Orchestrating Security and System Engineering for Evolving Systems

(Invited Paper)
  • Fabio Massacci
  • Fabrice Bouquet
  • Elizabeta Fourneret
  • Jan Jurjens
  • Mass S. Lund
  • Sébastien Madelénat
  • JanTobias Muehlberg
  • Federica Paci
  • Stéphane Paul
  • Frank Piessens
  • Bjornar Solhaug
  • Sven Wenzel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6994)


How to design a security engineering process that can cope with the dynamic evolution of Future Internet scenarios and the rigidity of existing system engineering processes? The SecureChange approach is to orchestrate (as opposed to integrate) security and system engineering concerns by two types of relations between engineering processes: (i) vertical relations between successive security-related processes; and (ii) horizontal relations between mainstream system engineering processes and concurrent security-related processes. This approach can be extended to cover the complete system/ software lifecycle, from early security requirement elicitation to runtime configuration and monitoring, via high-level architecting, detailed design, development, integration and design-time testing. In this paper we illustrate the high-level scientific principles of the approach.


Smart Card Security Requirement Security Property Requirement Model Traceability Link 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bergmann, G., et al.: Change-Driven Model Transformations. Change (in) the Rule to Rule the Change. In: Software and System Modeling (to appear, 2011)Google Scholar
  2. 2.
    Bergmann, G., Horváth, Á., Ráth, I., Varró, D., Balogh, A., Balogh, Z., Ökrös, A.: Incremental evaluation of model queries over EMF models. In: Petriu, D.C., Rouquette, N., Haugen, Ø. (eds.) MODELS 2010. LNCS, vol. 6394, pp. 76–90. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
    Breu, M., Breu, R., Löw, S.: Living on the MoVE: Towards an Architecture for a Living Models Infrastructure. International Journal on Advances in Software, 290–295 (2010)Google Scholar
  4. 4.
    Chechik, M., et al.: Relationship-based change propagation: A case study. In: Proc. of the ICSE Workshop on Modeling in Software Engineering (MISE 2009), pp. 7–12. IEEE, Los Alamitos (2009)CrossRefGoogle Scholar
  5. 5.
    De Win, B., et al.: On the secure software development process: CLASP, SDL and Touchpoints compared. Information and Software Technology 51(7), 1152–1171 (2009)CrossRefGoogle Scholar
  6. 6.
    Deliverable 3.2 “A Methodology for Evolutionary Requirements”,
  7. 7.
  8. 8.
    Dragoni, N., et al.: A Load Time Policy Checker for Open Multi-Application Smart Cards. In: Proc. of IEEE Policy 2011. IEEE, Los Alamitos (2011)Google Scholar
  9. 9.
    Elahi, G., Yu, E., Zannone, N.: A vulnerability-centric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities. Requirements Engineering 15, 41–62 (2010)CrossRefGoogle Scholar
  10. 10.
    Félix, E., Delande, O., Massacci, F., Paci, F.: Managing Changes with Legacy Security Engineering Processes. In: Proc. of IEEE Int. Conf. on Intelligence and Security Informatics (2011)Google Scholar
  11. 11.
    Fourneret, E., et al.: Selective Test Generation Method for Evolving Critical Systems. In: Proc. of 1st Int. Workshop on Regression Testing. IEEE, Los Alamitos (2011)Google Scholar
  12. 12.
    Fourneret, E., et al.: Model-Based Security Verification and Testing for Smart-cards. In: Proc. of ARES 2011. IEEE, Los Alamitos (2011)Google Scholar
  13. 13.
    Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Requirements engineering for trust management: model, methodology, and reasoning. Internat. Journal of Information Security 5(4), 257–274 (2006)CrossRefzbMATHGoogle Scholar
  14. 14.
    Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Trans. Softw. Eng. 34, 133–153 (2008)CrossRefGoogle Scholar
  15. 15.
    Hassine, J., Rilling, J., Hewitt, J.: Change impact analysis for requirement evolution using use case maps. In: Proc. of the 8th Intl. Workshop on Principles of Software Evolution, pp. 81–90. IEEE, Los Alamitos (2005)Google Scholar
  16. 16.
