Security Attack Testing (SAT)-testing the security of information systems at design time

Information Systems

Volumn 32, Issue 8, 2007, Pages 1166-1183

  Mouratidis, Haralambos ^a   Giorgini, Paolo ^b  

^a UNIVERSITY OF EAST LONDON   (United Kingdom)

^b UNIVERSITY OF TRENTO   (Italy)

Author keywords

Information system security testing; Information systems development methodology; Integrating security and software engineering; Scenarios

Indexed keywords

FORMAL LANGUAGES; HEALTH CARE; SECURITY OF DATA; SOCIAL ASPECTS; SOFTWARE ENGINEERING;

INFORMATION SYSTEMS DEVELOPMENT METHODOLOGY; INTEGRATING SECURITY; SECURITY ATTACK TESTING (SAT);

INFORMATION SYSTEMS;

EID: 34548508691     PISSN: 03064379     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.is.2007.03.002     Document Type: Article

References (37)

1. Lane V.P. Security of Computer Based Information Systems (1985), Macmillan Education ltd
2. Anderson R. Security Engineering: A Guide to Building Dependable Distributed Systems (2001), Wiley Computer Publishing
3. P. Devanbu, S. Stubblebine, Software engineering for security: a roadmap, in: Proceedings of the Conference of the Future of Software Engineering, 2000.
4. A. Michailova, M. Doche, M. Butler, Constraints for scenario-based testing of object-oriented programs, Technical Report, Electronics and Computer Science Department, University of Southampton, 2002.
5. A. Van Lamsweerde, Elaborating security requirements by construction of intentional anti-models, in: Proceedings of the International Conference on Software Engineering, 2004, pp. 148-157.
6. Viega J., and McGraw G. Building Secure Software-How to Avoid Security Problems the Right Way (2004), Addison-Wesley, Reading, MA
7. J. McDermott, C. Fox, Using abuse care models for security requirements analysis, in: Proceedings of the 15th Annual Computer Security Applications Conference, December 1999.
8. M. Schumacher, U. Roedig, Security engineering with patterns, in: the Proceedings of the 8th Conference on Pattern Languages for Programs (PLoP 2001), Illinois, USA, September 2001.
9. Anton A.I., and Earp J.B. A requirements taxonomy for reducing web site privacy vulnerabilities. Requirements Eng. 9 3 (2004) 169-185
10. Jurjens J. Secure Systems Development with UML (2004), Springer
11. L. Liu, E. Yu, J. Mylopoulos, Analysing security requirements as relationships among strategic actors, in: Proceedings of the 2nd Symposium on Requirements Engineering for Information Security (SREIS'02), Raleigh-North Carolina, 2002.
12. H. Mouratidis, P. Giorgini, G. Manson, An ontology for modelling security: The tropos approach, knowledge-based intelligent information and engineering systems, Lecture Notes in Artificial Intelligence, vol. 2773, 2003.
13. Crook R., Ince D., Lin L., and Nuseibeh B. Security requirements engineering: when anti-requirements hit the fan. Paoceedings of the 10th International Requirements Engineering Conference (2002), IEEE Press 203-205
14. H. Mouratidis, P. Giorgini, G. Manson, Integrating security and systems engineering: towards the modelling of secure information systems, in: Proceedings of the 15th International Conference on Advanced Information Systems (CaiSE), 2003.
15. Mouratidis H., Giorgini P., and Manson G. When Security Meets Software Engineering: A Case of Modelling Secure Information Systems. Inf. Syst. 30 8 (2005) 609-629
16. Mouratidis H., Weiss G., and Giorgini P. Modelling secure systems using an agent oriented approach and security patterns. Int. J. Software Eng. Knowledge Eng. 16 3 (2006) 471
17. Bishop M. Introduction to Computer Security (2005), Addison-Wesley, Reading, MA
18. M.R. Blackburn, R.D. Busser, A.M. Nauman, R. Chandramouli, Model-Based Approach to Security Test Automation, in: Proceedings of Quality Week, 2001
19. Mouratidis H., Philp I., and Manson G. A novel agent-based system to support the single assessment process of older people. J. Health Inf. 9 3 (2003) 149-162
20. Brescianni P., Giorgini P., Mouratidis H., and Manson G. Multiagent Systems and Security Requirements Analysis, in Advances in Software Engineering for Multiagent Systems. In: Lucena C., Garcia A., Romanovsky A., Castro J., and Alencar P. (Eds). Lecture Notes in Artificial Intelligence vol. 2940 (2003), Springer, Berlin
21. Bresciani P., Giorgini P., Giunchiglia F., Mylopoulos J., and Perini A. TROPOS: an agent-oriented software development methodology. J. Autonom. Agents Multi-Agent Systems 8 3 (2004) 203-236
22. H. Mouratidis, A security oriented approach in the development of multiagent Systems: applied to the management of the health and social care needs of older people in England, Ph.D. thesis, University of Sheffield, 2004.
23. J. Ryser, M. Glinz, SCENT-a method employing scenarios to systematically derive test cases for system test, Technical Report 2000.03, Institut für Informatik, University of Zurich, 2000.
24. Potts C., Takahashi K., and Anton A.I. Inquiry based requirements analysis. IEEE Software 11 2 (1994) 21-32
25. A.I. Anton, W.M. McCracken, C. Potts, Goal Decomposition and Scenario Analysis in Business Process Reengineering, in: Proceedings of the 6th Conference on Advanced Information Systems (CAiSE-1994), Utrecht-The Netherlands, 1994.
26. J.M. Carroll, M.B. Rosson, Getting around the task-artifact cycle: how to make claims and design by scenario, IBM Research Report, Human Computer Interaction, RC 17908 (75365), 1991.
27. Lalioti V., and Theodoulidis C. Visual scenarios for validation of requirements specification. Paoceedings of the 7th International Conference on Software Engineering and Knowledge Engineering (SEKE'95) (1995), Rochville, Maryland-USA
28. Stallings W. Cryptography and Network Security: Principles and Practice. second ed. (1999), Prentice-Hall, Englewood Cliffs, NJ
29. Schneier B. Secrets & Lies: Digital Security in a Networked World (2000), Wiley, New York
30. Kosters G., Pagel B.U., and Winter M. Coupling use cases and class models. Proceedings of the BCS-FACS/EROS workshop on "Making Object Oriented Methods More Rigorous" (1997), Imperial College, London-England
31. Selby R.W., Basili V.R., and Baker F.T. Cleanroom software development: an empirical Evaluation. IEEE Trans. Software Eng. 13 9 (1997) 1027-1037
32. Sommerville I. Software Engineering. seventh ed. (2005), Addison-Wesley, Reading, MA
33. IEEE Standard Glossary of Software Engineering Terminology, IEEE Std 729, 1990.
34. Patton R. Software Testing (2000), Sams
35. Hsia P., Kung D., and Sell C. Software requirements and acceptance testing. Ann. Software Eng. 3 (1997) 291-317
36. W.T. Tsai, A. Saimi, L. Yu, R. Paul, Scenario-based object oriented testing framework, in: Proceedings of the 3rd International Conference on Quality Software, 2002, p. 410.
37. J. Wittevrongel, F. Maurer, SCENTOR: scenario-based testing of e-business applications, in: Proceedings of the 10th IEEE International Workshop on Enabling Technology: Infrastructure for Collaborative Enterprises, 2001, USA, p. 41.