SlideShare une entreprise Scribd logo

Nessos securechange cluster meeting

F
fcleary
TechnologieBusiness
1  sur  9
Télécharger pour lire hors ligne
Fabio Massacci, UNITN, Federica Paci, UNITN Stephane Paul, MANAGING SECURITY AND THALES CHANGES AT MODEL LEVEL (SECURE CHANGE)
SECURE CHANGE PROJECT Challenge: support evolution while maintaining security at all levels of the software development process Solution: Change driven security engineering process Interplay between risk assessment and different phases of software engineering process Models as basic unit of change Change propagation is supported by identifying mappings at conceptual level and orchestrating the respective analysis process 02/08/2011 2
SECURITY ENGINEERING PROCESS Interplay between software life-cycle phases and risk assessment activities Change management artefacts and methodologies are sprinkled throughout the whole phases 02/08/2011 3
CHANGE PROPAGATION Concepts are mapped amongst the requirement and risk domains The mapped concepts are the basis for processes orchestration and change propagation When a change affects a concept of the interface, the change is propagated to the other domain. 02/08/2011 4
A POSSIBLE INSTANTIATION Requirements models are Si* models – goal oriented requirements language by UNITN Risk Models are RA DSML models – domain specific language for risk analysis by THALES Mapped concepts Rem. Business Object - Risk. Essential Elements Rem.Goal - Risk.Security Objective Rem.Security Goal – Risk.Security Requirement Rem.Process – Risk Security Solution 02/08/2011 5
AN EXAMPLE – BEFORE REQUIREMNT MODEL Evolution in ATM Domain - Introduction of a new tool to support the controllers during approach phase 02/08/2011 6
AN EXAMPLE –EVOLUTION IN ATM Risk analyst identifies a new risk Failure in the provisioning of correct or optimal arrival information due to ATCO mistakes Two security objectives are defined: The system shall be computed automatically by an Arrival Manager system The update of the system should be handled through a dedicated role of Sequence Manager Security objectives are refined into security requirements: The system should integrate an AMAN The organization should integrate a SQM 02/08/2011 7
AN EXAMPLE – AFTER REQUIREMENT MODEL 02/08/2011 8
More details about the project at www.securechange.eu 02/08/2011 9

Recommandé

8. operational risk management
8. operational risk management8. operational risk management
8. operational risk managementSekaransrinivasan Srini
 
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Tope Omitola
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meetingfcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectivesfcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meetingfcleary
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meetingfcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meetingfcleary
 

Recommandé

8. operational risk management
8. operational risk management8. operational risk management
8. operational risk managementSekaransrinivasan Srini
 
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...
Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: ...Tope Omitola
 
Vis sense cluster meeting
Vis sense cluster meetingVis sense cluster meeting
Vis sense cluster meetingfcleary
 
Models Workshop Objectives
Models Workshop ObjectivesModels Workshop Objectives
Models Workshop Objectivesfcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meetingfcleary
 
Endorse cluster meeting
Endorse cluster meetingEndorse cluster meeting
Endorse cluster meetingfcleary
 
Massif road mapping_20110704
Massif road mapping_20110704Massif road mapping_20110704
Massif road mapping_20110704fcleary
 
Massif cluster meeting
Massif cluster meetingMassif cluster meeting
Massif cluster meetingfcleary
 
Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meetingfcleary
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meetingfcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meetingfcleary
 
Tdl
TdlTdl
Tdlfcleary
 
Syssec
SyssecSyssec
Syssecfcleary
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trustfcleary
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meetingfcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides amsfcleary
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisifcleary
 
Nessos
NessosNessos
Nessosfcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1fcleary
 
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxmattinsonjanel
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation IJECEIAES
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Vincenzo De Florio
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringVincenzo De Florio
 
Attack scripts generation for security validation fr
Attack scripts generation for security validation frAttack scripts generation for security validation fr
Attack scripts generation for security validation frra992634
 
Security challenges in mobile ad hoc
Security challenges in mobile ad hocSecurity challenges in mobile ad hoc
Security challenges in mobile ad hocIJCSES Journal
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXNGINX, Inc.
 
