Integrating Security Protocols in Scenario-based Requirements Specifications

Thorsten Koch; Sascha Trippel; Stefan Dziwok; Eric Bodden

doi:10.5220/0010783300003119

Integrating Security Protocols in Scenario-based Requirements Specifications

Thorsten Koch, Sascha Trippel, Stefan Dziwok, Eric Bodden

2022

Abstract

Software-intensive systems such as internet services, factories, or vehicles are characterized by complex functionality and strong interconnection. This interconnection leads to a high risk of cyber-attacks. To reduce this risk, software-intensive systems must fulfill various security requirements and integrate security mechanisms such as security protocols. Security protocols ensure secure communication between and within software-intensive systems. However, the application of security protocols could negatively impact other parts of the systems (e.g., its communication behavior) since the protocols introduce further messages and computing- intensive operations to the system’s behavior. Therefore, the development of software-intensive systems needs to cover functional and security aspects. This paper presents a model- and scenario-based requirements engineering approach to integrate security protocols in application-specific requirements specifications systematically. Thereby, requirements engineers with limited security knowledge can integrate established and validated security protocols in their application to increase the security. In particular, our approach provides parameterizable templates for security protocols and references these templates in other specifications. Furthermore, it provides the simulative validation of the requirements specification. We show that our approach is applicable in practice through a case study involving application scenarios from the automotive domain and established security protocols.

Download

Paper Citation

in Harvard Style

Koch T., Trippel S., Dziwok S. and Bodden E. (2022). Integrating Security Protocols in Scenario-based Requirements Specifications. In Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD, ISBN 978-989-758-550-0, pages 15-25. DOI: 10.5220/0010783300003119

in Bibtex Style

@conference{modelsward22,
author={Thorsten Koch and Sascha Trippel and Stefan Dziwok and Eric Bodden},
title={Integrating Security Protocols in Scenario-based Requirements Specifications},
booktitle={Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,},
year={2022},
pages={15-25},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010783300003119},
isbn={978-989-758-550-0},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,
TI - Integrating Security Protocols in Scenario-based Requirements Specifications
SN - 978-989-758-550-0
AU - Koch T.
AU - Trippel S.
AU - Dziwok S.
AU - Bodden E.
PY - 2022
SP - 15
EP - 25
DO - 10.5220/0010783300003119