Maintaining security requirements of software systems using evolving crosscutting dependencies

Security requirements are concerned with protecting assets of a system from harm. Implemented as code aspects to weave protection mechanisms into the system, security requirements need to be validated when changes are made to the programs during system evolution. However, it was not clear for developers whether existing validation procedures such as test cases are sufficient for security and when the implemented aspects need to adapt. In this chapter, we propose an approach for detecting any change to the satisfaction of security requirements in three steps: (1) identify the asset variables in the systems that are only accessed by a join-point method; (2) trace these asset variables to identify both control and data dependencies between the non-aspect and aspect functions; and (3) update the test cases ac-cording to implementation of these dependencies to strengthen the protection when a change happens. These steps are illustrated by a case study of a meeting scheduling system where security is a critical concern

Baseline assessment of pharmacovigilance activities in four sub-Saharan African countries: a perspective on tuberculosis.

BACKGROUND: New medicines have become available for the treatment of drug-resistant tuberculosis (DR-TB) and are introduced in sub-Saharan Africa (SSA) by the national TB programs (NTPs) through special access schemes. Pharmacovigilance is typically the task of national medicines regulatory agencies (NMRAs), but the active drug safety monitoring and management (aDSM) recommended for the new TB medicines and regimens was introduced through the NTPs. We assessed the strengths and challenges of pharmacovigilance systems in Eswatini, Ethiopia, Nigeria and Tanzania, focusing on their capacity to monitor safety of medicines registered and not registered by the NMRAs for the treatment of DR-TB. METHODS: Assessment visits were conducted to all four countries by a multidisciplinary team. We used a pharmacovigilance indicator tool derived from existing tools, interviewed key stakeholders, and visited health facilities where DR-TB patients were treated with new medicines. Assessment results were verified with the local NMRAs and NTPs. RESULTS: Most countries have enabling laws, regulations and guidelines for the conduct of pharmacovigilance by the NMRAs. The relative success of NTP-NMRA collaboration is much influenced by interpersonal relationships between staff. Division of roles and responsibilities is not always clear and leads to duplication and unfulfilled tasks (e.g. causality assessment). The introduction of aDSM has increased awareness among DR-TB healthcare providers. CONCLUSION: aDSM has created awareness about the importance of pharmacovigilance among NTPs. In the future, a push for conducting pharmacovigilance through public health programs seems useful, but this needs to coincide with increased collaboration with between public health programs and NMRAs with clear formulation of roles and responsibilities

Optimizing Feature Interaction Detection

© 2017, Springer International Publishing AG. The feature interaction problem has been recognized as a general problem of software engineering. The problem appears when a combination of features interacts generating a conflict, exhibiting a behaviour that is unexpected for the features considered in isolation, possibly resulting in some critical safety violation. Verification of absence of critical feature interactions has been the subject of several studies. In this paper, we focus on functional interactions and we address the problem of the 3-way feature interactions, i.e. interactions that occur only when three features are all included in the system, but not when only two of them are. In this setting, we define a widely applicable definition framework, within which we show that a 3 (or greater)-way interaction is always caused by a 2-way interaction, i.e. that pairwise sampling is complete, hence reducing to quadratic the complexity of automatic detection of incorrect interaction

Requirements Engineering

Requirements Engineering (RE) aims to ensure that systems meet the needs of their stakeholders including users, sponsors, and customers. Often consid- ered as one of the earliest activities in software engineering, it has developed into a set of activities that touch almost every step of the software development process. In this chapter, we reflect on how the need for RE was first recognised and how its foundational concepts were developed. We present the seminal papers on four main activities of the RE process, namely (i) elicitation, (ii) modelling & analysis, (iii) as- surance, and (iv) management & evolution. We also discuss some current research challenges in the area, including security requirements engineering as well as RE for mobile and ubiquitous computing. Finally, we identify some open challenges and research gaps that require further exploration

The impact of HIV/SRH service integration on workload: analysis from the Integra Initiative in two African settings.

BACKGROUND: There is growing interest in integration of HIV and sexual and reproductive health (SRH) services as a way to improve the efficiency of human resources (HR) for health in low- and middle-income countries. Although this is supported by a wealth of evidence on the acceptability and clinical effectiveness of service integration, there is little evidence on whether staff in general health services can easily absorb HIV services. METHODS: We conducted a descriptive analysis of HR integration through task shifting/sharing and staff workload in the context of the Integra Initiative - a large-scale five-year evaluation of HIV/SRH integration. We describe the level, characteristics and changes in HR integration in the context of wider efforts to integrate HIV/SRH, and explore the impact of HR integration on staff workload. RESULTS: Improvements in the range of services provided by staff (HR integration) were more likely to be achieved in facilities which also improved other elements of integration. While there was no overall relationship between integration and workload at the facility level, HIV/SRH integration may be most influential on staff workload for provider-initiated HIV testing and counselling (PITC) and postnatal care (PNC) services, particularly where HIV care and treatment services are being supported with extra SRH/HIV staffing. Our findings therefore suggest that there may be potential for further efficiency gains through integration, but overall the pace of improvement is slow. CONCLUSIONS: This descriptive analysis explores the effect of HIV/SRH integration on staff workload through economies of scale and scope in high- and medium-HIV prevalence settings. We find some evidence to suggest that there is potential to improve productivity through integration, but, at the same time, significant challenges are being faced, with the pace of productivity gain slow. We recommend that efforts to implement integration are assessed in the broader context of HR planning to ensure that neither staff nor patients are negatively impacted by integration policy

