Maintaining results from security assessments

Proceedings of the European Conference on Software Maintenance and Reengineering, CSMR

Volumn , Issue , 2003, Pages 341-350

  Lund, M S ^a   Den Braber, F ^a   Stolen, K ^a  

^a SINTEF   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

COMPONENT-ORIENTED APPROACH; SECURITY ASSESSMENT;

LIME; REENGINEERING;

COMPUTER SOFTWARE MAINTENANCE;

EID: 33749360118     PISSN: 15345351     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSMR.2003.1192442     Document Type: Conference Paper

References (32)

1. Abadi, M., Lamport, L. Conjoining specification. ACM TOPLAS 17:507-533,1995.
2. AS/NZS 4360:1999 Risk management.
3. Atkinson, C., Bayer, J., Bunse, C., Kamsties, E., Laitenberger, O., Laqua, R., Muthig, D., Paech, B., Wüst, J., Zettel, J. Component-based product line engineering with UML. Addison-Wesley, 2002.
4. Barber, B., Davey, J. The use of the CCTA risk analysis and management methodology CRAMM. In Proc. MEDINFO92, pages 1589-1593. North Holland, 1992.
5. Bouti, A., Ait Kadi, D. A state-of-the-art review of FMEA/FMECA. International Journal of Reliability, Quality and Safety Engineering 1:515-543, 1994.
6. den Braber, F., Dimitrakos, T., Gran, B. A., Lund, M. S., Stlen, K., Aagedal, J. The CORAS methodology: modelbased risk management using UML and UP. Chapter in book titled UML and the Unified Process. IRM Press, 2003.
7. Bray, T., Paoli, J., Sperberg-McQueen, C. M., Maler, E. Extensible markup language (XML) 1. 0 (Second edition). World Wide Web Consortium recommendation REC-xml, October 2000.
8. Clements, P., Northrop, L. Software product lines: practices and patterns. Addision-Wesley, 2001.
9. Clements, P., Kazman, R., Klein, M. Evaluating software architectures: methods and case studies. Addison-Wesley, 2002.
10. D'Souza, F., Wills, A. C. Objects, components, and frameworks with UML: the Catalysis approach. Addison-Wesley, 1998.
11. Dimitrakos, T., Ritchie, B., Raptis, D., Aagedal, J. , den Braber, F., Stlen, K., Houmb, S-H. Integrating model-based security risk management into eBusiness systems development: The CORAS approach. In Proc. I3E2002, pages 159-175. Kluwer, 2002.
12. Fevrier, A., Najm, E., Stefani, J. B. Contracts for ODP. In Proc. ARTS97, LNCS 1231, pages 216-232. Springer, 1997.
13. Hoare, C. A. R. An axiomatic basis for computer programming. Communications of the ACM, 12:576-583, 1969.
14. Houmb, S-H., den Braber, F., Lund, M. S., Stlen, K. Towards a UML profile for model-based risk assessment. In Proc. UML'2002 Satellite Workshop on Critical Systems Development with UML, pages 79-91, Munich University of Technology, 2002.
15. IEC 1025: 1990 Fault tree analysis (FTA).
16. Information technology security evaluation criteria (ITSEC), version 1. 2, Office for Official Publications of the European Communities, June 1991.
17. ISO/IEC 10746: 1995 Basic reference model for open distributed processing.
18. ISO/IEC TR 13335-1:2001: Information technology-Guidelines for the management of IT Security-Part 1: Concepts and models for IT Security.
19. ISO/IEC 15408:1999 Information technology-Security techniques-Evaluation criteria for IT security.
20. ISO/IEC 17799: 2000 Information technology-Code of practise for information security management.
21. Jacobson, I., Rumbaugh, J., Booch, G. The unified software development process. Addison-Wesley, 1999.
22. Jones, C. B. Development methods for computer programs including a notion of interference. PhD-thesis, Oxford University, 1981.
23. Lano, K., Androutsopoulos, K., Clark, D. Structuring and design of reactive systems using RSDS and B. In Proc. FASE 2000, LNCS 1783, pages 97-111. Springer, 2000.
24. Littlewood, B. A reliability model for systems with Markov structure. Journal of the Royal Statistical Society Series CApplied Statistics, 24(2):172-177. 1975.
25. Meyer, B. Object-oriented software construction. Prentice Hall, 1997.
26. Mingis, C., Liu, Y. From UML to design by contract. Journal of Object-Oriented Programming, April issue: 6-9, 2001.
27. OMG-UML. Unified Modeling Language Specification, version 1. 4, 2001.
28. Raptis, D., Dimitrakos, T., Gran, B. A., Stlen, K. The CORAS approach for model-based risk analysis applied to the ecommerce domain. In Proc. CMS-2002, pages 169-181. Kluwer, 2002.
29. Redmill, F., Chudleigh, M., Catmur, J. Hazop and software hazop. Wiley, 1999.
30. Stamatiou, Y. C., Henriksen, E., Lund, M. S, Mantzouranis, E., Psarros, M., Skipenes, E., Stathiakos, N., Stlen, K. Experiences from using model-based risk assessment to evaluate the security of a telemedicine application. To appear in Proc. Telemedicine in Care Delivery, 2002.
31. Wyss, G. D., Craft, R. L., Funkhouser, D. R. The use of object-oriented analysis methods in surety analysis. SAND Report 99-1242. Sandia National Laboratories, 1999.
32. Aagedal, J. ., den Braber, F., Dimitrakos, T., Gran, B. A., Raptis, D., Stlen, K. Model-based risk assessment to improve enterprise security. In Proc. EDOC'2002, pages 51-62. IEEE Computer Society, 2002.