A taxonomy of computer program security flaws
ACM Computing Surveys (CSUR)
A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Attack net penetration testing
Proceedings of the 2000 workshop on New security paradigms
Trust in Cyberspace
Modelling strategic relationships for process reengineering
Modelling strategic relationships for process reengineering
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
The CORAS methodology: model-based risk assessment using UML and UP
UML and the unified process
Elaborating Security Requirements by Construction of Intentional Anti-Models
Proceedings of the 26th International Conference on Software Engineering
Basic Concepts and Taxonomy of Dependable and Secure Computing
IEEE Transactions on Dependable and Secure Computing
Eliciting security requirements with misuse cases
Requirements Engineering
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Topological analysis of network attack vulnerability
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
Risk as Dependability Metrics for the Evaluation of Business Solutions: A Model-driven Approach
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
CAiSE '08 Proceedings of the 20th international conference on Advanced Information Systems Engineering
Measuring network security using dynamic bayesian network
Proceedings of the 4th ACM workshop on Quality of protection
Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
A goal oriented approach for modeling and analyzing security trade-offs
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Secure Systems Development with UML
Secure Systems Development with UML
Hi-index | 0.00 |
Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a vulnerability-centric modeling ontology, which aims to integrate empirical knowledge of vulnerabilities into the system development process. In particular, we identify the basic concepts for modeling and analyzing vulnerabilities and their effects on the system. These concepts drive the definition of criteria that make it possible to compare and evaluate security frameworks based on vulnerabilities. We show how the proposed modeling ontology can be adopted in various conceptual modeling frameworks through examples.