Using model-based security analysis in component-oriented system development

Authors:
Gyrd Brændeland;Ketil Stølen
Affiliations:
SINTEF & University of Oslo, Norway;SINTEF & University of Oslo, Norway
Venue:
Proceedings of the 2nd ACM workshop on Quality of protection
Year:
2006

Citing 12
Cited 5

The Unified Modeling Language reference manual

The Unified Modeling Language reference manual
The Rational Unified Process: an introduction

The Rational Unified Process: an introduction
UML components: a simple process for specifying component-based software

UML components: a simple process for specifying component-based software
SecureUML: A UML-Based Modeling Language for Model-Driven Security

UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Abuse-Case-Based Assurance Arguments

ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
The CORAS methodology: model-based risk assessment using UML and UP

UML and the unified process
Eliciting security requirements with misuse cases

Requirements Engineering
Model-Based Performance Risk Analysis

IEEE Transactions on Software Engineering
Software Security: Building Security In

Software Security: Building Security In
Architectural-Level Risk Analysis Using UML

IEEE Transactions on Software Engineering
Specification and refinement of soft real-time requirements using sequence diagrams

FORMATS'05 Proceedings of the Third international conference on Formal Modeling and Analysis of Timed Systems

AMBRA: automated model-based risk analysis

Proceedings of the 2007 ACM workshop on Quality of protection
Extending UML Sequence Diagrams to Model Trust-dependent Behavior With the Aim to Support Risk Analysis

Electronic Notes in Theoretical Computer Science (ENTCS)
Extending UML sequence diagrams to model trust-dependent behavior with the aim to support risk analysis

Science of Computer Programming
A semantic paradigm for component-based specification integrating a notion of security risk

FAST'06 Proceedings of the 4th international conference on Formal aspects in security and trust
Controlling security of software development with multi-agent system

KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part IV

Quantified Score

Hi-index	0.01

Visualization

Abstract

We propose an integrated process for component-based system development and security risk analysis. The integrated process is evaluated in a case study involving an instant messaging component for smart phones. We specify the risk behaviour and functional behaviour of components using the same kinds of description techniques. We represent main security risk analysis concepts, such as assets, stakeholders, threats and risks, at the component level.