Information Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxInformation Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxlanagore871
 

Contenu connexe

En vedette

Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meetingfcleary
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meetingfcleary
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meetingfcleary
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trustfcleary
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1fcleary
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meetingfcleary
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides amsfcleary
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meetingfcleary
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisifcleary
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1fcleary
 

En vedette (13)

Posecco cluster meeting
Posecco cluster meetingPosecco cluster meeting
Posecco cluster meeting
 
Aniketos 2nd cluster meeting
Aniketos 2nd cluster meetingAniketos 2nd cluster meeting
Aniketos 2nd cluster meeting
 
Assert4soa cluster meeting
Assert4soa cluster meetingAssert4soa cluster meeting
Assert4soa cluster meeting
 
Tdl
TdlTdl
Tdl
 
Syssec
SyssecSyssec
Syssec
 
Workshop summary software assurance and trust
Workshop summary software assurance and trustWorkshop summary software assurance and trust
Workshop summary software assurance and trust
 
VIKING cluster meeting 1
VIKING cluster meeting 1VIKING cluster meeting 1
VIKING cluster meeting 1
 
U trustit_cluster meeting
U trustit_cluster meetingU trustit_cluster meeting
U trustit_cluster meeting
 
T&s roadmap slides ams
T&s roadmap slides amsT&s roadmap slides ams
T&s roadmap slides ams
 
Posecco clustering meeting
Posecco clustering meetingPosecco clustering meeting
Posecco clustering meeting
 
Viking vi cisi
Viking vi cisiViking vi cisi
Viking vi cisi
 
Nessos
NessosNessos
Nessos
 
Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1Effect splus systems-and-network-cluster-results-draft-v1
Effect splus systems-and-network-cluster-results-draft-v1
 

Similaire à Nessos securechange cluster meeting

TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxmattinsonjanel
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation IJECEIAES
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Vincenzo De Florio
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringVincenzo De Florio
 
Attack scripts generation for security validation fr
Attack scripts generation for security validation frAttack scripts generation for security validation fr
Attack scripts generation for security validation frra992634
 
Security challenges in mobile ad hoc
Security challenges in mobile ad hocSecurity challenges in mobile ad hoc
Security challenges in mobile ad hocIJCSES Journal
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELIJCSEIT Journal
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXNGINX, Inc.
 
Information Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxInformation Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxlanagore871
 
Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...IJECEIAES
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsArun Prabhakar
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security InitiativesMarco Morana
 
2015 03-04 presentation1
2015 03-04 presentation12015 03-04 presentation1
2015 03-04 presentation1ifi8106tlu
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesAvi Networks
 
Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...Luigi Buglione
 
Automating safety engineering with model based techniques
Automating safety engineering with model based techniquesAutomating safety engineering with model based techniques
Automating safety engineering with model based techniquesJuha-Pekka Tolvanen
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementSatya Harish
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management FraDustiBuckner14
 

Similaire à Nessos securechange cluster meeting (20)

TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docxTECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
TECHNICAL REPORTCMUSEI-99-TR-017ESC-TR-99-017Operat.docx
 
A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation A UML Profile for Security and Code Generation
A UML Profile for Security and Code Generation
 
Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013Icssea 2013 arrl_final_08102013
Icssea 2013 arrl_final_08102013
 
ARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems EngineeringARRL: A Criterion for Composable Safety and Systems Engineering
ARRL: A Criterion for Composable Safety and Systems Engineering
 
Attack scripts generation for security validation fr
Attack scripts generation for security validation frAttack scripts generation for security validation fr
Attack scripts generation for security validation fr
 
Security challenges in mobile ad hoc
Security challenges in mobile ad hocSecurity challenges in mobile ad hoc
Security challenges in mobile ad hoc
 
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODELSECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
SECURITY VIGILANCE SYSTEM THROUGH LEVEL DRIVEN SECURITY MATURITY MODEL
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINXEasily View, Manage, and Scale Your App Security with F5 NGINX
Easily View, Manage, and Scale Your App Security with F5 NGINX
 
Information Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docxInformation Security Assurance Capability Maturity Model (ISA-.docx
Information Security Assurance Capability Maturity Model (ISA-.docx
 
Se project-methodology-for-security-project-web
Se project-methodology-for-security-project-webSe project-methodology-for-security-project-web
Se project-methodology-for-security-project-web
 
Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification Solutions
 
Software Security Initiatives
Software Security InitiativesSoftware Security Initiatives
Software Security Initiatives
 
2015 03-04 presentation1
2015 03-04 presentation12015 03-04 presentation1
2015 03-04 presentation1
 
Web Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery PipelinesWeb Application Security for Continuous Delivery Pipelines
Web Application Security for Continuous Delivery Pipelines
 
Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...Improving Quality and Cost-effectiveness in Enterprise Software Application ...
Improving Quality and Cost-effectiveness in Enterprise Software Application ...
 
