The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
The Rational Unified Process: an introduction
The Rational Unified Process: an introduction
UML components: a simple process for specifying component-based software
UML components: a simple process for specifying component-based software
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Abuse-Case-Based Assurance Arguments
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
The CORAS methodology: model-based risk assessment using UML and UP
UML and the unified process
Eliciting security requirements with misuse cases
Requirements Engineering
Model-Based Performance Risk Analysis
IEEE Transactions on Software Engineering
Software Security: Building Security In
Software Security: Building Security In
Architectural-Level Risk Analysis Using UML
IEEE Transactions on Software Engineering
Specification and refinement of soft real-time requirements using sequence diagrams
FORMATS'05 Proceedings of the Third international conference on Formal Modeling and Analysis of Timed Systems
AMBRA: automated model-based risk analysis
Proceedings of the 2007 ACM workshop on Quality of protection
Electronic Notes in Theoretical Computer Science (ENTCS)
Science of Computer Programming
A semantic paradigm for component-based specification integrating a notion of security risk
FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Controlling security of software development with multi-agent system
KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part IV
Hi-index | 0.01 |
We propose an integrated process for component-based system development and security risk analysis. The integrated process is evaluated in a case study involving an instant messaging component for smart phones. We specify the risk behaviour and functional behaviour of components using the same kinds of description techniques. We represent main security risk analysis concepts, such as assets, stakeholders, threats and risks, at the component level.