Static enforcement of process-level security and compliance specifications for cloud-based systems

摘要

Implementations of the present disclosure are directed to statically checking conformance of a computer-implemented service at a source code level to requirements specified at a process level and include actions of receiving source code of the computer-implemented service, receiving one or more rules, the one or more rules being generated based on a mapping and including a set of technical requirements that can be checked on the source code level, the mapping associating the requirements with the source code, and processing the source code and the one or more rules using static code analysis (SCA) to generate a result, the result indicating whether the computer-implemented service conforms to the requirements.

主权项

1. A computer-implemented method for statically checking conformance of a computer-implemented service at a source code level to requirements specified at a process level, the method being executed using one or more processors and comprising:
receiving, by the one or more processors, source code of the computer-implemented service, the source code comprising a service name identifying a process that is associated to the computer-implemented service; generating, by the one or more processors, a request indicating a process model generated using secure business process modeling and the request comprising the service name; receiving in response to the request, by the one or more processors and from a model repository, the process model; extracting, by the one or more processors and from the model repository, requirements of the process model that the computer-implemented service is to comply with, the requirements comprising an access control defining an authorization based on each of a plurality of user roles to perform tasks, a separation of duty restricting a first task based on one of the plurality of user roles, and a binding of duty requiring the completion of a second task based on one or more of the plurality of user roles; extracting, by the one or more processors, one or more interfaces based on the process model; generating, by the one or more processors, a mapping of process level security and compliance specifications to implementation level security and compliance specifications, the mapping associating the requirements with the source code based on the one or more interfaces; providing, by the one or more processors, one or more rules comprising a set of technical requirements that can be checked on the source code level, the one or more rules being provided based on the requirements and the mapping; and processing, by the one or more processors, the source code and the one or more rules using static code analysis (SCA) to generate a result, the result indicating whether the computer-implemented service conforms to the requirements.