A security oriented approach in the development of multiagent systems : applied to the management of the health and social care needs of older people in England.

Security can play an important role in the development of some multi agent systems. However, a careful analysis of software development processes indicates that the definition of security requirements is, usually, considered after the design of the system. This approach, usually, leads to problems, such as conflicts between security and functional requirements, which can translate into security vulnerabilities. As a result, the integration of security issues in agent oriented software engineering methodologies has been identified as an important issue. Nevertheless, developers of agent oriented software engineering methodologies have mainly neglected security engineering and in fact very little evidence has been reported on work that integrates security issues into the development stages of agent oriented software engineering methodologies. This thesis advances the current state of the art In agent oriented software engineering in many ways. It identifies problems associated with the integration of security and software engineering and proposes a set of minimum requirements that a security oriented process should demonstrate. It extends the concepts and the development process of the Tropos methodology with respect to security to allow developers, even those with minimum security knowledge, to identify desired security requirements for their multi agent systems, reason about them, and as a result develop a system that satisfies its security requirements. In doing so, this research has developed (1) an analysis technique to enable developers to select amongst alternative architectural styles using as criteria the security requirements of the system, (2) a pattern language consisting of security patterns for multi agent systems, and (3) a scenario-based technique that allows developers to test the reaction of the system to potential attacks. The applicability of the approach is demonstrated by employing it in the development of the electronic single assessment process (eSAP) system, a real-life case study that provided the initial motivation for this research

Security-Driven Software Evolution Using A Model Driven Approach

High security level must be guaranteed in applications in order to mitigate risks during the deployment of information systems in open network environments. However, a significant number of legacy systems remain in use which poses security risks to the enterprise’ assets due to the poor technologies used and lack of security concerns when they were in design. Software reengineering is a way out to improve their security levels in a systematic way. Model driven is an approach in which model as defined by its type directs the execution of the process. The aim of this research is to explore how model driven approach can facilitate the software reengineering driven by security demand. The research in this thesis involves the following three phases. Firstly, legacy system understanding is performed using reverse engineering techniques. Task of this phase is to reverse engineer legacy system into UML models, partition the legacy system into subsystems with the help of model slicing technique and detect existing security mechanisms to determine whether or not the provided security in the legacy system satisfies the user’s security objectives. Secondly, security requirements are elicited using risk analysis method. It is the process of analysing key aspects of the legacy systems in terms of security. A new risk assessment method, taking consideration of asset, threat and vulnerability, is proposed and used to elicit the security requirements which will generate the detailed security requirements in the specific format to direct the subsequent security enhancement. Finally, security enhancement for the system is performed using the proposed ontology based security pattern approach. It is the stage that security patterns derived from security expertise and fulfilling the elicited security requirements are selected and integrated in the legacy system models with the help of the proposed security ontology. The proposed approach is evaluated by the selected case study. Based on the analysis, conclusions are drawn and future research is discussed at the end of this thesis. The results show this thesis contributes an effective, reusable and suitable evolution approach for software security

An Educational Framework to Support Industrial Control System Security Engineering

Industrial Control Systems (ICSs) are used to monitor and control critical infrastructure such as electricity and water. ICS were originally stand-alone systems, but are now widely being connected to corporate national IT networks, making remote monitoring and more timely control possible. While this connectivity has brought multiple benefits to ICS, such as cost reductions and an increase in redundancy and flexibility, ICS were not designed for open connectivity and therefore are more prone to security threats, creating a greater requirement for adequate security engineering approaches. The culture gap between developers and security experts is one of the main challenges of ICS security engineering. Control system developers play an important role in building secure systems; however, they lack security training and support throughout the development process. Security training, which is an essential activity in the defence-indepth strategy for ICS security, has been addressed, but has not been given sufficient attention in academia. Security support is a key means by which to tackle this challenge via assisting developers in ICS security by design. This thesis proposes a novel framework, the Industrial Control System Security Engineering Support (ICS-SES), which aims to help developers in designing secure control systems by enabling them to reuse secure design patterns and improve their security knowledge. ICS-SES adapts pattern-based approach to guide developers in security engineering, and an automated planning technique to provide adaptive on-the-job security training tailored to personal needs. The usability of ICS-SES has been evaluated using an empirical study in terms of its effectiveness in assisting the design of secure control systems and improving developers’ security knowledge. The results show that ICS-SES can efficiently help control system designers to mitigate security vulnerabilities and improve their security knowledge, reducing the difficulties associated with the security engineering process, and the results have been found to be statically significant. In summary, ICS-SES provides a unified method of supporting an ICS security by design approach. It fosters a development environment where engineers can improve their security knowledge while working in a control system production line.Libyan Embassy in London, U

