Empirical studies of software engineering: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Secure systems development based on the common criteria: the PalME project
Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
E-SETHEO: An Automated3 Theorem Prover
TABLEAUX '00 Proceedings of the International Conference on Automated Reasoning with Analytic Tableaux and Related Methods
Sound methods and effective tools for model-based security engineering with UML
Proceedings of the 27th international conference on Software engineering
Secure Software Development by Example
IEEE Security and Privacy
Tools for model-based security engineering
Proceedings of the 28th international conference on Software engineering
Security Analysis of Crypto-based Java Programs using Automated Theorem Provers
ASE '06 Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering
Secure Systems Development with UML
Secure Systems Development with UML
Developing Secure Embedded Systems: Pitfalls and How to Avoid Them
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Tools for model-based security engineering: models vs. code
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Model-based security analysis for mobile communications
Proceedings of the 30th international conference on Software engineering
Software engineering article types: An analysis of the literature
Journal of Systems and Software
An experimental environment for teaching Java security
Proceedings of the 6th international symposium on Principles and practice of programming in Java
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
Tools for Traceability in Secure Software Development
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Security Analysis of a Biometric Authentication System Using UMLsec and JML
MODELS '09 Proceedings of the 12th International Conference on Model Driven Engineering Languages and Systems
A systematic review of security requirements engineering
Computer Standards & Interfaces
Automated analysis of permission-based security using UMLsec
FASE'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Fundamental approaches to software engineering
Design and realization of concurrent processing system for network security event
IITA'09 Proceedings of the 3rd international conference on Intelligent information technology application
Security requirements engineering framework for software product lines
Information and Software Technology
Components, platforms and possibilities: towards generic automation for MDA
EMSOFT '10 Proceedings of the tenth ACM international conference on Embedded software
Introducing mitigation use cases to enhance the scope of test cases
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Security policy foundations in context UNITY
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
A practical application of our MDD approach for modeling secure XML data warehouses
Decision Support Systems
Tools for traceable security verification
VoCS'08 Proceedings of the 2008 international conference on Visions of Computer Science: BCS International Academic Conference
Not Ready for Prime Time: A Survey on Security in Model Driven Development
International Journal of Secure Software Engineering
Formalization of design patterns for security anddependability
Proceedings of the 4th international ACM Sigsoft symposium on Architecting critical systems
Hi-index | 0.00 |
Given the explosive growth of digitally stored information in modern enterprises, distributed information systems together with search engines are increasingly used in companies. By enabling the user to search all relevant information sources with one single query, however, crucial risks concerning information security arise. In order to make these applications secure, it is not sufficient to penetrate-and- patch past system development, but security analysis has to be an integral part of the system design process for such distributed information systems. This work presents the experiences and results of the security analysis of a search engine in the intranet of a German car manufacturer, by making use of an approach to Model-based Security Engineering that is based on the UML extension UMLsec. The focus lies on the application's single-sign-on-mechanism, which was analyzed using the UMLsec method and tools. Main results of the paper include a field report on the employment of the UMLsec method in an industrial context as well as indications on its benefits and limitations.