Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings

Sven Peldszus; Katja Tuma; Daniel Strüber; Jan Jürjens; Riccardo Scandariato

doi:10.1109/MODELS.2019.00-18

Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings

Sven Peldszus, Katja Tuma, Daniel Strüber, Jan Jürjens, Riccardo Scandariato

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

During the development of security-critical software, the system implementation must capture the security properties postulated by the architectural design. This paper presents an approach to support secure data-flow compliance checks between design models and code. To iteratively guide the developer in discovering such compliance violations we introduce automated mappings. These mappings are created by searching for correspondences between a design-level model (Security Data Flow Diagram) and an implementation-level model (Program Model). We limit the search space by considering name similarities between model elements and code elements as well as by the use of heuristic rules for matching data-flow structures. The main contributions of this paper are three-fold. First, the automated mappings support the designer in an early discovery of implementation absence, convergence, and divergence with respect to the planned software design. Second, the mappings also support the discovery of secure data-flow compliance violations in terms of illegal asset flows in the software implementation. Third, we present our implementation of the approach as a publicly available Eclipse plugin and its evaluation on five open source Java projects (including Eclipse secure storage).

Original language	English
Title of host publication	Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019
Editors	Marouane Kessentini, Tao Yue, Tao Yue, Alexander Pretschner, Sebastian Voss, Loli Burgueno, Loli Burgueno
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	23-33
Number of pages	11
ISBN (Electronic)	9781728125350
DOIs	https://doi.org/10.1109/MODELS.2019.00-18
Publication status	Published - Sept 2019
Externally published	Yes
Event	22nd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, MODELS 2019 - Munich, Germany Duration: 15 Sept 2019 → 20 Sept 2019

Publication series

Name	Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019

Conference

Conference	22nd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, MODELS 2019
Country/Territory	Germany
City	Munich
Period	15/09/19 → 20/09/19

Bibliographical note

Publisher Copyright:
© 2019 IEEE.

Copyright:
Copyright 2020 Elsevier B.V., All rights reserved.

Keywords

Data Flow Diagram (DFD)
Model-to-Model Transformation (M2M)
Security compliance
Security-by-design

Access to Document

10.1109/MODELS.2019.00-18

Persistent URL (handle)

Persistent link

Cite this

Peldszus, S., Tuma, K., Strüber, D., Jürjens, J., & Scandariato, R. (2019). Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings. In M. Kessentini, T. Yue, T. Yue, A. Pretschner, S. Voss, L. Burgueno, & L. Burgueno (Eds.), Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019 (pp. 23-33). Article 8906984 (Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/MODELS.2019.00-18

Peldszus, Sven ; Tuma, Katja ; Strüber, Daniel et al. / Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings. Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019. editor / Marouane Kessentini ; Tao Yue ; Tao Yue ; Alexander Pretschner ; Sebastian Voss ; Loli Burgueno ; Loli Burgueno. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 23-33 (Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019).

@inproceedings{6c815b560c9c481b832eef8a73e15d2a,

title = "Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings",

abstract = "During the development of security-critical software, the system implementation must capture the security properties postulated by the architectural design. This paper presents an approach to support secure data-flow compliance checks between design models and code. To iteratively guide the developer in discovering such compliance violations we introduce automated mappings. These mappings are created by searching for correspondences between a design-level model (Security Data Flow Diagram) and an implementation-level model (Program Model). We limit the search space by considering name similarities between model elements and code elements as well as by the use of heuristic rules for matching data-flow structures. The main contributions of this paper are three-fold. First, the automated mappings support the designer in an early discovery of implementation absence, convergence, and divergence with respect to the planned software design. Second, the mappings also support the discovery of secure data-flow compliance violations in terms of illegal asset flows in the software implementation. Third, we present our implementation of the approach as a publicly available Eclipse plugin and its evaluation on five open source Java projects (including Eclipse secure storage).",

keywords = "Data Flow Diagram (DFD), Model-to-Model Transformation (M2M), Security compliance, Security-by-design",

author = "Sven Peldszus and Katja Tuma and Daniel Str{\"u}ber and Jan J{\"u}rjens and Riccardo Scandariato",

note = "Publisher Copyright: {\textcopyright} 2019 IEEE. Copyright: Copyright 2020 Elsevier B.V., All rights reserved.; 22nd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, MODELS 2019 ; Conference date: 15-09-2019 Through 20-09-2019",

