To main content

Threats management throughout the software service life-cycle

Abstract

Software services are inevitably exposed to a fluctuating threat picture. Unfortunately, not all threats can be handled only with preventivemeasures during design and development, but also require adaptivemitigations
at runtime. In this paper we describe an approachwhere wemodel composite services and threats together, which allows us to create preventive measures at design-time. At runtime, our specification also allows the service runtime environment (SRE) to receive alerts about active threats that we have not handled, and react to these automatically through adaptation of the composite service. A goal-oriented security requirements modelling tool is used to model business-level threats and analyse how they may impact goals. A process flow modelling tool, utilising Business Process Model and Notation (BPMN) and standard error boundary events, allows us to define how threats should be responded to during service execution on a technical level. Throughout the software lifecycle, we maintain threats in a centralised threat repository. Re-use of these threats extends further into monitoring alerts being distributed through a cloud-based messaging service. To demonstrate our approach in practice, we have developed a proof-of-concept service for the Air Traffic Management (ATM) domain. In addition to the design-time activities, we show how this composite service duly adapts itself when a service component is exposed to a threat at runtime.

Category

Academic article

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Software Engineering, Safety and Security

Year

2014

Published in

Electronic Proceedings in Theoretical Computer Science

ISSN

2075-2180

Volume

148

Page(s)

1 - 14

View this publication at Cristin