Communications of the ACM
Extending standard UML with model composition semantics
Science of Computer Programming - Special issue on unified modeling language (UML 2000)
A UML-Based Pattern Specification Technique
IEEE Transactions on Software Engineering
Aspect-Oriented Analysis and Design
Aspect-Oriented Analysis and Design
Cost-Benefit Trade-Off Analysis Using BBN for Aspect-Oriented Risk-Driven Development
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
Secure Systems Development with UML
Secure Systems Development with UML
An aspect-oriented methodology for designing secure applications
Information and Software Technology
Threat scenario-based security risk analysis using use case modeling in information systems
Security and Communication Networks
Hi-index | 0.00 |
Security breaches seldom occur because of faulty security mechanisms. Often times, security mechanisms are incorrectly incorporated in an application which allows them to be bypassed resulting in a security breach. Methodologies are needed for incorporating security mechanisms in an application and assessing whether the resulting system is indeed secure. We propose one such methodology for designing secure applications. We begin by identifying the assets in the application that need protection. We then find the kinds of attacks that are typical for such applications. We show how to evaluate the application against such attacks. If the results are unacceptable, that is, they pose a high security risk, then some security mechanism must be incorporated into the application. We illustrate how this can be done and show how the resulting system can be evaluated to give assurance that it is resilient to the given attack.