Security Engineering at the Level of Software Architectures, Matthias Riebisch
Sprache des Titels:
Security requirements strongyl influence the architectural design of complex IT systems in a similar way as other non-functional requirements. Both security engineering as well as software engineering provide methods to deal with such requirements. However, there is still a critical gap concerning the integration of the methods of these separate fields.
In this talk we close the gap with respect to security requirements by proposing a method that combines software engineering approaches with state-of-the-art security engineering principles. This method establishes an explicit alignment between the non-functional goal, the principles in the field of security engineering, and the implementation of a security architecture. The method aims at designing a system's security architecture based on a small, precisely defined, and application-specific trusted computing base. We illustrate this method by means of a case study which describes distributed enterprise resource planning Systems using web services to implement business processes across company boundaries.