Logo des Repositoriums
 

Component-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architectures

dc.contributor.authorGerking, Christopher
dc.contributor.authorSchubert, David
dc.contributor.editorKoziolek, Anne
dc.contributor.editorSchaefer, Ina
dc.contributor.editorSeidl, Christoph
dc.date.accessioned2020-12-17T11:57:48Z
dc.date.available2020-12-17T11:57:48Z
dc.date.issued2021
dc.description.abstractThis publication is based on our paper presented at the IEEE International Conference on Software Architecture 2019. Due to their close interconnection with the outside world, cyber-physical systems are vulnerable to information leaks. Accordingly, it is crucial for software engineers to regulate and analyze the flow of information through systems. The microservice architectural style requires engineers to refine the regulations into security policies for the constituent software components. These policies must be composable to secure the information flow from end to end. However, since security is hard to compose, a composition of secure components may lead to an insecure system. In our paper, we enable microservice architectures of cyber-physical systems to be composed securely. First, we provide engineers with a set of architectural well-formedness rules for the refinement of security policies, ensuring composability if the constituent components communicate by message passing. Second, we present a verification technique to analyze whether the real-time message passing of components adheres to their refined security policies. Since the analysis results are securely composable, we assure engineers that a composition of secure components will always lead to a secure system. We evaluated the accuracy of our contributions using an extension of the CoCoME case study.en
dc.identifier.doi10.18420/SE2021_10
dc.identifier.isbn978-3-88579-704-3
dc.identifier.pissn1617-5468
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/34504
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofSoftware Engineering 2021
dc.relation.ispartofseriesecture Notes in Informatics (LNI) - Proceedings, Volume P-310
dc.subjectsecurity policy
dc.subjectinformation flow
dc.subjectmicroservice architecture
dc.subjectcyber-physical systems
dc.subjectcomponent-based software engineering
dc.subjectcomposability
dc.titleComponent-Based Refinement and Verification of Information-Flow Security Policies for Cyber-Physical Microservice Architecturesen
dc.typeText/ConferencePaper
gi.citation.endPage44
gi.citation.publisherPlaceBonn
gi.citation.startPage43
gi.conference.date22.-26. Februar 2021
gi.conference.locationBraunschweig/Virtuell

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
B1-09.pdf
Größe:
56.92 KB
Format:
Adobe Portable Document Format