Deakin University
Browse

File(s) under permanent embargo

Adaptive security for software systems

Version 2 2024-06-04, 06:02
Version 1 2016-08-23, 15:56
chapter
posted on 2024-06-04, 06:02 authored by Mohamed AbdelrazekMohamed Abdelrazek, JC Grundy, A Ibrahim
With continuously changing operational and business needs, system security is one of the key system capabilities that need to be updated as well. Most security engineering efforts focus on engineering security requirements of software systems at design time and existing adaptive security engineering efforts require complex design-time preparation. In this chapter we discuss the needs for adaptive software security, and key efforts in this area. We then introduce a new runtime adaptive security engineering approach, which enables adapting software security capabilities at runtime based on new security objectives, risks/threats, requirements as well as newly reported vulnerabilities. We categorize the source of adaptation in terms of manual adaptation (managed by end users), and automated adaption (automatically triggered by the platform). The new platform makes use of new ideas we built for vulnerability analysis, security engineering using aspect-oriented programming, and model-driven engineering techniques.

History

Chapter number

5

Pagination

99-127

ISBN-13

9780128028551

Language

eng

Publication classification

B Book chapter, B1 Book chapter

Copyright notice

2017, Elsevier

Extent

14

Editor/Contributor(s)

Mistrik I, Ali N, Grundy J, Kazman R, Schmerl B

Publisher

Morgan Kaufmann

Place of publication

Burlington, Mass.

Title of book

Managing trade-offs in adaptable software architectures