The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
UML components: a simple process for specifying component-based software
UML components: a simple process for specifying component-based software
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
A general theory of security properties
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
The CORAS methodology: model-based risk assessment using UML and UP
UML and the unified process
Innocent Code: A Security Wake-Up Call for Web Programmers
Innocent Code: A Security Wake-Up Call for Web Programmers
A Process Framework for Characterising Security Properties of Component-Based Software Systems
ASWEC '04 Proceedings of the 2004 Australian Software Engineering Conference
Risk Analysis in Software Design
IEEE Security and Privacy
On the Comprehension of Security Risk Scenarios
IWPC '05 Proceedings of the 13th International Workshop on Program Comprehension
A Taxonomy of Software Component Models
EUROMICRO '05 Proceedings of the 31st EUROMICRO Conference on Software Engineering and Advanced Applications
Refining UML interactions with underspecification and nondeterminism
Nordic Journal of Computing
Information flow property preserving transformation of UML interaction diagrams
Proceedings of the eleventh ACM symposium on Access control models and technologies
Using model-based security analysis in component-oriented system development
Proceedings of the 2nd ACM workshop on Quality of protection
Underspecification, inherent nondeterminism and probability in sequence diagrams
FMOODS'06 Proceedings of the 8th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Hi-index | 0.00 |
We propose a semantic paradigm for component-based specification supporting the documentation of security risk behaviour. By security risk, we mean behaviour that constitutes a risk with regard to ICT security aspects, such as confidentiality, integrity and availability. The purpose of this work is to investigate the nature of security risk in the setting of component-based system development. A better understanding of security risk at the level of components facilitates the prediction of risks related to introducing a new component into a system. The semantic paradigm provides a first step towards integrating security risk analysis into the system development process.