A Model-based transformation process to validate and implement high-integrity systems

Despite numerous advances, building High-Integrity Embedded systems remains a complex task. They come with strong requirements to ensure safety, schedulability or security properties; one needs to combine multiple analysis to validate each of them. Model-Based Engineering is an accepted solution to address such complexity: analytical models are derived from an abstraction of the system to be built. Yet, ensuring that all abstractions are semantically consistent, remains an issue, e.g. when performing model checking for assessing safety, and then for schedulability using timed automata, and then when generating code. Complexity stems from the high-level view of the model compared to the low-level mechanisms used. In this paper, we present our approach based on AADL and its behavioral annex to refine iteratively an architecture description. Both application and runtime components are transformed into basic AADL constructs which have a strict counterpart in classical programming languages or patterns for verification. We detail the benefits of this process to enhance analysis and code generation. This work has been integrated to the AADL-tool support OSATE2

Application of Software Engineering Principles to Synthetic Biology and Emerging Regulatory Concerns

As the science of synthetic biology matures, engineers have begun to deliver real-world applications which are the beginning of what could radically transform our lives. Recent progress indicates synthetic biology will produce transformative breakthroughs. Examples include: 1) synthesizing chemicals for medicines which are expensive and difficult to produce; 2) producing protein alternatives; 3) altering genomes to combat deadly diseases; 4) killing antibiotic-resistant pathogens; and 5) speeding up vaccine production. Although synthetic biology promises great benefits, many stakeholders have expressed concerns over safety and security risks from creating biological behavior never seen before in nature. As with any emerging technology, there is the risk of malicious use known as the dual-use problem. The technology is becoming democratized and de-skilled, and people in do-it-yourself communities can tinker with genetic code, similar to how programming has become prevalent through the ease of using macros in spreadsheets. While easy to program, it may be non-trivial to validate novel biological behavior. Nevertheless, we must be able to certify synthetically engineered organisms behave as expected, and be confident they will not harm natural life or the environment. Synthetic biology is an interdisciplinary engineering domain, and interdisciplinary problems require interdisciplinary solutions. Using an interdisciplinary approach, this dissertation lays foundations for verifying, validating, and certifying safety and security of synthetic biology applications through traditional software engineering concepts about safety, security, and reliability of systems. These techniques can help stakeholders navigate what is currently a confusing regulatory process. The contributions of this dissertation are: 1) creation of domain-specific patterns to help synthetic biologists develop assurance cases using evidence and arguments to validate safety and security of designs; 2) application of software product lines and feature models to the modular DNA parts of synthetic biology commonly known as BioBricks, making it easier to find safety features during design; 3) a technique for analyzing DNA sequence motifs to help characterize proteins as toxins or non-toxins; 4) a legal investigation regarding what makes regulating synthetic biology challenging; and 5) a repeatable workflow for leveraging safety and security artifacts to develop assurance cases for synthetic biology systems. Advisers: Myra B. Cohen and Brittany A. Dunca

Analysis of Human Affect and Bug Patterns to Improve Software Quality and Security

The impact of software is ever increasing as more and more systems are being software operated. Despite the usefulness of software, many instances software failures have been causing tremendous losses in lives and dollars. Software failures take place because of bugs (i.e., faults) in the software systems. These bugs cause the program to malfunction or crash and expose security vulnerabilities exploitable by malicious hackers. Studies confirm that software defects and vulnerabilities appear in source code largely due to the human mistakes and errors of the developers. Human performance is impacted by the underlying development process and human affects, such as sentiment and emotion. This thesis examines these human affects of software developers, which have drawn recent interests in the community. For capturing developers’ sentimental and emotional states, we have developed several software tools (i.e., SentiStrength-SE, DEVA, and MarValous). These are novel tools facilitating automatic detection of sentiments and emotions from the software engineering textual artifacts. Using such an automated tool, the developers’ sentimental variations are studied with respect to the underlying development tasks (e.g., bug-fixing, bug-introducing), development periods (i.e., days and times), team sizes and project sizes. We expose opportunities for exploiting developers’ sentiments for higher productivity and improved software quality. While developers’ sentiments and emotions can be leveraged for proactive and active safeguard in identifying and minimizing software bugs, this dissertation also includes in-depth studies of the relationship among various bug patterns, such as software defects, security vulnerabilities, and code smells to find actionable insights in minimizing software bugs and improving software quality and security. Bug patterns are exposed through mining software repositories and bug databases. These bug patterns are crucial in localizing bugs and security vulnerabilities in software codebase for fixing them, predicting portions of software susceptible to failure or exploitation by hackers, devising techniques for automated program repair, and avoiding code constructs and coding idioms that are bug-prone. The software tools produced from this thesis are empirically evaluated using standard measurement metrics (e.g., precision, recall). The findings of all the studies are validated with appropriate tests for statistical significance. Finally, based on our experience and in-depth analysis of the present state of the art, we expose avenues for further research and development towards a holistic approach for developing improved and secure software systems

