Proceso de diseño basado en ConfIanza para el desarrollo de Software Seguro
Ministerio de Economía y Competitividad- Convocatoria jóvenes investigadores 2014 (TIN2014-54427-JIN)
Providing security has become a key objective for ICT (Information and Communication Technologies), due mainly to the increase of their use in all the activities of the society. The main purpose of the mechanisms designed to provide security is to prevent against malicious users. However, sometimes the different components of a system have to protect themselves against those that offer services. Traditional security mechanisms then are not enough. We need an additional service that protects all the components in a system against the others with which they have to interact. It is then when a Trust Management service useful since it provides a higher flexibility to the security mechanisms. This eases the decisión-making process in the case of lack of information about the components of a system.
Even though the importance of security and the benefits of the use of trust management to enforce it are a fact, the development of software does not usually consider them in a holistic manner during the Software Development Life Cycle (SDLC) (from requirementes to implementation). Security is usually an add-on feature to the systems after they have been built. Moreover, trust management is in most of the cases designed as a specific solution for a concrete application. This brings numerous problems since embedding security or trust in an effective manner is not always possible once the system is built. As a consequence, econimic loss and waste of time are considerable since the resulting software is not trusted (so users are reluctant to use them) or in the worst case, useless.
PRECISE will solve this problem by designing a process for the development of secure software based on trust. The final result of PRECISE will include a set of guides, methodologies, recommendations, specific languages and tools to produce code that will guide developers to produce secure software in each phase of the development of software. This will be done in a way that the trust relationships among the components of the system are captured. This will result in what we are going to call trusted by design software. The process will be flexible enough for capturing the evolution of the trust features during all the phases of the development of the software. Thus, if a trust requirement changes there is not need to start the process from the scratch but it is posible to re-use what it was done earlier in order to accomodate this new requirement into the whole development.