Automating safety engineering with model based techniques
Automating safety engineering with model based techniquesAutomating safety engineering with model based techniques
Automating safety engineering with model based techniques
 
G05.2013 Security Information and Event Management
G05.2013 Security Information and Event ManagementG05.2013 Security Information and Event Management
G05.2013 Security Information and Event Management
 
Paper4
Paper4Paper4
Paper4
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Fra
 

Plus de fcleary

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report fcleary
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meetingfcleary
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meetingfcleary
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus wsfcleary
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingfcleary
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meetingfcleary
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fclearyfcleary
 

Plus de fcleary (7)

Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Wsanacip tampres cluster meeting
Wsanacip tampres cluster meetingWsanacip tampres cluster meeting
Wsanacip tampres cluster meeting
 
Comifin cluster meeting
Comifin cluster meetingComifin cluster meeting
Comifin cluster meeting
 
Bic effectplus ws
Bic effectplus wsBic effectplus ws
Bic effectplus ws
 
Assert4soa 2nd cluster meeting
Assert4soa 2nd cluster meetingAssert4soa 2nd cluster meeting
Assert4soa 2nd cluster meeting
 
Nessos cluster meeting
Nessos cluster meetingNessos cluster meeting
Nessos cluster meeting
 
Amsterdam logistics fcleary
Amsterdam logistics fclearyAmsterdam logistics fcleary
Amsterdam logistics fcleary
 

Dernier

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Dernier (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Nessos securechange cluster meeting

  • 1. Fabio Massacci, UNITN, Federica Paci, UNITN Stephane Paul, MANAGING SECURITY AND THALES CHANGES AT MODEL LEVEL (SECURE CHANGE)
  • 2. SECURE CHANGE PROJECT Challenge: support evolution while maintaining security at all levels of the software development process Solution: Change driven security engineering process Interplay between risk assessment and different phases of software engineering process Models as basic unit of change Change propagation is supported by identifying mappings at conceptual level and orchestrating the respective analysis process 02/08/2011 2
  • 3. SECURITY ENGINEERING PROCESS Interplay between software life-cycle phases and risk assessment activities Change management artefacts and methodologies are sprinkled throughout the whole phases 02/08/2011 3
  • 4. CHANGE PROPAGATION Concepts are mapped amongst the requirement and risk domains The mapped concepts are the basis for processes orchestration and change propagation When a change affects a concept of the interface, the change is propagated to the other domain. 02/08/2011 4
  • 5. A POSSIBLE INSTANTIATION Requirements models are Si* models – goal oriented requirements language by UNITN Risk Models are RA DSML models – domain specific language for risk analysis by THALES Mapped concepts Rem. Business Object - Risk. Essential Elements Rem.Goal - Risk.Security Objective Rem.Security Goal – Risk.Security Requirement Rem.Process – Risk Security Solution 02/08/2011 5
  • 6. AN EXAMPLE – BEFORE REQUIREMNT MODEL Evolution in ATM Domain - Introduction of a new tool to support the controllers during approach phase 02/08/2011 6
  • 7. AN EXAMPLE –EVOLUTION IN ATM Risk analyst identifies a new risk Failure in the provisioning of correct or optimal arrival information due to ATCO mistakes Two security objectives are defined: The system shall be computed automatically by an Arrival Manager system The update of the system should be handled through a dedicated role of Sequence Manager Security objectives are refined into security requirements: The system should integrate an AMAN The organization should integrate a SQM 02/08/2011 7
  • 8. AN EXAMPLE – AFTER REQUIREMENT MODEL 02/08/2011 8
  • 9. More details about the project at www.securechange.eu 02/08/2011 9