By Topic

Formal analysis and design for engineering security automated derivation of formal software security specifications from goal-oriented security requirements

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $31
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)

Formal methods have long been advocated for the development of provably secure software. However, the lack of formal requirements elaboration and the limited scalability afforded by such methods have led to employing informal or semi-formal methods for large-scale software development. In our effort to produce highly secure software in a systematic, provable and cost-effective manner, the authors have proposed formal analysis and design for engineering security (FADES) as the first goal-oriented software security engineering approach that provides an automated bridge between the goal-oriented semi-formal Knowledge Acquisition for autOmated Specifications (KAOS) framework and the B formal method. Automating the transition from requirements to specifications; considered one of the most difficult steps in the software development lifecycle, is vital to the success of FADES. Further, the automated derivation of a suite of acceptance test cases from the requirements model in FADES provides means to verify security implementation against the requirements model. In this study, the authors propose an automated process using FADES to systematically derive B specifications and a suite of acceptance test cases from goal-oriented security requirements. Further, the authors empirically validate the effectiveness of the FADES automated bridge that paves the grounds for formal design and implementation. The empirical validation involves both security engineering practitioners and experts in formal methods for security. The extensive results obtained demonstrate the effectiveness of the FADES automated bridge in producing secure software in a cost-effective manner.

Published in:

Software, IET  (Volume:4 ,  Issue: 2 )