Security Assurance Case Design Tool - Dec1718

Companies that need to meet security standards spend a large amounts of energy after each iteration of the product making sure they still meet them. A security assurance tool will allow the developers to know when they update the code that they still meet the security standards. Therefor, they no longer will have to go through the code changes in a large group to verify they still meet them. This would allow for faster updates of their products and save developers time. It will also give them confidence in their updates and that the application is secure.

We are developing an eclipse plugin that will be used to design and manage security assurance cases. Users will be able to create, edit, and save/load assurance case diagrams, which look similar to a UML diagram in structure. Nodes of the diagrams represent specific claims or evidence, and will be tied to portions of the code and unit tests for the project the plugin is loaded into. Claims or evidence that are changed or are no longer valid will be marked visually for the user.

Objectives

• Create an easily accessible eclipse plugin that any developer could download.
• The gui will be easy and intuitive to use for the developer. They should be easily able to link code in different projects that meet different security cases and be able to develop test to verify they meet them.
• The plugin will give visual feedback to the developer if they are no longer meeting a security case.
• The plugin will actually be helpful to developers and speed up the development process.
• The plugin has documentation that a developer could understand to learn how it works and be able to use successful.
• Help Dr. Othmane further his research and be able to use the plugin in the future.