year = "2019",

month = sep,

doi = "10.1109/MODELS.2019.00-18",

language = "English",

series = "Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "23--33",

editor = "Marouane Kessentini and Tao Yue and Tao Yue and Alexander Pretschner and Sebastian Voss and Loli Burgueno and Loli Burgueno",

booktitle = "Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019",

address = "United States",

}

Peldszus, S, Tuma, K, Strüber, D, Jürjens, J & Scandariato, R 2019, Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings. in M Kessentini, T Yue, T Yue, A Pretschner, S Voss, L Burgueno & L Burgueno (eds), Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019., 8906984, Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019, Institute of Electrical and Electronics Engineers Inc., pp. 23-33, 22nd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, MODELS 2019, Munich, Germany, 15/09/19. https://doi.org/10.1109/MODELS.2019.00-18

Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings. / Peldszus, Sven; Tuma, Katja; Strüber, Daniel et al.
Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019. ed. / Marouane Kessentini; Tao Yue; Tao Yue; Alexander Pretschner; Sebastian Voss; Loli Burgueno; Loli Burgueno. Institute of Electrical and Electronics Engineers Inc., 2019. p. 23-33 8906984 (Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019).

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings

AU - Peldszus, Sven

AU - Tuma, Katja

AU - Strüber, Daniel

AU - Jürjens, Jan

AU - Scandariato, Riccardo

PY - 2019/9

Y1 - 2019/9

N2 - During the development of security-critical software, the system implementation must capture the security properties postulated by the architectural design. This paper presents an approach to support secure data-flow compliance checks between design models and code. To iteratively guide the developer in discovering such compliance violations we introduce automated mappings. These mappings are created by searching for correspondences between a design-level model (Security Data Flow Diagram) and an implementation-level model (Program Model). We limit the search space by considering name similarities between model elements and code elements as well as by the use of heuristic rules for matching data-flow structures. The main contributions of this paper are three-fold. First, the automated mappings support the designer in an early discovery of implementation absence, convergence, and divergence with respect to the planned software design. Second, the mappings also support the discovery of secure data-flow compliance violations in terms of illegal asset flows in the software implementation. Third, we present our implementation of the approach as a publicly available Eclipse plugin and its evaluation on five open source Java projects (including Eclipse secure storage).

AB - During the development of security-critical software, the system implementation must capture the security properties postulated by the architectural design. This paper presents an approach to support secure data-flow compliance checks between design models and code. To iteratively guide the developer in discovering such compliance violations we introduce automated mappings. These mappings are created by searching for correspondences between a design-level model (Security Data Flow Diagram) and an implementation-level model (Program Model). We limit the search space by considering name similarities between model elements and code elements as well as by the use of heuristic rules for matching data-flow structures. The main contributions of this paper are three-fold. First, the automated mappings support the designer in an early discovery of implementation absence, convergence, and divergence with respect to the planned software design. Second, the mappings also support the discovery of secure data-flow compliance violations in terms of illegal asset flows in the software implementation. Third, we present our implementation of the approach as a publicly available Eclipse plugin and its evaluation on five open source Java projects (including Eclipse secure storage).

KW - Data Flow Diagram (DFD)

KW - Model-to-Model Transformation (M2M)

KW - Security compliance

KW - Security-by-design

UR - http://www.scopus.com/inward/record.url?scp=85076104119&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85076104119&partnerID=8YFLogxK

U2 - 10.1109/MODELS.2019.00-18

DO - 10.1109/MODELS.2019.00-18

M3 - Conference contribution

AN - SCOPUS:85076104119

T3 - Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019

SP - 23

EP - 33

BT - Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019

A2 - Kessentini, Marouane

A2 - Yue, Tao

A2 - Pretschner, Alexander

A2 - Voss, Sebastian

A2 - Burgueno, Loli

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 22nd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, MODELS 2019

Y2 - 15 September 2019 through 20 September 2019

ER -

Peldszus S, Tuma K, Strüber D, Jürjens J, Scandariato R. Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings. In Kessentini M, Yue T, Yue T, Pretschner A, Voss S, Burgueno L, Burgueno L, editors, Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 23-33. 8906984. (Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019). doi: 10.1109/MODELS.2019.00-18

Secure Data-Flow Compliance Checks between Models and Code Based on Automated Mappings

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Persistent URL (handle)

Other files and links

Fingerprint

Cite this