SlideShare una empresa de Scribd logo

Nessos securechange cluster meeting

F
fcleary
TecnologíaEmpresariales
1 de 9
Descargar para leer sin conexión
Fabio Massacci, UNITN, Federica Paci, UNITN Stephane Paul, MANAGING SECURITY AND THALES CHANGES AT MODEL LEVEL (SECURE CHANGE)
SECURE CHANGE PROJECT Challenge: support evolution while maintaining security at all levels of the software development process Solution: Change driven security engineering process Interplay between risk assessment and different phases of software engineering process Models as basic unit of change Change propagation is supported by identifying mappings at conceptual level and orchestrating the respective analysis process 02/08/2011 2
SECURITY ENGINEERING PROCESS Interplay between software life-cycle phases and risk assessment activities Change management artefacts and methodologies are sprinkled throughout the whole phases 02/08/2011 3
CHANGE PROPAGATION Concepts are mapped amongst the requirement and risk domains The mapped concepts are the basis for processes orchestration and change propagation When a change affects a concept of the interface, the change is propagated to the other domain. 02/08/2011 4
A POSSIBLE INSTANTIATION Requirements models are Si* models – goal oriented requirements language by UNITN Risk Models are RA DSML models – domain specific language for risk analysis by THALES Mapped concepts Rem. Business Object - Risk. Essential Elements Rem.Goal - Risk.Security Objective Rem.Security Goal – Risk.Security Requirement Rem.Process – Risk Security Solution 02/08/2011 5
AN EXAMPLE – BEFORE REQUIREMNT MODEL Evolution in ATM Domain - Introduction of a new tool to support the controllers during approach phase 02/08/2011 6
AN EXAMPLE –EVOLUTION IN ATM Risk analyst identifies a new risk Failure in the provisioning of correct or optimal arrival information due to ATCO mistakes Two security objectives are defined: The system shall be computed automatically by an Arrival Manager system The update of the system should be handled through a dedicated role of Sequence Manager Security objectives are refined into security requirements: The system should integrate an AMAN The organization should integrate a SQM 02/08/2011 7
AN EXAMPLE – AFTER REQUIREMENT MODEL 02/08/2011 8
More details about the project at www.securechange.eu 02/08/2011 9

Recomendados

8. operational risk management
8. operational risk management8. operational risk management
8. operational risk managementSekaransrinivasan Srini
 
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Tope Omitola
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meetingfcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectivesfcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meetingfcleary
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meetingfcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meetingfcleary
 

Recomendados

8. operational risk management
8. operational risk management8. operational risk management
8. operational risk managementSekaransrinivasan Srini
 
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Tope Omitola
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meetingfcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectivesfcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meetingfcleary
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meetingfcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meetingfcleary
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meetingfcleary
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meetingfcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meetingfcleary
 
Tdl
TdlTdl
Tdlfcleary
 
Syssec
SyssecSyssec
Syssecfcleary
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trustfcleary
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meetingfcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides amsfcleary
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisifcleary
 
Nessos
NessosNessos
Nessosfcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1fcleary
 
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxmattinsonjanel
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation IJECEIAES
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Vincenzo De Florio
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringVincenzo De Florio
 
Attack scripts generation for security validation fr
Attack scripts generation for security validation frAttack scripts generation for security validation fr
Attack scripts generation for security validation frra992634
 
Security challenges in mobile ad hoc
Security challenges in mobile ad hocSecurity challenges in mobile ad hoc
Security challenges in mobile ad hocIJCSES Journal
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXNGINX, Inc.
 
Information Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxInformation Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxlanagore871
 

Más contenido relacionado

Destacado

Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meetingfcleary
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meetingfcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meetingfcleary
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trustfcleary
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meetingfcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides amsfcleary
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisifcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1fcleary
 

Destacado (13)

Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meeting
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
 
Tdl
TdlTdl
Tdl
 
Syssec
SyssecSyssec
Syssec
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trust
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
 
Nessos
NessosNessos
Nessos
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
 

Similar a Nessos securechange cluster meeting

TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxmattinsonjanel
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation IJECEIAES
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Vincenzo De Florio
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringVincenzo De Florio
 
Attack scripts generation for security validation fr
Attack scripts generation for security validation frAttack scripts generation for security validation fr
Attack scripts generation for security validation frra992634
 
Security challenges in mobile ad hoc
Security challenges in mobile ad hocSecurity challenges in mobile ad hoc
Security challenges in mobile ad hocIJCSES Journal
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXNGINX, Inc.
 
