Security Engineering for Lifelong Evolvable Systems

The SecureChange Process

Existing security engineering or change management processes (e.g., SDL, ITIL Change Management) are able to identify the major activities and artefacts of security or change management, and catalogue the vulnerabilities and safeguards of the system. However, process steps have to be performed in a fixed sequence on the whole system and its artefacts, and usually the analysis of change effects is not supported. To overcome these limitations in SecureChange a change-driven security engineering process is developed.

The following figure summarizes the actors and artefacts of the SecureChange process.

The main characteristics of the SecureChange process are the following.

  • Design activities driven by change and change propagation;
  • Change propagation based on documented interdependencies between artefacts;
  • Supporting the collaboration of stakeholders;
  • Supporting a rigorous model-driven approach.

The responsibilities and benefits when using the SecureChange process for the main actors can be summarized as follows.

Stakeholder

  • Responsibilities: Identify requirements / practical problems, provide domain knowledge.
  • Secure Change results: Assessment of solutions in change management with respect to security.

System Architect

  • Responsibilities: React to change events triggered within or outside the own scope, continuously configure security services.
  • SecureChange results: Tool-supported change-driven security engineering process, architectural change patterns, highly configurable security architecture.

Requirements Engineer

  • Responsibilities:  Elicitation, Validation, and Verification of Security Requirements.
  • SecureChange results: Graphical representation of requirements evolution; change management process; tool for change impact analysis.

Security Expert

  • Responsibilities: Define, operationalize and implement security strategy; introduce security related updates and enforce security of general system patches
  • SecureChange results: Change driven tool-supported security analysis & engineering approach

Risk analyst

  • Responsibilities: Risk analysis of changing and evolving systems.
  • SecureChange results: Methods for systematic identification, analysis, and evaluation of changing and evolving risks in changing and evolving systems.

Verification Expert

  • Responsibilities: Maintaining security of evolving software (development- and run-time).
  • SecureChange results: Verifiably safe exception handling and dynamic code loading; on-device information flow verifier for open systems.

Test Engineer

  • Responsibilities: Test case Creation and Execution, Quality evaluation / Reporting.
  • SecureChange results: Automatic test suite completion, integration in common process.