Our recent work proposing a methodology to enhance the security of software systems by incorporating compliance verification from the early stages of design is now available online! In this work, we present a novel method for modeling a security compliance baseline based on the specification and reuse of analysis models targeting standards, policies, and regulations. This approach streamlines the compliance process, facilitating adherence to multiple security standards while promoting the reuse of security compliance analysis models. To demonstrate the practicality of the suggested framework and technique, we illustrate representative architecture compliance checks on a Supervisory Control and Data Acquisition (SCADA) system. The work was presented at the 23rd IEEE International Conference on Software Quality, Reliability, and Security (QRS 2023). See Publications for more details!
Home / Publication / New Publication: A Security Compliance-by-Design Framework Utilizing Reusable Formal Models
New Publication: A Security Compliance-by-Design Framework Utilizing Reusable Formal Models