The London Charter and the Seville Principles as sources of requirements for e-archaeology systems development purposes

[EN] Requirements engineering (RE) is a discipline of critical importance in software development. This paper provides a process and a set of software artefacts to help in the production of e-archaeology systems with emphasis on requirements reuse and standards. In particular, two important guidelines in the field of earchaeology, the London Charter and the Principles of Seville, have been shown as two sources of requirements to be considered as a starting point for developing this type of systems.[ES] La Ingeniería de Requisitos (IR) es una disciplina de importancia crítica en el desarrollo de software. Este artículo proporciona un proceso y un conjunto de artefactos software para ayudar en la producción de sistemas de e-arqueología con énfasis en reutilización de requisitos y estándares. En particular, dos guías relevantes en el campo de la e-arqueología, la Carta de Londres y los Principios de Sevilla, se han mostrado como dos fuentes de requisitos a tener en cuenta como punto de partida para el desarrollo de este tipo de sistemas.This research is part of the project PEGASO-PANGEA (TIN2009-13718-C02-02), financed by the Spanish Ministry of Science and Innovation (Spain).Carrillo Gea, JM.; Toval, A.; Fernández Alemán, JL.; Nicolás, J.; Flores, M. (2013). The London Charter and the Seville Principles as sources of requirements for e-archaeology systems development purposes. Virtual Archaeology Review. 4(9):205-211. https://doi.org/10.4995/var.2013.4275OJS20521149CH'NG, E. et al. (2011): "From sites to landscapes: how computing technology is shaping archaeological practice", en Computer, vol. 44, n. 7, pp. 40-46.COS, J.A. et al. (2012): "Internationalization requirements for e-learning audit purposes", en Proceedings of the 3rd IEEE Global Engineering Education Conference, EDUCON 2012, pp. 90-95. http://dx.doi.org/10.1109/educon.2012.6201027GLASS, R.L. (2002): Software engineering: facts and fallacies. Addison-Wesley. Boston.GREENFIELD, J. and SHORT, K. (2004): Software factories: assembling applications with patterns, models, frameworks, and tools. Wiley. Indianapolis.KÄKÖLÄ, T. and DUEÑAS, J.C. (Eds.) (2006): Software Product Lines. Research issues in engineering and management. Springer. Berlin Heidelberg. http://dx.doi.org/10.1007/978-3-540-33253-4TOVAL, A. et al. (2002): "Requirements reuse for improving information systems security: a practitioner's approach", en REJ Requirements Engineering Journal, vol. 6, n. 4, pp. 205-219.TOVAL, A. et al. (2008): "Eight key issues for an effective reuse-based requirements process", en IJCSSE International Journal of Computer Systems Science and Engineering, vol. 23, n. 6, pp. 373-385.TOVAL, A. et al. (2011): "Learning systems development using reusable standard-based requirements catalogs", en Proceedings of the 2nd IEEE Global Engineering Education Conference, EDUCON 2011, pp. 907- 912. http://dx.doi.org/10.1109/educon.2011.577325

Processus IDM pour l’intégration des patrons de sécurité dans une application à base de composants

