I7 Logo
Chair for Foundations of Software Reliability and Theoretical Computer Science
Informatik Logo TUM Logo
Home
 Contact
 Teaching
 People
Publications
Student Projects
Research
Tools
 Help

































AVANTSSAR Masterarbeit: Modellbasiertes Security Engineering für SOA

Model-based Security Engineering for SOA

Diplomarbeit, Masterarbeit bei Siemens AG, Corporate Technology

Gesuchte Fachbereiche

Informatik

Beschreibung

The aim of the EU funded research project AVANTSSAR is the tool
supported design-level formal validation of the security aspects
of web services and service-oriented architectures (SOA). See also
http://avantssar.eu/ and http://ddvo.net/AVANTSSAR/overview.ppt

To this end, we have developed with our partners the formal modeling
language ASLan; for details see http://ddvo.net/AVANTSSAR/d2-2.pdf and
http://ddvo.net/AVANTSSAR/d2-1.pdf . The language will be used to
specify the security relevant behavior and goals of various industrial
case studies (see http://ddvo.net/AVANTSSAR/d5-1.pdf) after gathering
and discussing more detail in close cooperation with software engineers
of Siemens business units. We will then use model checking tools to find
out improvements on the formal model, the modeling language, the tools
used, and ultimately on the services modeled.

The aim of this thesis is to formally model one of the Siemens case
studies, which are in the areas of citizen and service portals,
healthcare IT infrastructure, and software distribution services, as
outlined in http://ddvo.net/AVANTSSAR/d5-1.pdf . This includes

  • getting to know the chosen case study in the Siemens context
  • modeling the respective system with its security requirements,
    supported by a formal methods expert at Siemens
  • using the AVANTSSAR tools to obtain feedback and improvements,
    in close collaboration with the overall AVANTSSAR team

A small example how such a model could look like may be found in section
5.1 of http://ddvo.net/AVANTSSAR/d2-2.pdf. The challenge of this task
is to develop a model that is expressible in ASLan, faithfully describes
the security relevant aspects of the services, and is concise enough to
be well comprehendable by humans and checkable by the automatic tools.

Qualifikation

Basic knowledge on IT security and system development
Interest and basic knowledge on formal methods or logics

Weitere Infos

http://www.avantssar.eu/
http://ddvo.net/AVANTSSAR/

Bewerbungen an diese E-Mail Adresse

David.von.Oheimb@siemens.com

Ort der Tätigkeit

München-Neuperlach

Land der Tätigkeit

Germany

Sprache am Arbeitsplatz

Deutsch, English

Mehr Infos zu Siemens AG, Corporate Technology

Siemens AG, Corporate Technology
Otto-Hahn-Ring 6
81730 München
http://www.ct.siemens.de/