Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security engineering based on structured formal reasoning

: Fuchs, A.; Rudolph, C.


Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
ASE International Conference on BioMedical Computing, BioMedCom 2012. Proceedings : 14-16 December, 2012, Washington, DC, USA
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2013
ISBN: 978-1-4673-5495-0 (Print)
ISBN: 978-0-7695-4938-5
International Conference on BioMedical Computing (BioMedCom) <2012, Washington/DC>
Workshop on Redefining and Integrating Security Engineering (RISE) <2012, Washington/DC>
Conference Paper
Fraunhofer SIT ()

Security by Design and Secure Engineering are among the most pressing challenges in IT Security research and practice. Increased attacker potential and dependence on IT-Systems in economy and in critical infrastructures cause a higher demand in securely engineered systems and thus in new approaches and methodologies. This paper introduces a consistent methodology for designing secure systems during the specification phase. The Security Modeling Framework SeMF serves as basis for its security vocabulary. We extend SeMF by the concept of SeMF Building Blocks SeBBs as reasoning tool and provide a security design process utilizing them as refinement artifacts. This process guides the decision making during the system specification phase focused on the security aspects and integrates with refinement driven functional engineering processes. Our approach further results in a security design documentation and residual assumptions that can serve as a basis for risk assessment, c ode review, and organizational security means during deployment.