https://github.com/secure-software-engineering/cards

Component-based Assumptions and Restrictions for Dataflow Specifications
https://github.com/secure-software-engineering/cards

eclipse eclipse-plugin eclipse-sirius java model-based xtend xtext

Last synced: 3 months ago
JSON representation

Component-based Assumptions and Restrictions for Dataflow Specifications

• Host: GitHub
• URL: https://github.com/secure-software-engineering/cards
• Owner: secure-software-engineering
• License: mit
• Created: 2021-02-09T12:46:14.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2021-07-29T15:46:08.000Z (over 4 years ago)
• Last Synced: 2024-12-27T01:25:20.288Z (about 1 year ago)
• Topics: eclipse, eclipse-plugin, eclipse-sirius, java, model-based, xtend, xtext
• Language: Java
• Homepage:
• Size: 2.62 MB
• Stars: 1
• Watchers: 6
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE
  • Security: docs/SecurityDefinitions.md

Awesome Lists containing this project

README

          
# CARDS

Component-based Assumptions and Restrictions for Dataflow Specifications

We offer a domain specific language (DSL) for describing the system under investigation as well as all threat modeling relevant parts. We provide both a textual and a graphical editor for our DSL.

The system is described by a generic component-based system model consisting of components and their connections.

In addition, the security analyst can define security related restrictions and assumptions.

Restrictions express which components might be allowed to know which data.

Assumptions describe assumptions regarding the implementation of the components made during the design phase, e.g., that a specific component will never leak data containing a password in cleartext.

We also provide a static analysis that checks of the system meets all specified restriction with respect to the specified assumptions.

# Using Our Tools

As our tool suite is implemented as an eclipse plugin, it obviously relies on the eclipse IDE. 

All plugins are developed and tested using eclipse 2020-03, support for other versions is not guranteed.

## Using pre-built binaries

You can use artifacts of our CI as a update site for eclipse plugins or have a look at our releases for more stable versions.

You can use `https://github.com/secure-software-engineering/cards/releases/latest/download/updatesite.zip` as an update site link to stay up to date. 

## Building The Artifacts Yourself

Checkout this repository and checkout `https://git.cs.uni-paderborn.de/geismann/attackgraph.git` under `../attackgraph`.

Make sure you have Maven installed, then inside the directory `de.uni_paderborn.swt.cardsAttackgraphParent`, run `mvn clean verify` to build.

The update site will be available inside `de.uni_paderborn.swt.cards.update/target/repository/`.

# Documentation

Learn more about our concepts and tools in our [documentation section](https://github.com/secure-software-engineering/cards/blob/develop/docs/README.md)!