权益分类	功能权益	普通用户	{{item.name}}会员
{{category.name}}	{{benefitItem.name}}

Unifying security and software Product family models to enhance information confidentiality

统一安全和软件产品系列模型以增强信息机密性

基本信息

批准号：
RGPIN-2014-06115
负责人：
Khedri, Ridha
金额：
$ 1.46万
依托单位：
McMaster University
依托单位国家：
加拿大
项目类别：
Discovery Grants Program - Individual
财政年份：
2016
资助国家：
加拿大
起止时间：
2016-01-01 至 2017-12-31
项目状态：
已结题

来源：
https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=612042
关键词：
Unifying security software Product family

项目摘要

Security and, in particular, information confidentiality are becoming more and more valuable to governments, military, corporations, financial institutions, hospitals, and private businesses as they amass a great deal of confidential information about their employees, customers, products, research and financial status. So far, security-modeling work has been largely independent of system requirements and product family modeling. It is a common practice to model system requirements first and then security is added as an afterthought. Usually the security part of a system is overlaid on the subsystem of the main functionality. It is the long-term objective of this research program to unify feature modeling and other early requirements models with confidentiality models to gain a unified view of the product family and its confidentiality requirements. The aim is to obtain models that can evolve with the changes in the software family environments, which would enable us generate and propagate the needed changes to the security prevention and detection mechanisms. Consequently, we systematically and quickly strengthen the responses of the products of a software family to emerging threats. The proposed research will take the following complementary research directions: 1) Investigate models that capture the domain and security knowledge in preventing indirect unauthorized information leakage through cover channel communication. This direction will involve a formal representation of an ontology that is suitable for an algebraic specification of software systems. 2) Expand our early-established results on product family to equip feature models with a representation of the context and the environment in which each feature of the family is expected to evolve. This context and each feature environment are captured by the domain and security ontology. 3) Explore dynamic instantiation of confidentiality policy and the mechanisms for enhancing information confidentiality. From a set of confidentiality rules given by the security risk management officers, a more thorough and complete set of rules are generated (calculated) taking into account the security knowledge and domain knowledge of the product family. The proposed research would enable us to have software systems that can on the fly update their confidentiality policy and mechanisms with each change in the environment. The security and software domain ontology will capture changes in the system's environment and then a new set of confidentiality rules will formally be calculated and included in the system. I aim at adopting an algebraic approach to formally model and unify security and product families models. The proposed methodology, due to its algebraic flavor, brings a calculational way to generate confidentiality rules and verification of the properties of the unified model. Moreover, it brings rigor in modeling and fosters a disciplined approach to software engineering to handle security aspects. The proposed calculational processes would be easily automated using computer algebra systems and theorem provers. The proposed research represents a rigorous approach to enhance information confidentially in an ever-changing world. The obtained results would bring major contributions to information security and affect research in other areas that use ontologies such as business intelligence and eHealth.

随着政府、军方、企业、金融机构、医院和私营企业积累了大量关于员工、客户、产品、研究和财务状况的机密信息，安全，特别是信息保密性，对政府、军事、企业、金融机构、医院和私营企业来说变得越来越重要。到目前为止，安全建模工作在很大程度上独立于系统需求和产品系列建模。通常的做法是，首先对系统需求建模，然后再添加安全性。通常，系统的安全部分覆盖在主要功能的子系统上。本研究计划的长期目标是将特征建模和其他早期需求模型与机密性模型统一起来，以获得对产品族及其机密性需求的统一视图。其目的是获得能够随着软件系列环境的变化而演变的模型，这将使我们能够生成并传播安全预防和检测机制所需的更改。因此，我们系统地、快速地加强了软件系列产品对新出现的威胁的响应。提出的研究将采取以下补充研究方向：1)研究通过覆盖信道通信获取领域和安全知识以防止间接未经授权的信息泄露的模型。这个方向将涉及适合于软件系统的代数规范的本体的形式表示。2)扩展我们早期建立的关于产品族的结果，为特征模型配备表示族中每个特征预期发展的上下文和环境的表示。该上下文和每个特征环境由域和安全本体捕获。3)探索机密性策略的动态实例化和信息保密性增强机制。从安全风险管理官员提供的一组保密规则中，考虑到产品系列的安全知识和领域知识，生成(计算)更全面和完整的规则集。拟议的研究将使我们能够拥有能够随着环境中的每一次变化而动态更新其保密政策和机制的软件系统。安全和软件领域本体将捕获系统环境中的变化，然后将正式计算一组新的保密规则并将其包括在系统中。我的目标是采用代数方法对安全和产品族模型进行形式化建模和统一。由于其代数性质，该方法为生成保密规则和验证统一模型的性质提供了一种计算方法。此外，它带来了建模的严密性，并促进了处理安全方面的软件工程的有纪律的方法。使用计算机代数系统和定理证明器，拟议的计算过程将很容易实现自动化。这项拟议的研究代表了一种在不断变化的世界中提高信息保密性的严格方法。所获得的结果将为信息安全带来重大贡献，并影响使用本体论的其他领域的研究，如商业智能和电子健康。