A risk-driven security analysis method and modelling language

BT Technology Journal

Volumn 25, Issue 1, 2007, Pages 141-153

  Kearney, P ^a   Brugger L ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

INDUSTRIAL MANAGEMENT; OPTIMIZATION; RISK ANALYSIS; RISK ASSESSMENT; RISK MANAGEMENT;

MODELLING LANGUAGE; OPERATIONAL RISK MANAGEMENT;

SECURITY OF DATA;

EID: 33947420435     PISSN: 13583948     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10550-007-0016-6     Document Type: Article

References (22)

1. Baldwin A, Beres Y, Shiu S and Kearney P: 'A Model Based Approach to Trust, Security and Assurance', BT Technol J, 24, No 4, pp 53-68 (October 2006).
2. Baldwin A, Beres Y and Shiu S: 'Using assurance models to aid the risk and governance life cycle', BT Technol J, 25, No 1, pp 128-140 (January 2007).
3. Meta-Object Facility (MOF™) specification - http://www.omg.org/ technology/documents/formal/MOF_Core.htm
4. Unified Modelling Language specification - http://www.uml.org/#UML2.0
5. Evans G and Benton S: 'The BT Risk Cockpit - A Visual Approach to ORM', BT Technol J, 25, No 1, pp 88-100 (January 2007).
6. Sindre G and Opdahl A L: 'Eliciting security requirements with misuse cases', Requir Eng, 10, pp 34-44 (2005).
7. Firesmith D: 'Security Use Cases', Journal of Object Technology, 2, pp 53-64 (2003).
8. Firesmith D: 'Engineering Security Requirements', Journal of Object Technology, 2, pp 53-68 (2003).
9. Schneier B: 'Attack Trees: Modeling Security Threats', Dr Dobb's Journal (1999).
10. Mauw S and Oostdijk M: 'Foundations of Attack Trees', in 'Information Security and Cryptology - ICISC 2005' Springer Lecture Notes in Computer Science, Vol 3935, pp 186-198 (2005).
11. Microsoft Security Developer Center: 'Threat Modeling', - http:// msdn.microsoft.com/security/securecode/threatmodeling/default.aspx
12. Giorgini P, Massacci F, Mylopoulos J and Zannone N: 'Modelling Security Requirements through Ownership, Permission and Delegation', 13th IEEE International Conference Requirements Engineering (2005).
13. Braber et al: 'Model-based security analysis in seven steps - a guided tour to the CORAS method', BT Technol J, 25, No 1, pp 101-117 January (2007).
14. 'UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms', OMG Adopted Specification (2004).
15. 'QinetiQ: The MOD Application of Domain Based Security (DBSy)', Version 1.0, CD-ROM (2004).
16. Flechais I, Mascolo C and Sasse M A: 'Integrating Security and Usability into the Requirements and Design Process', in 2nd International Conference on Global E-Security, IEE (2006).
17. Flechais I, Sasse MAA and Hailes S: 'Bringing security home: a process for developing secure and usable systems', pp 49-57 (2003).
18. Basin D, Doser J and Lodderstedt T: 'Model driven security: From UML models to access control infrastructures', ACM Transactions on Software Engineering and Methodology, 15, pp 39-91 (2006).
19. Lodderstedt T, Basin D and Doser J: 'SecureUML: A UML-Based Modeling Language for Model-Driven Security', Lecture Notes in Computer Science, Vol 2460, pp 426-441 (2002).
20. Jürjens J: 'Towards Development of Secure Systems Using UMLsec', Lecture Notes in Computer Science, Vol 2029, pp 187-200 (2001).
21. Jürjens J: 'UMLsec - Presenting the Profile', 6th Annual Workshop on Distributed Objects and Components Security, Baltimore, MD (2002).
22. Eclipse Graphical Modelling Framework - www.eclipse.org/gmf