Knapsack problems: algorithms and computer implementations
Knapsack problems: algorithms and computer implementations
Conceptual modeling through linguistic analysis using LIDA
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and the Unified Process
The Rational Unified Process: An Introduction, Second Edition
The Rational Unified Process: An Introduction, Second Edition
Writing Secure Code
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
CM-Builder: An Automated NL-Based CASE Tool
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Definition and Experimental Evaluation of Function Points for Object-Oriented Systems
METRICS '98 Proceedings of the 5th International Symposium on Software Metrics
A Semi-Automatic Approach to Translating Use Cases to Sequence Diagrams
TOOLS '99 Proceedings of the Technology of Object-Oriented Languages and Systems
A new statistical parser based on bigram lexical dependencies
ACL '96 Proceedings of the 34th annual meeting on Association for Computational Linguistics
Exploiting Software: How to Break Code
Exploiting Software: How to Break Code
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
Eliciting security requirements with misuse cases
Requirements Engineering
Class Point: An Approach for the Size Estimation of Object-Oriented Systems
IEEE Transactions on Software Engineering
Misuse Case-Based Design and Analysis of Secure Software Architecture
ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II - Volume 02
The Penn Treebank: annotating predicate argument structure
HLT '94 Proceedings of the workshop on Human Language Technology
Software Security: Building Security In
Software Security: Building Security In
Natural language requirements analysis and class model generation using UCDA
IEA/AIE'2004 Proceedings of the 17th international conference on Innovations in applied artificial intelligence
Code Quality: The Open Source Perspective (Effective Software Development Series)
Code Quality: The Open Source Perspective (Effective Software Development Series)
Use Case Driven Object Modeling with UML: Theory and Practice
Use Case Driven Object Modeling with UML: Theory and Practice
Design of a multi-lingual, parallel-processing statistical parsing engine
HLT '02 Proceedings of the second international conference on Human Language Technology Research
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Architectural Risk Analysis of Software Systems Based on Security Patterns
IEEE Transactions on Dependable and Secure Computing
An aspect-oriented methodology for designing secure applications
Information and Software Technology
Secure Systems Development with UML
Secure Systems Development with UML
NLDB'05 Proceedings of the 10th international conference on Natural Language Processing and Information Systems
Fuzzy risk analysis based on similarity measures of generalized fuzzy numbers
IEEE Transactions on Fuzzy Systems
Hi-index | 0.00 |
Since the emergence of software security as a research area, it has been evident that security should be incorporated as early as possible in the software lifecycle. The advantage is that large gains can be achieved in terms of cost and effort compared to the introduction of security as an afterthought. The earliest possible phase to consider possible attacks is during requirements specification. A widely accepted approach to consider security in the requirements is the employment of misuse cases. In this paper we examine a case study to automatically generate a class diagram, based on the use and misuse cases present in the requirements. Particularly, we extend a natural language processing approach to move beyond a general domain model and produce a detailed class diagram. Moreover, security patterns are introduced in appropriate places of the design to confront the documented attacks and protect the threatened resources. Additionally, we perform an experimental study to investigate the tradeoff between the additional effort to mitigate the attacks and the security risk of the resulting system. Finally, the optimization problem of finding the smallest system regarding additional effort given a maximum acceptable risk is established and an appropriate algorithm to solve it is proposed.