{"title":"Identifying Security Issues with MBSE while Rebuilding Legacy Software Systems","authors":"Donatas Mazeika, R. Butleris","doi":"10.1109/SoSE50414.2020.9130491","DOIUrl":null,"url":null,"abstract":"in this paper, we introduce how Model-based System Engineering (MBSE) could be leveraged in order to tackle security issues while recreating legacy software systems. Originally, MBSE was dedicated to managing the complex system creation in terms of system requirements, design, analysis, verification and validation activities leaving security aspects aside. However, previous research shows that security analysis activity could be integrated into MBSE activity and powerful MBSE tools such as change impact analysis, simulation, validation, and verification could be successfully applied in cross-cutting disciplines. The paper presents guidelines on how and when to apply various security techniques (e.g. security requirements, misuse cases, attack scenarios) in the MBSE environment. The case study demonstrates and proves the adaptability of the security guidelines on the realworld software system modernization project.","PeriodicalId":121664,"journal":{"name":"2020 IEEE 15th International Conference of System of Systems Engineering (SoSE)","volume":"110 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE 15th International Conference of System of Systems Engineering (SoSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SoSE50414.2020.9130491","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
in this paper, we introduce how Model-based System Engineering (MBSE) could be leveraged in order to tackle security issues while recreating legacy software systems. Originally, MBSE was dedicated to managing the complex system creation in terms of system requirements, design, analysis, verification and validation activities leaving security aspects aside. However, previous research shows that security analysis activity could be integrated into MBSE activity and powerful MBSE tools such as change impact analysis, simulation, validation, and verification could be successfully applied in cross-cutting disciplines. The paper presents guidelines on how and when to apply various security techniques (e.g. security requirements, misuse cases, attack scenarios) in the MBSE environment. The case study demonstrates and proves the adaptability of the security guidelines on the realworld software system modernization project.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
