1 / 5

Full life cycle support for security concerns

Full life cycle support for security concerns. minutes topics Wouter Joosen. AOSD and Full Life Cycle Support …general…. What is the state-of-the-art in AOSD in general (in terms of full life cycle support). What is an aspect? (from the AORE workshop) Typical for security

moswen
Download Presentation

Full life cycle support for security concerns

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Full life cycle support for security concerns minutes topics Wouter Joosen

  2. AOSD and Full Life Cycle Support…general… • What is the state-of-the-art in AOSD in general (in terms of full life cycle support). • What is an aspect? (from the AORE workshop) • Typical for security • Novel and hard to capture requirements (anonymity, privacy …) • Requirements state what is expected behavior, but also and extensively, what is not… • Close coupling between security and application logic (authorization)… • What can be applied to security?...

  3. Security and full life cycle supportarchitecture and design level • What is the value of UML extensions for security? (Design for security) • Is UML helpful for security? • How about protocols? …work of Siobhan Clarke et all. • Look at UML for AOSD… • …work of Siobhan Clarke et all • Security architecture – how does it relate to the overall software architecture? • Embeds a tremendous amount of knowledge… • But lack of clear notation/meaning • Opportunity: • Disentangle and document security solutions…

  4. Security and full life cycle supportimplementation level NOT COVERED… • Components versus code (programming) level? • Role of deployment descriptors in a component framework? • Role of middle-ware?

  5. Adoption… • Which security standards are relevant for this discussion? • Adoption by ‘serious’ users. • Why take the risk? • Organizational barriers: … expert is not necessarily motivated… • What is the status:? Maybe we are at a beachhead…

More Related