You are here: TUCS > PUBLICATIONS > Publication Search > Towards a Model-Driven Securit...
Towards a Model-Driven Security Assurance of Open Source Components
Irum Rauf, Elena Troubitsyna, Towards a Model-Driven Security Assurance of Open Source Components. In: Alexander Romanovsky, Elena Troubitsyna (Eds.), 9th International Workshop on Software Engineering for Resilient Systems (SERENE 2017) September 4-5, 2017, Geneva, Switzerland. Proceedings, LNCS-10479, 65–80, SpringerLink, 2017.
Abstract:
Open Source software is increasingly used in a wide spectrum of applications. While the benefits of the open source components are unquestionable now, there is a great concern over security assurance
provided by such components. Often open source software is a subject of frequent updates. The updates might introduce or remove a diverse range of features and hence violate security properties of the previous releases. Obviously, a manual inspection of security would be prohibitively slow and inefficient. Therefore, there is a great demand for the techniques that would allow the developers to automate the process of security assurance in the presence of frequent releases. The problem of security assurance is especially challenging because to ensure scalability, such main open source initiatives, as OpenStack adopt RESTful architecture. This requires new security assurance techniques to cater to stateless nature of the system. In this paper, we propose a model-driven framework that would allow the designers to model the security concerns and facilitate verification and validation of them in an automated manner. It enables a regular monitoring of the security features even in the presence of frequent updates. We exemplify our approach with the Keystone component of OpenStack.
Files:
Full publication in PDF-format
BibTeX entry:
@INPROCEEDINGS{inpRaTr17a,
title = {Towards a Model-Driven Security Assurance of Open Source Components},
booktitle = {9th International Workshop on Software Engineering for Resilient Systems (SERENE 2017) September 4-5, 2017, Geneva, Switzerland. Proceedings},
author = {Rauf, Irum and Troubitsyna, Elena},
series = {LNCS-10479},
editor = {Romanovsky, Alexander and Troubitsyna, Elena},
publisher = {SpringerLink},
pages = {65–80},
year = {2017},
}
Belongs to TUCS Research Unit(s): Embedded Systems Laboratory (ESLAB)