Security asset elicitation for collaborative models

Authors:
Maria Vasilevskaya;Simin Nadjm-Tehrani;Linda Ariani Gunawan;Peter Herrmann
Affiliations:
Linköping University, Linköping, Sweden;Linköping University, Linköping, Sweden;Norwegian University of Science and Technology, Trondheim, Norway;Norwegian University of Science and Technology, Trondheim, Norway
Venue:
Proceedings of the Workshop on Model-Driven Security
Year:
2012

Citing 10
Cited 1

SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Security Patterns: Integrating Security and Systems Engineering

Security Patterns: Integrating Security and Systems Engineering
Model-based security analysis in seven steps --- a guided tour to the CORAS method

BT Technology Journal
Tool support for the rapid composition, analysis and implementation of reactive services

Journal of Systems and Software
Improving the Classification of Security Patterns

DEXA '09 Proceedings of the 2009 20th International Workshop on Database and Expert Systems Application
Automated Encapsulation of UML Activities for Incremental Development and Verification

MODELS '09 Proceedings of the 12th International Conference on Model Driven Engineering Languages and Systems
Classifying security patterns

APWeb'08 Proceedings of the 10th Asia-Pacific web conference on Progress in WWW research and development
Secure Systems Development with UML

Secure Systems Development with UML
A tool-supported method for the design and implementation of secure distributed applications

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Reactive semantics for distributed UML activities

FMOODS'10/FORTE'10 Proceedings of the 12th IFIP WG 6.1 international conference and 30th IFIP WG 6.1 international conference on Formal Techniques for Distributed Systems

Compositional verification of application-level security properties

ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Building secure systems is a difficult job for most engineers since it requires in-depth understanding of security aspects. This task, however, can be assisted by capturing security knowledge in a particular domain and reusing the knowledge when designing applications. We use this strategy and employ an information security ontology to represent the security knowledge. The ontology is associated with system designs which are modelled in collaborative building blocks specifying the behaviour of several entities. In this paper, we identify rules to be applied to the elements of collaborations in order to identify security assets present in the design. Further, required protection mechanisms are determined by applying a reasoner to the ontology and the obtained assets. We exemplify our approach with a case study from the smart metering domain.