Presentation on theme: "Full life cycle support for security concerns minutes topics Wouter Joosen."— Presentation transcript:
Full life cycle support for security concerns minutes topics Wouter Joosen
AOSD and Full Life Cycle Support …general… What is the state-of-the-art in AOSD in general (in terms of full life cycle support). –What is an aspect? (from the AORE workshop) –Typical for security Novel and hard to capture requirements (anonymity, privacy …) Requirements state what is expected behavior, but also and extensively, what is not… Close coupling between security and application logic (authorization)… What can be applied to security?...
Security and full life cycle support architecture and design level What is the value of UML extensions for security? (Design for security) –Is UML helpful for security? How about protocols? …work of Siobhan Clarke et all. –Look at UML for AOSD… …work of Siobhan Clarke et all Security architecture – how does it relate to the overall software architecture? –Embeds a tremendous amount of knowledge… –But lack of clear notation/meaning Opportunity: –Disentangle and document security solutions…
Security and full life cycle support implementation level NOT COVERED… Components versus code (programming) level? Role of deployment descriptors in a component framework? Role of middle-ware?
Adoption… Which security standards are relevant for this discussion? Adoption by serious users. –Why take the risk? –Organizational barriers: … expert is not necessarily motivated… What is the status:? Maybe we are at a beachhead…