Security has become an important challenge in current software and system development. Most of designers are experts in software development but not experts in security. It is important to guide them to apply security mechanisms in the early phases of software development to reduce time and cost of development. To reach this objective, we propose to apply security expertise as security patterns at software design phase. A security pattern is a well-understood solution to a recurring information security problem. So, security patterns encapsulate the knowledge accumulated by security experts to secure a software system. Although well documented, patterns are often neglected at the design level and do not constitute an intuitive solution that can be used by software designers. This can be the result of the maladjustment of those patterns to systems context, the inexpertness of designers with security solutions and the need of integration process to let designers apply those pattern ? solutions in practical situations and to work with patterns at higher levels of abstraction. To enable designers to use solutions proposed by security patterns, this thesis proposes a model driven engineering approach to secure applications through the integration of security patterns. Component-based approach is a powerful means to develop and reuse complex systems. In this thesis, we take component based software systems as an application domain for our approach to facilitate the development of applications by assembling prefabricated software building blocks called components. The proposed process provides separation between domain expertise and application security expertise, both of which are needed to build a secure application. Our main goal is to provide a semi-automatic integrating of security patterns into component-based models, and producing an executable secure code. This integration is performed through a set of transformation rules. The result of this integration is a new model supporting security concepts. It is then automatically translated into aspect-oriented code related to security. These aspects are then woven in a modular way within the functional application code to enforce specified security properties. The use of aspect technology in the implementation phase guarantees that the application of security patterns is independent from any particular implementation. In order to provide a clear comprehension of the SCRIP process, we have described it using the standard SPEM . This work is implemented in a software tool called SCRI-TOOL (SeCurity patteRn Integration Tool). This tool allows not security experts developers to integrate different security properties throughout the development cycle of an component based application. To illustrate the use of SCRI-TOOL, we propose a case study regarding electronic healthcare systems. The choice of such a case study is motivated by the great attention archived for such systems from academia and industry and by the importance of security in such systems. Indeed, because of the large number of actors that can interact in such systems, security is a critical requirement. This case study will also allow us to illustrate the proposed methodology to highlight the importance of security management at a high level of abstraction. As results of the application of this process, we obtain a health care application completely secure and meeting the requirements of medical context.La sécurité est devenue un enjeu important dans le développement des systèmes logiciels actuels. La majorité des concepteurs de ces systèmes manquent d’expertise dans le domaine de la sécurité. Il s’avère donc important de les guider tout au long des différentes phases de développement logiciel dans le but de produire des systèmes plus sécurisés. Cela permettra de réduire le temps ainsi que les coûts de développement. Pour atteindre cet objectif, nous proposons d’appliquer l’expertise en matière de sécurité sous forme de patrons de sécurité lors de la phase de conception de logiciels. Un patron de sécurité intègre des solutions éprouvées et génériques proposées par des experts en sécurité. Cependant, les patrons de sécurité sont souvent négligés au niveau de la conception et ne constituent pas une solution intuitive qui peut être utilisée par les concepteurs de logiciels. Cela peut être le résultat de l’inadaptation de ces patrons au contexte des systèmes, la non-expertise des concepteurs dans le domaine de la sécurité ou encore l’absence d’un processus d’intégration de ces patrons dans les modèles à un haut niveau d’abstraction.Afin de permettre aux concepteurs d’utiliser les solutions proposées par des patrons de sécurité, cette thèse propose une approche d’ingénierie dirigée par les modèles pour sécuriser des applications via l’intégration de patrons de sécurité. Nous avons choisi comme contexte d’application de notre approche, les applications à base de composants qui visent à faciliter le développement d’applications à partir de l’assemblage de briques logicielles préfabriquées appelées composants. Le processus proposé assure la séparation entre l’expertise du domaine d’application et l’expertise de sécurité, toutes les deux étant nécessaires pour construire une application sécurisée. La méthodologie proposée assure une intégration semi-automatique des patrons de sécurité dans le modèle initial. Cette intégration est réalisée tout d’abord lors de la modélisation de l’application à travers, dans un premier temps, l’élaboration de profils étendant les concepts du domaine avec les concepts de sécurité. Dans un second temps, l’intégration se fait à travers la définition de règles, qui une fois appliquées, génèrent une application sécurisée. Finalement, cette intégration est assurée aussi au niveau de la génération du code fonctionnel de l’application en intégrant le code non-fonctionnel relatif à la sécurité à travers l’utilisation des aspects. L’utilisation de l’approche orientée aspect garantit que l’application des patrons de sécurité est indépendante de toute application particulière. Le processus proposé est décrit avec le standard SPEM.Ce travail a été concrétisé par un outil nommé SCRI-TOOL pour SeCurity patteRn Integration Tool. Cet outil permet aux développeurs non experts en sécurité d’intégrer les différentes propriétés de sécurité (intégrées dans les patrons) dans une application à base de composants. Afin d’illustrer l’utilisation de SCRI-TOOL, nous proposons une étude de cas portant sur le domaine des systèmes de soins distribués. Le choix d’une telle étude de cas s’explique par l’importance des exigences en termes de sécurité requises pour le bon fonctionnement d’une telle application. En effet, vue le grand nombre d’acteurs pouvant interagir, la sécurité est une exigence critique dans de tels systèmes. Cette étude nous a permis de mettre en évidence l’importance de la gestion de la sécurité à un haut niveau d’abstraction et la façon d’appliquer la méthodologie proposée sur un cas réel

Combined automotive safety and security pattern engineering approach

Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt