Kurzfassung
|
Many software systems have to be designed and developed in a way that specific security requirements are guaranteed. Security can be specified on different views of the software system that contain different kinds of information about the software system. Therefore, a security analysis on one view must assume security properties of other views. A security analysis on another view can be used to verify these assumptions. We provide an approach for enabling the information transfer between a static architecture analysis and a static, lattice-based source code analysis. This approach can be used to reduce the assumptions in a component-based architecture model. In this approach, requirements under which information can be transferred between the two security analyses are provided. We consider the architecture and source code security analysis as black boxes. Therefore, the information transfer between the security analyses is based on a megamodel consisting of the architecture model, the source code model, and the source code analysis results. The feasibility of this approach is evaluated in a case study using Java Object-sensitive ANAlysis and Confidentiality4CBSE. The evaluation shows that information can be transferred between an architecture and a source code analysis. The information transfer reveals new security violations which are not found using only one security analysis.
|