UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Modelling strategic relationships for process reengineering
Modelling strategic relationships for process reengineering
Tropos: An Agent-Oriented Software Development Methodology
Autonomous Agents and Multi-Agent Systems
authUML: a three-phased framework to analyze access control specifications in use cases
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Eliciting security requirements with misuse cases
Requirements Engineering
Towards a structured unified process for software security
Proceedings of the 2006 international workshop on Software engineering for secure systems
The Security Development Lifecycle
The Security Development Lifecycle
Design of a Process for Software Security
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
UMLtrust: towards developing trust-aware software
Proceedings of the 2008 ACM symposium on Applied computing
HASE '08 Proceedings of the 2008 11th IEEE High Assurance Systems Engineering Symposium
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
The 6th International Workshop on Software Engineering for Secure Systems (SESS'10)
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
An advanced approach for modeling and detecting software vulnerabilities
Information and Software Technology
Security Evaluation of Service-Oriented Systems Using the SiSOA Method
International Journal of Secure Software Engineering
Hi-index | 0.00 |
Security is becoming recognized as an important aspect of software development, leading to the development of many different security-enhancing techniques, many of which use some kind of custom modeling language. Models in these different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers. In this paper we present a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in our language can be more precise than earlier models, which allows them to be used in automated applications, such as automatic testing and static analysis. Models in the new language can be derived automatically from models in the existing languages, and can be viewed using existing notation. Our modeling language exploits a data model, also presented in this paper, that permits rich interconnections between various items of security knowledge. In this data model it is straightforward to relate different kinds of models, and thereby different software security techniques, to each other.