Security Engineering Process - Short Description

The Security Engineering Process (SEP) helps the system engineer in the creation of her secure system in many ways. This process (and the tool that supports it) is being developed together with NoMagic Inc. (creator of MagicDraw). While in the current processes the system engineer needs a very strong security expertise in order to create the security properties of the system, its solutions (implementations), tests that check if they are secure and provide the necessary functionality, etc. the SEP provides the necessary information and tools to the system engineer so her work is very simplified.

The process has a separation of responsibilities functionality so each specific task is done by a specific user. This way, there exist a user that creates the security libraries (DSMs), other user creates the security solutions and patterns (Security Patterns and Security Building Blocks), other user creates the system model using the security libraries, etc. The best benefit for the system engineer is that she doesn't need to create the security solutions, tests and certifications for the system she is creating, she only needs to obtain a DSM for the specific domain she is working with (MANET, Web Services, Metering Devices, etc.) and apply the security properties defined there for fulfilling the security requirements of the system.

Each security property provides: information about the property, tests for checking its resilience, information of the external or additional elements it needs, the different solutions that implement the security property (e.g. a solution using a security api, using TPMs, etc.), certifications provided by the security solution and how to assure them, etc.

The other main role of the SEP is the DSM creator. She creates DSMs that contain solutions for each security properties. The DSMs are uploaded to a web repository (e.g. where they are parsed and can be accessed by any user. We plan in creating private repositories with companies we have work with in order to help them create DSMs for their work domains so they can be used by their system engineers. The DSMs of the public repositories will be used also for creating a community and improve them with new and better functionality.

List of related publications

Jose Fran. Ruiz, Marcos Arjona, Niklas Carstens and Antonio Maña. Secure Engineering and Modelling of a Metering Devices System. Secure Software Engineering (SecSE'13). 2013

Jose Fran. Ruiz, Marcos Arjona, Janne Paatero and Antonio Maña. Emergency Systems Modelling using a Security Engineering Process. Simultech'13. 2013

Jose Fran. Ruiz, Antonio Maña, Carsten Rudolph, Janne Paatero and Marcos Arjona. A Security Engineering Process for Secure Modelling of Systems. NATO Symposium on Architecture Definition & Evaluation. 2013

Andre Rein, Carsten Rudolph and Jose Fran. Ruiz. Building Secure Systems Using a Security Engineering Process and Security Building Blocks. Zertifizierung und modellgetriebene Entwicklung sicherer Software (ZeMoSS-Workshop). 2013

Antonio Maña. Towards an Integrated Security Engineering and Software Engineering Discipline: The SecFutur Approach. Third International Workshop on Information Systems Security Engineering – WISSE’13. 2013

Jose Fran. Ruiz, Vasily Desnitsky, Rajesh Harjani, Antonio Mañna, Igor Kotenko and Andrey Chechulin. A Methodology for the Analysis and Modeling of Security Threats and Attacks for Systems of Embedded Components. 20th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing, 2012, IEEE

Andre Rein, Carsten Rudolph, Jose Fran. Ruiz and Marcos Arjona. Introducing Security Building Block Models. RISE'12, Workshop on Redefining and Integrating Security Engineering at ASE/IEEE International Conference on Cyber Security 12. 2012

Jose Fran. Ruiz, Andre Rein, Marcos Arjona, Antonio Maña, Antonie Monsifrot and Michel Morvan. Security Engineering and Modelling of Set-top Boxes. RISE'12, Workshop on Redefining and Integrating Security Engineering at ASE/IEEE International Conference on Cyber Security 12. 2012

Jose Fran. Ruiz, Vasily Desnitsky, Igor Kotenko, Antonio Maña and Andrey Chechulin. Design of telecommunication systems with embedded devices. 14th Conference "RusCrypto" on Cryptology, Steganography, Digital Signature and Security Systems, 2012

Jose Fran. Ruiz, Rajesh Harjani and Antonio Maña. A Security-focused Engineering Process for Systems of Embedded Components. International Workshop on Security and Dependability for Resource Constrained Embedded Systems (SD4RCES'11), 2011, ACM

Antonio Maña and Jose Fran. Ruiz. A Security Modelling Framework for Systems of Embedded Components. 13th IEEE International High Assurance Systems Engineering Symposium, 2011, IEEE, Boca Ratón, Florida, EEUU