Developing Secure Networked Web-Based Systems Using Model-based Risk Assessment and UMLsec

Authors:
Siv Hilde Houmb;Jan Jürjens
Affiliations:
-;-
Venue:
APSEC '03 Proceedings of the Tenth Asia-Pacific Software Engineering Conference Software Engineering Conference
Year:
2003

Citing 0
Cited 3

Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles

Journal of Systems and Software
The practical application of a process for eliciting and designing security in web service systems

Information and Software Technology
Appraisal and reporting of security assurance at operational systems level

Journal of Systems and Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

Despite a growing awareness of security issues in networkedcomputing systems, most development processesused today still do not take security aspects into account.To address this problem, we designed a process for developingsecure networked systems based on the extension of theUnified Modeling Language (UML) for secure systems developmentUMLsec and on the concept of model-based riskassessment (MBRA). Enterprise information such as securitypolicies, business goals, policies and processes are supportedthrough activities in the model-based integrated developmentprocess. These are then refined to security requirementsat a more technical level, which can be expressedusing UMLsec, and which can be analysed mechanicallyusing the tool-support for UMLsec.