Information Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxInformation Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxlanagore871
 
Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...IJECEIAES
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsArun Prabhakar
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security InitiativesMarco Morana
 
2015 03-04 presentation1
2015 03-04 presentation12015 03-04 presentation1
2015 03-04 presentation1ifi8106tlu
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesAvi Networks
 
Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...Luigi Buglione
 
Automating safety engineering with model based techniques
Automating safety engineering with model based techniquesAutomating safety engineering with model based techniques
Automating safety engineering with model based techniquesJuha-Pekka Tolvanen
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementSatya Harish
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management FraDustiBuckner14
 

Similar a Nessos securechange cluster meeting (20)

TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems Engineering
 
Attack scripts generation for security validation fr
Attack scripts generation for security validation frAttack scripts generation for security validation fr
Attack scripts generation for security validation fr
 
Security challenges in mobile ad hoc
Security challenges in mobile ad hocSecurity challenges in mobile ad hoc
Security challenges in mobile ad hoc
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINX
 
Information Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxInformation Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docx
 
Se project-methodology-for-security-project-web
Se project-methodology-for-security-project-webSe project-methodology-for-security-project-web
Se project-methodology-for-security-project-web
 
Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification Solutions
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
 
2015 03-04 presentation1
2015 03-04 presentation12015 03-04 presentation1
2015 03-04 presentation1
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery Pipelines
 
Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...
 
Automating safety engineering with model based techniques
Automating safety engineering with model based techniquesAutomating safety engineering with model based techniques
Automating safety engineering with model based techniques
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event Management
 
Paper4
Paper4Paper4
Paper4
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Fra
 

Más de fcleary

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meetingfcleary
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meetingfcleary
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus wsfcleary
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingfcleary
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meetingfcleary
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fclearyfcleary
 

Más de fcleary (7)

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meeting
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meeting
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fcleary
 

Último

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 

Último (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 

Nessos securechange cluster meeting

  • 1. Fabio Massacci, UNITN, Federica Paci, UNITN Stephane Paul, MANAGING SECURITY AND THALES CHANGES AT MODEL LEVEL (SECURE CHANGE)
  • 2. SECURE CHANGE PROJECT Challenge: support evolution while maintaining security at all levels of the software development process Solution: Change driven security engineering process Interplay between risk assessment and different phases of software engineering process Models as basic unit of change Change propagation is supported by identifying mappings at conceptual level and orchestrating the respective analysis process 02/08/2011 2
  • 3. SECURITY ENGINEERING PROCESS Interplay between software life-cycle phases and risk assessment activities Change management artefacts and methodologies are sprinkled throughout the whole phases 02/08/2011 3
  • 4. CHANGE PROPAGATION Concepts are mapped amongst the requirement and risk domains The mapped concepts are the basis for processes orchestration and change propagation When a change affects a concept of the interface, the change is propagated to the other domain. 02/08/2011 4
  • 5. A POSSIBLE INSTANTIATION Requirements models are Si* models – goal oriented requirements language by UNITN Risk Models are RA DSML models – domain specific language for risk analysis by THALES Mapped concepts Rem. Business Object - Risk. Essential Elements Rem.Goal - Risk.Security Objective Rem.Security Goal – Risk.Security Requirement Rem.Process – Risk Security Solution 02/08/2011 5
  • 6. AN EXAMPLE – BEFORE REQUIREMNT MODEL Evolution in ATM Domain - Introduction of a new tool to support the controllers during approach phase 02/08/2011 6
  • 7. AN EXAMPLE –EVOLUTION IN ATM Risk analyst identifies a new risk Failure in the provisioning of correct or optimal arrival information due to ATCO mistakes Two security objectives are defined: The system shall be computed automatically by an Arrival Manager system The update of the system should be handled through a dedicated role of Sequence Manager Security objectives are refined into security requirements: The system should integrate an AMAN The organization should integrate a SQM 02/08/2011 7
  • 8. AN EXAMPLE – AFTER REQUIREMENT MODEL 02/08/2011 8
  • 9. More details about the project at www.securechange.eu 02/08/2011 9