dc.creator | Varela Vaca, Ángel Jesús | es |
dc.creator | Martínez Gasca, Rafael | es |
dc.creator | Ceballos Guerrero, Rafael | es |
dc.creator | Gómez López, María Teresa | es |
dc.creator | Bernáldez Torres, Pedro | es |
dc.date.accessioned | 2020-06-14T14:23:51Z | |
dc.date.available | 2020-06-14T14:23:51Z | |
dc.date.issued | 2019 | |
dc.identifier.citation | Varela Vaca, Á.J., Martínez Gasca, R., Ceballos Guerrero, R., Gómez López, M.T. y Bernáldez Torres, P. (2019). CyberSPL: Framework for the verification of cybersecurity policy compliance of system configurations using software product lines. Applied Sciences, 9 (24) | |
dc.identifier.issn | 2076-3417 | es |
dc.identifier.uri | https://hdl.handle.net/11441/97780 | |
dc.description.abstract | Cybersecurity attacks affect the compliance of cybersecurity policies of the organisations.
Such disadvantages may be due to the absence of security configurations or the use of default
configuration values of software products and systems. The complexity in the configuration of
products and systems is a known challenge in the software industry since it includes a wide range
of parameters to be taken into account. In other contexts, the configuration problems are solved
using Software Product Lines. This is the reason why in this article the framework Cybersecurity
Software Product Line (CyberSPL) is proposed. CyberSPL is based on a methodology to design
product lines to verify cybersecurity policies according to the possible configurations. The patterns
to configure the systems related to the cybersecurity aspects are grouped by defining various
feature models. The automated analysis of these models allows us to diagnose possible problems in
the security configurations, reducing or avoiding them. As support for this proposal, a multi-user
and multi-platform solution has been implemented, enabling setting a catalogue of public or private
feature models. Moreover, analysis and reasoning mechanisms have been integrated to obtain all
the configurations of a model, to detect if a configuration is valid or not, including the root cause of
problems for a given configuration. For validating the proposal, a real scenario is proposed where
a catalogue of four different feature models is presented. In this scenario, the models have been
analysed, different configurations have been validated, and several configurations with problems
have been diagnosed. | es |
dc.description.sponsorship | Ministerio de Ciencia y Tecnología RTI2018-094283-B-C33 | es |
dc.format | application/pdf | es |
dc.format.extent | 28 | es |
dc.language.iso | eng | es |
dc.publisher | MDPI | es |
dc.relation.ispartof | Applied Sciences, 9 (24) | |
dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internacional | * |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/ | * |
dc.subject | Configuration | es |
dc.subject | Variability | es |
dc.subject | Software product line | es |
dc.subject | Security policies | es |
dc.subject | Compliance | es |
dc.subject | Feature models | es |
dc.title | CyberSPL: Framework for the verification of cybersecurity policy compliance of system configurations using software product lines | es |
dc.type | info:eu-repo/semantics/article | es |
dcterms.identifier | https://ror.org/03yxnpp24 | |
dc.type.version | info:eu-repo/semantics/publishedVersion | es |
dc.rights.accessRights | info:eu-repo/semantics/openAccess | es |
dc.contributor.affiliation | Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos | es |
dc.relation.projectID | RTI2018-094283-B-C33 | es |
dc.relation.publisherversion | https://www.mdpi.com/2076-3417/9/24/5364 | es |
dc.identifier.doi | 10.3390/app9245364 | es |
dc.journaltitle | Applied Sciences | es |
dc.publication.volumen | 9 | es |
dc.publication.issue | 24 | es |
dc.contributor.funder | Ministerio de Ciencia Y Tecnología (MCYT). España | es |