CSM. A security metamodel for cloud applications
Development of secure Cloud applications requires a supportive approach that should also enable software assessment and certification by different mechanisms. These can assure by independent means that the required security is present. We present a Core Security Metamodel (CSM) that is the director of a security engineering process that also addresses security certification for Cloud applications. To drive these activities with enough precision, the CSM is constrained with OCL rules that control the creation of instances of the metamodel. Due to their relevance for the security engineering process, we decided to formally check their consistency leveraging on our previous mapping from OCL to First Order Logic. We found that CVC4 returned sat in less than 30 seconds when we run it in finite model finder mode. Also, it automatically provided a valid CSM structural instance.
You can download the SMT-LIB file from
here.
More people involved in this project: Marcos Arjona, Marina Egea, and Antonio Maña.