Cristina Seceleanu - Böcker

This book constitutes the proceedings of the 17th International Conference, TAP 2023, as part of STAF 2023, a federation of conferences on Software Technologies, Applications and Foundations, which includes two more conferences besides TAP: ICGT (International Conference on Graph Transformations), and ECMFA (European Conference on Modelling Foundations and Applications) in Leicester, UK, in July 2023.The 8 full papers together with 2 short papers included in this volume were carefully reviewed and selected from 14 submissions. They were organized in topical sections on Low-level Code Verification, Formal Models, Model-based test generation, and Abstraction and Refinement.

This book provides an overview of software security analysis in a DevOps cycle including requirements formalisation, verification and continuous monitoring.  It presents an overview of the latest techniques and tools that help engineers and developers verify the security requirements of large-scale industrial systems and explains novel methods that enable a faster feedback loop for verifying security-related activities, which rely on techniques such as automated testing, model checking, static analysis, runtime monitoring, and formal methods.The book consists of three parts, each covering a different aspect of security engineering in the DevOps context. The first part, "Security Requirements", explains how to specify and analyse security issues in a formal way. The second part, "Prevention at Development Time", offers a practical and industrial perspective on how to design, develop and verify secure applications. The third part, "Protection at Operations", eventually introduces tools for continuous monitoring of security events and incidents. Overall, it covers several advanced topics related to security verification, such as optimizing security verification activities, automatically creating verifiable specifications from security requirements and vulnerabilities, and using these security specifications to verify security properties against design specifications and generate artifacts such as tests or monitors that can be used later in the DevOps process.The book aims at computer engineers in general and does not require specific knowledge. In particular, it is intended for software architects, developers, testers, security professionals, and tool providers, who want to define, build, test, and verify secure applications, Web services, and industrial systems.

This book provides an overview of software security analysis in a DevOps cycle including requirements formalisation, verification and continuous monitoring.  It presents an overview of the latest techniques and tools that help engineers and developers verify the security requirements of large-scale industrial systems and explains novel methods that enable a faster feedback loop for verifying security-related activities, which rely on techniques such as automated testing, model checking, static analysis, runtime monitoring, and formal methods.The book consists of three parts, each covering a different aspect of security engineering in the DevOps context. The first part, "Security Requirements", explains how to specify and analyse security issues in a formal way. The second part, "Prevention at Development Time", offers a practical and industrial perspective on how to design, develop and verify secure applications. The third part, "Protection at Operations", eventually introduces tools for continuous monitoring of security events and incidents. Overall, it covers several advanced topics related to security verification, such as optimizing security verification activities, automatically creating verifiable specifications from security requirements and vulnerabilities, and using these security specifications to verify security properties against design specifications and generate artifacts such as tests or monitors that can be used later in the DevOps process.The book aims at computer engineers in general and does not require specific knowledge. In particular, it is intended for software architects, developers, testers, security professionals, and tool providers, who want to define, build, test, and verify secure applications, Web services, and industrial systems.

This book constitutes the refereed proceedings of the 8th International Conference on Engineering of Computer-Based Systems, ECBS 2023, which was held in Västerås, Sweden, in October 2023.The 11 full papers included in this book were carefully reviewed and selected from 26 submissions and present software, hardware, and communication perspectives of systems engineering through its many facets. The special theme of this year is ”Engineering for Responsible AI“.