficial or detrimental for the achievement ofthe goal) and structures the set of indicators by Boolean and conditional relationships enabling an efficient selection of indicator subsets. We present SGlT examples,explain how to use them in an inspection, give advice on creating SGITs, and give an outlook on how SGITs will beembedded in a comprehensive method for software security inspection.
Holger Peine Marek Jawurek Stefan Mandel
Fraunhofer IESE, Kaiserslautern, Germany
国际会议
11th IEEE High Assurance Systems Engineering Symposium(HASE 2008)(第十一届IEEE高可信系统工程国际研讨会)
南京
英文
9-18
2008-12-03(万方平台首次上网日期,不代表论文的发表时间)