    Innerhofer-Oberperfler, F., Hafner, M., Breu, R.: Living Security – Collaborative Security Management in a Changing World. In: Proc. of IASTED Int. Conf. on Soft. Eng. (2011)Google Scholar
  17. 17.
    ISO 12207, Systems and software engineering — Software life cycle processes, ISO (2008)Google Scholar
  18. 18.
    ISO 15288, Systems and software engineering — System life cycle processes, ISO (2008)Google Scholar
  19. 19.
    ISO 31000, Risk management – Principles and guidelines, ISO (2009)Google Scholar
  20. 20.
    Jacobs, B., Piessens, F.: Expressive modular fine-grained concurrency specification. In: Proc. of POPL 2011, pp. 271–282. ACM, New York (2011)Google Scholar
  21. 21.
    Jacobs, B., Smans, J., Piessens, F.: A quick tour of the VeriFast program verifier. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 304–311. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  22. 22.
    Jürjens, J., Marchal, L., Ochoa, M., Schmidt, H.: Incremental security verification for evolving uMLsec models. In: France, R.B., Kuester, J.M., Bordbar, B., Paige, R.F. (eds.) ECMFA 2011. LNCS, vol. 6698, pp. 52–68. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  23. 23.
    Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)zbMATHGoogle Scholar
  24. 24.
    Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis – The CORAS Approach. Springer, Heidelberg (2011)CrossRefzbMATHGoogle Scholar
  25. 25.
    Lund, M.S., Solhaug, B., Stølen, K.: Risk Analysis of Changing and Evolving Systems Using CORAS. In: Aldini, A., Gorrieri, R. (eds.) FOSAD 2011. LNCS, vol. 6858, pp. 231–274. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  26. 26.
    Massacci, F., Mylopolous, J., Paci, F., Tun, T.T., Yu, Y.: An Extended Ontology for Security Requirements. In: 1st Internat. Workshop on Information Systems Security Engineering (WISSE 2011), London (2011)Google Scholar
  27. 27.
    Massacci, F., Mylopoulos, J., Zannone, N.: Computer-aided support for Secure Tropos. Automated Software Eng. 14, 341–364 (2007)CrossRefGoogle Scholar
  28. 28.
    Normand, V., Félix, E.: Toward model-based security engineering: developing a security analysis DSML. In: Proc. of ECMDA-FA (2009)Google Scholar
  29. 29.
    Philippaerts, P., et al.: The Belgian Electronic Identity Card: A Verification Case Study. In: Proc. AVOCS 2011 (2011) (submitted)Google Scholar
  30. 30.
    System Security Eng. Capability Maturity Model,
  31. 31.
    Tran, M.S., Massacci, F.: Dealing with Known Unknowns: Towards a Game-Theoretic Foundation for Software Requirement Evolution. In: Mouratidis, H., Rolland, C. (eds.) CAiSE 2011. LNCS, vol. 6741, pp. 62–76. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  32. 32.
    Tun, T.T., Yu, Y., Laney, R., Nuseibeh, B.: Early identification of problem interactions: A tool-supported approach. In: Glinz, M., Heymans, P. (eds.) REFSQ 2009 Amsterdam. LNCS, vol. 5512, pp. 74–88. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  33. 33.
    Tun, T.T., et al.: Model-based argument analysis for evolving security requirements. In: Proc. of the IEEE SSIRI 2010, pp. 88–97. IEEE, Los Alamitos (2010)Google Scholar
  34. 34.
    van Lamsweerde, A.: Elaborating security requirements by construction of intentional anti-models. In: Proc. of ICSE 2004, pp. 148–157. ACM, New York (2004)Google Scholar
  35. 35.
    Vogels, F., Jacobs, B., Piessens, F., Smans, J.: Annotation inference for separation logic based verifiers. In: Bruni, R., Dingel, J. (eds.) FORTE 2011 and FMOODS 2011. LNCS, vol. 6722, pp. 319–333. Springer, Heidelberg (2011)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Fabio Massacci
    • 1
  • Fabrice Bouquet
    • 2
  • Elizabeta Fourneret
    • 2
  • Jan Jurjens
    • 3
  • Mass S. Lund
    • 4
  • Sébastien Madelénat
    • 5
  • JanTobias Muehlberg
    • 6
  • Federica Paci
    • 1
  • Stéphane Paul
    • 5
  • Frank Piessens
    • 6
  • Bjornar Solhaug
    • 4
  • Sven Wenzel
    • 3
  1. 1.Univ. of TrentoItaly
  2. 2.Lab. d’Inform. de Franche-ComtŕFrance
  3. 3.TU. DortmundGermany
  4. 4.SINTEF ICTNorway
  5. 5.Thales Research & Tech.France
  6. 6.Katholieke Univ. LeuvenBelgium

Personalised recommendations