Dynamic security metrics for measuring the effectiveness of moving target defense techniques

Moving Target Defense (MTD) utilizes granularity, flexibility and elasticity properties of emerging networking technologies in order to continuously change the attack surface. There are many different MTD techniques proposed in the past decade to thwart cyberattacks. Due to the diverse range of different MTD techniques, it is of paramount importance to assess and compare their effectiveness. However, each technique causes distinct (dynamic) changes in the network, making an objective comparison difficult. In this paper, we incorporate MTD techniques into a temporal graph-based graphical security model, and develop a new set of dynamic security metrics to assess and compare their effectiveness. To this end, we first categorize and compare different attack and defense efforts. Second, we describe the temporal graph-based graphical security model to capture dynamic changes made by various MTD techniques in the network. We then develop a new set of security metrics for attack and defense efforts to evaluate the effectiveness of the MTD techniques. We implement two different MTD techniques, namely network topology shuffle and software diversity, and show their effectiveness against a targeted attack scenario in our experimental analysis. The results demonstrate that the proposed dynamic security metrics can capture different properties of MTD techniques, permitting a more fine-grained comparison and offering guidance for selecting the most effective MTD technique.This work was made possible by the support of a grant ( NPRP 8-531-1-111 ) from the Qatar National Research Fund (QNRF). The statements made herein are solely the responsibility of the authors.Scopu

Systematic identification of threats in the cloud: A Survey

When a vulnerability is discovered in a system, some key questions often asked by the security analyst are what threat(s) does it pose, what attacks may exploit it, and which parts of the system it affects. Answers to those questions provide the necessary information for the security assessment and to implement effective countermeasures. In the cloud, this problem is more challenging due to the dynamic characteristics, such as elasticity, virtualization, and migration - changing the attack surface over time. This survey explores threats to the cloud by investigating the linkages between threats, attacks and vulnerabilities, and propose a method to identify threats systematically in the cloud using the threat classifications. First, we trace vulnerabilities to threats by relating vulnerabilities-to-attacks, and then relating attacks-to-threats. We have established the traceability through an extensive literature review and synthesis that resulted in a classification of attacks in the cloud, where we use the Microsoft STRIDE threat modeling approach as a guide for relating attacks to threats. Our approach is the genesis towards a concrete method for systematically identifying potential threats to assets provisioned and managed through the cloud. We demonstrate the approach through its application using a cloud deployment case study scenario.This paper was made possible by Grant NPRP8-531-1-111 from Qatar National Research Fund (QNRF)Scopu

SpiralSRA: A threat-specific security risk assessment framework for the cloud

Conventional security risk assessment approaches for cloud infrastructures do not explicitly consider risk with respect to specific threats. This is a challenge for a cloud provider because it may apply the same risk assessment approach in assessing the risk of all of its clients. In practice, the threats faced by each client may vary depending on their security requirements. The cloud provider may also apply generic mitigation strategies that are not guaranteed to be effective in thwarting specific threats for different clients. This paper proposes a threat-specific risk assessment framework which evaluates the security risk with respect to specific threats by considering only those threats that are relevant to a particular cloud client. The risk assessment process is divided into three phases which have inter-related activities arranged in a spiral. An application of the framework to a cloud deployment case study shows that considering risk with respect to specific threats leads to a more accurate quantification of security risk. Although our framework is motivated by security risk assessment challenges in the cloud it can be applied in any network environment. ? 2018 IEEE.ACKNOWLEDGMENT This paper was made possible by Grant NPRP 8-531-1-111 from Qatar National Research Fund (QNRF). The statements made herein are solely the responsibility of the authors.Scopu

ThreatRiskEvaluator: A Tool for Assessing Threat-Specific Security Risks in the Cloud

In cloud computing, security risks posed to individual clients are different based on their specific security requirements. In current practice, cloud providers usually apply generic protection mechanisms that may not be effective in addressing specific threats for different clients. In this paper, we describe a tool, called 'ThreatRiskEvaluator' that assesses security risks that are specific and relevant to specific cloud clients. The tool implements a novel risk analysis mechanism that utilizes various security-related properties of the cloud such as vulnerability information, the probability of an attack, as well as client-specific security requirements. The method enables cloud providers to make fine-grained decisions for selecting specific protection mechanisms to tackle specific risks posed to individual clients based on their security needs against specific threats. - 2019 IEEE.ACKNOWLEDGMENT This paper was made possible by Grant NPRP 8-531-1-111 from Qatar National Research Fund (QNRF). The statements made herein are solely the responsibility of the authors.Scopu