Lightweight modeling and analysis of security concepts

Authors:
Jörn Eichler
Affiliations:
Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany
Venue:
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Year:
2011

Citing 12
Cited 0

Security Engineering: A Guide to Building Dependable Distributed Systems

Security Engineering: A Guide to Building Dependable Distributed Systems
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
Model-based security analysis in seven steps --- a guided tour to the CORAS method

BT Technology Journal
AURUM: A Framework for Information Security Risk Management

HICSS '09 Proceedings of the 42nd Hawaii International Conference on System Sciences
Software Language Engineering: Creating Domain-Specific Languages Using Metamodels

Software Language Engineering: Creating Domain-Specific Languages Using Metamodels
Automated analysis of security-design models

Information and Software Technology
Model-driven business process security requirement specification

Journal of Systems Architecture: the EUROMICRO Journal
Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec

Requirements Engineering - Special Issue on RE'09: Security Requirements Engineering; Guest Editors: Eric Dubois and Haralambos Mouratidis
Towards CIM to PIM transformation: from secure business processes defined in BPMN to use-cases

BPM'07 Proceedings of the 5th international conference on Business process management
Secure Systems Development with UML

Secure Systems Development with UML
Model-based qualitative risk assessment for availability of IT infrastructures

Software and Systems Modeling (SoSyM)
Agile security using an incremental security architecture

XP'05 Proceedings of the 6th international conference on Extreme Programming and Agile Processes in Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Modeling results from risk assessment and the selection of safeguards is an important activity in information security management. Many approaches for this activity focus on an organizational perspective, are embedded in heavyweight processes and tooling and require extensive preliminaries. We propose a lightweight approach introducing SeCoML - a readable language on top of an established methodology within an open framework. Utilizing standard tooling for creation, management and analysis of SeCoML models our approach supports security engineering and integrates well in different environments. Also, we report on early experiences of the language's use.