Unified modeling of attacks, vulnerabilities and security activities
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Indicator-based architecture-level security evaluation in a service-oriented environment
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
An advanced approach for modeling and detecting software vulnerabilities
Information and Software Technology
Security Evaluation of Service-Oriented Systems Using the SiSOA Method
International Journal of Secure Software Engineering
Hi-index | 0.04 |
We analyze the specific challenges of inspecting software development documents for security: Most security goals are formulated as negative (i.e. avoidance) goals, and security is a non-local property of the whole system. We suggest a new type of model for security relevant features to address these challenges. Our model, named Security Goal Indicator Tree (SGIT), maps negative and non-local goals to positive, concrete features of the software that can be checked during an inspection. It supports inspection of software documents from various phases of the development process. An SGIT links a security goal with numerous indicators (which may be beneficial or detrimental for the achievement of the goal) and structures the set of indicators by Boolean and conditional relationships enabling an efficient selection of indicator subsets. We present SGIT examples, explain how to use them in an inspection, give advice on creating SGITs, and give an outlook on how SGITs will be embedded in a comprehensive method for software security inspection.