ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Using model-based security analysis in component-oriented system development
Full text PdfPdf (627 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 2nd ACM workshop on Quality of protection table of contents
Alexandria, Virginia, USA
SESSION: Software security metrics table of contents
Pages: 11 - 18  
Year of Publication: 2006
ISBN:1-59593-553-3
Authors
Gyrd Brændeland  SINTEF & University of Oslo, Norway
Ketil Stølen  SINTEF & University of Oslo, Norway
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 58,   Downloads (12 Months): 495,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1179494.1179498
What is a DOI?

ABSTRACT

We propose an integrated process for component-based system development and security risk analysis. The integrated process is evaluated in a case study involving an instant messaging component for smart phones. We specify the risk behaviour and functional behaviour of components using the same kinds of description techniques. We represent main security risk analysis concepts, such as assets, stakeholders, threats and risks, at the component level.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
G. Brændeland and K. Stølen. A semantic paradigm for component-based specification integrating a notion of security risk. To appear in Proceedings of the fourth international Workshop on Formal Aspects in Security and Trust (FAST'06), 2006.
 
2
G. Brændeland and K. Stølen. Using model-based security analysis in component-oriented system development. a case-based evaluation. Technical Report 342, University of Oslo, Department of Informatics, 2006.
 
3
John Cheesman , John Daniels, UML components: a simple process for specifying component-based software, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2000
 
4
Vittorio Cortellessa , Katerina Goseva-Popstojanova , Kalaivani Appukkutty , Ajith R. Guedem , Ahmed Hassan , Rania Elnaggar , Walid Abdelmoez , Hany H. Ammar, Model-Based Performance Risk Analysis, IEEE Transactions on Software Engineering, v.31 n.1, p.3-20, January 2005  [doi>10.1109/TSE.2005.12]
 
5
Folker den Braber , Theo Dimitrakos , Bjørn Axel Gran , Mass Soldal Lund , Ketil Stølen , Jan Øyvind Aagedal, The CORAS methodology: model-based risk assessment using UML and UP, UML and the unified process, Idea Group Publishing, Hershey, PA, 2003
 
6
K. Goseva-Popstojanova, A. E. Hassan, A. Guedem, W. Abdelmoez, D. E. M. Nassar, H. H. Ammar, and A. Mili. Architectural-level risk analysis using UML. IEEE Transactions on Software Engineering, 29(10):946--960, 2003.
 
7
ø. Haugen, K. E. Husa, R. K. Runde, and K. Stølen. Why timed sequence diagrams require three-event semantics. Technical Report 309, University of Oslo, Department of Informatics, 2004.
 
8
ø. Haugen and K. Stølen. STAIRS -- steps to analyze interactions with refinement semantics. In UML, volume 2863 of Lecture Notes in Computer Science, pages 388--402. Springer, 2003.
 
9
ISO/IEC. Information Technology -- Security techniques -- Management of information and communications technology security -- Part 1: Concepts and models for information and communications technology security management, 2004. TR 13335-1.
 
10
J. Jürjens, editor. Secure systems develoment with UML. Springer, 2005.
 
11
Philippe Kruchten, The Rational Unified Process: an introduction, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
 
12
Torsten Lodderstedt , David A. Basin , Jürgen Doser, SecureUML: A UML-Based Modeling Language for Model-Driven Security, Proceedings of the 5th International Conference on The Unified Modeling Language, p.426-441, September 30-October 04, 2002
 
13
J. McDermott, Abuse-Case-Based Assurance Arguments, Proceedings of the 17th Annual Computer Security Applications Conference, p.366, December 10-14, 2001
 
14
John McDermott , Chris Fox, Using Abuse Case Models for Security Requirements Analysis, Proceedings of the 15th Annual Computer Security Applications Conference, p.55, December 06-10, 1999
 
15
Gary McGraw, Software Security: Building Security In, Addison-Wesley Professional, 2006
 
16
F. Redmill, M. Chudleigh, and J. Catmir. System safety: HazOp and software HazOp. Wiley, 1999.
 
17
A. Refsdal, K. E. Husa, and K. Stølen. Specification and refinement of soft real-time requirements using sequence diagrams. In FORMATS, volume 3829 of Lecture Notes in Computer Science, pages 32--48. Springer, 2005.
 
18
James Rumbaugh , Ivar Jacobson , Grady Booch, The Unified Modeling Language reference manual, Addison-Wesley Longman Ltd., Essex, UK, 1998
 
19
G. Sindre and A. L. Opdahl. Eliciting security requirements by misuse cases. In 37th Technology of Object-Oriented Languages and Systems (TOOLS-37 Pacific 2000), pages 120--131. IEEE Computer Society, 2000.
 
20
Guttorm Sindre , L. Opdahl, Eliciting security requirements with misuse cases, Requirements Engineering, v.10 n.1, p.34-44, January 2005  [doi>10.1007/s00766-004-0194-4]
 
21
Standards Australia, Standards New Zealand. Information security risk management guidelines, 2004. HB 231:2004.
 
22
Symantec. Symantec internet security threat report. Trends for July 05-December 05, March 2006.
 
23
T. Watson and P. Kriens. OSGi component programming. Tutorial held at Eclipsecon 2006, 2006.

CITED BY  3
Marco D. Aime , Andrea Atzeni , Paolo C. Pomi, AMBRA: automated model-based risk analysis, Proceedings of the 2007 ACM workshop on Quality of protection, October 29-29, 2007, Alexandria, Virginia, USA
Atle Refsdal , Ketil Stølen, Extending UML Sequence Diagrams to Model Trust-dependent Behavior With the Aim to Support Risk Analysis, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.2, p.15-29, February, 2008
Atle Refsdal , Ketil Stølen, Extending UML sequence diagrams to model trust-dependent behavior with the aim to support risk analysis, Science of Computer Programming, v.74 n.1-2, p.34-42, December, 2008

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.1 Requirements/Specifications


General Terms:
Security, Theory


Keywords:
case studies, security risk analysis

Collaborative Colleagues:
Gyrd Brændeland: colleagues
Ketil Stølen: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player