Proc. International Conference on Fundamental Aspects of Software Engineering (FASE'09)
Wirsing, Martin
Chechik, C.
Springer
Vol. 5503 of Lecture Notes in Computer Science (LNCS)
325-339
Yes
978-3-642-00592-3
International Conference on Fundamental Aspects of Software Engineering (FASE'09)
03-2009
York, UK
[en] model transformation ; graph transformation ; Security ; E-Government type graph with inheritance
[en] E-government services usually process large amounts of confidential data, but simultaneously they shall provide simple and userfriendly graphical interfaces. Therefore, security requirements for the communication between components have to be adhered in a very strict way. Hence it is of main interest that developers can analyze their modularized models of actual systems and that they can detect critical patterns. For this purpose, we present a general and formal framework for critical pattern detection and user-driven correction as well as possibilities for automatic analysis and verification of security requirements on the meta model level. The technique is based on the formal theory of graph transformation, which we extend to transformations of type graphs with inheritance within a type graph hierarchy in order to enable the specification of relevant security requirements in this scenario. The extended theory is shown to fulfil the conditions of a weak adhesive HLR category allowing us to transfer analysis techniques and results shown for this abstract framework of graph transformation. In particular, we discuss how confluence analysis and parallelization can be used to enable distributed critical pattern detection.
[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
