Fault trees for security system design and analysis

Computers and Security

Volumn 22, Issue 3, 2003, Pages 256-264

  Brooke, Phillip J ^a   Paige, Richard F ^b  

^a UNIVERSITY OF PLYMOUTH   (United Kingdom)

^b UNIVERSITY OF YORK   (United Kingdom)

Author keywords

Fault tree analysis; Security

Indexed keywords

FAULT TREE ANALYSIS; LOGIC CIRCUITS; PUBLIC KEY CRYPTOGRAPHY; SYSTEMS ANALYSIS;

CURRENT PUBLIC-KEY CRYPTOSYSTEM; SECURITY-CRITICAL SYSTEMS;

SECURITY OF DATA;

EID: 0037903638     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/S0167-4048(03)00313-4     Document Type: Article

References (15)

1. US Nuclear Regulatory Commission, Fault Tree Handbook, NUREG-0492 (January 1981).
2. Fault tree analysis programs, http://www.enre.umd.edu/ftap.htm, materials and Engineering Department, University of Maryland.
3. Anderson, R.J., 2000. Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley, 2001.
4. Helmer, G., Wong, J., Slagell, M., Honavar, V., Miller, L. and Lutz, R., 2001. A software fault tree approach to requirement analysis of an intrusion detection system. 1st Symposium on Requirements Engineering for Information Security 2000, Indianapolis, Indiana, USA, 2001.
5. Schneier, B., 1999. Attack trees: Modeling security threats, Dr Dobb's Journal, 1999.
6. Moore, A., Ellison, R. and Linger, R., 2001. Attack modeling for information security and survivability. Tech. Rep., Carnegie Mellon Software Engineering Institute (2001).
7. Fronczak, E.L., 1998. A top-down approach to high-consequence fault analysis for software systems. Proceedings of the 16th International System Safety Conference, 1998.
8. Winther, R., Johnsen, O.-A. and Gran, B.A., 2001. Security assessments of safety critical systems using HAZOPs. Proceedings of SAFECOMP 2001, 2001.
9. McDermott, J. and Fox, C., 1999. Using abuse case models for security requirements analysis. Proc. COMPSAC 1999, 1999.
10. McDermott, J., 2001. Abuse case-based assurance arguments. Proc. Computer Security Applications Conference 2001, 2001.
11. Sindre, G. and Opdahl, A., 2000. Eliciting security requirements by miuse cases. Proc. TOOLS Pacific 2000, IEEE Press, 2000.
12. Jurgens, J., 2002. Using UMLsec and goal trees for secure systems development. Proc. Symposium on Applied Computing (SAC) 2002, ACM Press, 2002.
13. Chung, L., 1993. Dealing with security requirements during the development of information systems. Proc. CAiSE'93, no. 685 in LNCS, Springer-Verlag, 1993.
14. Lowe, G. and Roscoe, B., 1997. Using CSP to detect errors in the TMN protocol. IEEE Transactions on Software Engineering, Vol. 23 (10), 1997, pp. 659-669.
15. Sommerville, I., 2001. Software Engineering, 6th Edition, Addison Wesley, 2001.