Object-oriented software engineering
Object-oriented software engineering
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model-Based Risk Assessment to Improve Enterprise Security
EDOC '02 Proceedings of the 6th International Enterprise Distributed Object Computing Conference
Information Visualization: Perception for Design
Information Visualization: Perception for Design
An Empirical Study on Using Stereotypes to Improve Understanding of UML Models
IWPC '04 Proceedings of the 12th IEEE International Workshop on Program Comprehension
On the Comprehension of Security Risk Scenarios
IWPC '05 Proceedings of the 13th International Workshop on Program Comprehension
Misuse Cases: Use Cases with Hostile Intent
IEEE Software
Secure Systems Development with UML
Secure Systems Development with UML
Model-based security analysis in seven steps --- a guided tour to the CORAS method
BT Technology Journal
Modeling and analysis of procedural security in (e)voting: the Trentino's approach and experiences
EVT'08 Proceedings of the conference on Electronic voting technology
Assessing procedural risks and threats in e-voting: challenges and an approach
VOTE-ID'07 Proceedings of the 1st international conference on E-voting and identity
Modular analysis and modelling of risk scenarios with dependencies
Journal of Systems and Software
Using dependent CORAS diagrams to analyse mutual dependency
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
How to select a security requirements method? a comparative study with students and practitioners
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Hi-index | 0.00 |
We propose a graphical approach to identify, explain and document security threats and risk scenarios. Security risk analysis can be time consuming and expensive, hence, it is of great importance that involved parties quickly understand the risk picture. Risk analysis methods often make use of brainstorming sessions to identify risks, threats and vulnerabilities. These sessions involve system users, developers and decision makers. They typically often have completely different backgrounds and view the system from different perspectives. To facilitate communication and understanding among them, we have developed a graphical approach to document and explain the overall security risk picture. The development of the language and the guidelines for its use have been based on a combination of empirical investigations and experiences gathered from utilizing the approach in large scale industrial field trials. The investigations involved both professionals and students, and each field trial was in the order of 250 person hours.