Domain model for security requirements

From Master Projects
Jump to: navigation, search


About Domain model for security requirements

  • This project has been fulfilled.
  • This project fits in the following Bachelor programs: {{#arraymap:|, |xXx|bachelorproject within::xXx|,}}
  • This project fits in the following masterareas: {{#arraymap:Computer Systems and Security, Software Engineering, Formal Methods and Software Verification|, |xXx|project within::xXx|,}}


Description

Security is one of the most ubiquitous aspects in software engineering. Every system that can be connected to other systems has to deal with security issues. But, there are no exact methods or tools to deal with this. This leads to systems with a security level that completely depends on the expertise of and knowledge level of the software engineer. The engineering of any aspect begins with the use of a standardized language. This assignment is about the creation of a standard language. There are several security related specifications that can be used as a basis for the language. For example, the OWASP ASVS provides a standard set of application security requirements. This standard is believed to be the most complete specification for application security. The task is twofold:

  • Position the OWASP ASVS in the context of standards for security. The result is an overview of existing security standards and a high level view on their relations.
  • Create a domain model that forms a language for the OWASP ASVS requirements. The result is a UML model with activities, classes, attributes, and packages that cover the domain of the OWASP requirements.

The activities may include:

  • studying standards in security
  • interviewing security experts
  • information analysis
  • UML modelling
  • (re)writing existing security requirements
  • Defining a method for making a security domain model. (The steps and terminology to create such a model).

We are looking for a student that is good in abstract thinking and modelling. Which activities will be dominant will highly depend on the student’s preferences and interests. Preferably the assignment is realized by two cooperating students.