Security engineering for ambient intelligence: A manifesto

Integrating Security and Software Engineering: Advances and Future Visions

Volumn , Issue , 2006, Pages 244-270

  Mana A ^a   Rudolph, C ^b   Spanoudakis, G ^c   Lotz, V ^d   Massacci, F ^e   Melideo, M ^f   Lopez Cobo J S ^g  

^a UNIVERSITY OF MÁLAGA   (Spain)

^b FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY SIT   (Germany)

^c CITY UNIVERSITY   (United Kingdom)

^d SAP Research   (France)

^e UNIVERSITY OF TRENTO   (Italy)

^f ENGINEERING INGEGNERIA INFORMATICA S P A   (Italy)

^g ATOS Origin ^*  (Spain)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 37249038828     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.4018/978-1-59904-147-6.ch011     Document Type: Chapter

References (39)

1. Anderson, R. (2001). Security engineering: A guide to build dependable systems. New York: Wiley & Sons.
2. Banavar, G., & Bernstein, A. (2002, December). Software infrastructure and design challenges for ubiquitous computing applications. Communications of the ACM, 45(12), 92-6.
3. BEA. (2003). BEA WebLogic security framework: Working with your security ecosystem. Retrieved May 2003, from http://www.bea.com
4. Bensalem S., Bozga, M., Krichen, M., & Tripakis, S. (2004). Testing conformance of real-time software by automatic generation of observers. Proceedings of the 4th Workshop on Runtime Verification (RV'04). Retrieved January 2005, from http://ase.arc.nasa.gov/rv2004
5. Blakley, B., Heath, C., & members of The Open Group Security Forum (2004). Security design patterns (SDP) technical guide. Retrieved from http://www.opengroup.org/security/gsp.htm
6. Cheng, B. H. C., Konrad, S., Campbell, L. A., & Wassermann, R. (2003, September). Using security patterns to model and analyze security requirements. High Assurance Systems Workshop (RHAS03), Monterey Bay, CA.
7. Cohen, D., Feather, M., Narayanaswamy, K, & Fickas, S. (1997). Automatic monitoring of software requirements. Proceedings of the 19th International Conference on Software Engineering.
8. Damianou, N., Dulay, N., Lupu, E., & Sloman, M. (2001). The ponder policy specification language. POLICY 2001 (pp. 18-38). LNCS. Berlin Heidelberg: Springer-Verlag.
9. English, C., Terzis, S., & Nixon, P. (2004). Towards self-protecting ubiquitous systems monitoring trust-based interactions. Proceedings of UbiSys ' 04.
10. Fayad, M., Johnson, R., & Schmidt, D. C. (1999). Building application frameworks: Object-oriented foundations of framework design. Wiley & Sons.
11. Feather, M., et al. (1998). Reconciling system requirements and runtime behaviour. Proceedings of the 9th International Work on Software Specification & Design.
12. Feather, M., & Fickas, S. (1995). Requirements monitoring in dynamic environments. Proceedings of International Conference on Requirements Engineering.
13. Focardi, R., & Rossi, S. (2002). Information flow security in dynamic contexts. Proceedings of the 15th IEEE Computer Security Foundations Workshop. CSFW 15.
14. Gruber, T. R. (1993). Toward principles for the design of ontologies used for knowledge sharing. In N. Guarino & R. Poli (Eds.), Formal ontology in conceptual analysis and knowledge representation. Dordrecht, The Netherlands: Kluwer Academic Publishers.
15. IBM's Security Strategy team (2004). Introduction to business security patterns. An IBM White Paper. Retrieved from http://www-3.ibm.com/security/patterns/intro.pdf
16. Karaorman, M., & Freeman, J. (2004). jMonitor: Java runtime event specification and monitoring library. Proceedings of the 4th Workshop on Runtime Verification (RV '04). Retrieved January 2005, from http://ase.arc.nasa.gov/rv2004
17. Kienzle, D. M., & Elder, M. C. (2003). Final technical report: Security patterns for Web application development. Retrieved March 2005, from http://www.scrypt.net/~celer/securitypatterns/final%20report.pdf
18. Ko, C. (1996). Execution monitoring of security-critical programs in a distributed system: A specification-based approach. PhD Thesis, University of California at Davis.
19. Llewellyn-Jones, D., Merabti, M., Shi, Q., & Askwith, B. (2004, April). An extensible framework for practical secure component composition in a ubiquitous computing environment. Proceedings of International Conference on Information Technology, Las Vegas, USA.
20. López, J., Maña, A., Pimentel, E., Troya, J. M., & Yagüe, M. I. (2002). Access control infrastructure for digital objects. International Conference on Information and Communications Security 2002. LNCS. 2513. Singapore: Springer-Verlag.
21. Mahbub, K., & Spanoudakis, G. (2004). A framework for requirements monitoring of service based systems. Proceedings of the 2nd International Conference on Service Oriented Computing, ICSOC 2004. New York.
22. Mahbub, K., & Spanoudakis, G. (2005). Run-time monitoring of requirements for systems composed of Web-services: Initial implementation and evaluation experience. The 3rd International IEEE Conference on Web Services (ICWS 2005).
23. Maña, A., Montenegro, J. A., Ray, D., Sánchez, F., & Yagüe, M. I. (2003). Integrating & automating security engineering in UML. IASTED International Conference on Communication, Network and Information Security (CNIS'03). New York: Acta Press.
24. Mantel, H. (2002). On the composition of secure systems. Proceedings of the 2002 IEEE Symposium on Security and Privacy.
25. Object Management Group. (OMG). Common Object Request Broker Architecture (CORBA) Core Specification. Retrieved July 2004, from http://www.omg.org
26. Robinson, W. (2002). Monitoring Software requirements using instrumented code. Proceedings of the Hawaii International Conference on Systems Sciences.
27. Robinson, W. (2004). Monitoring Web service requirements. Proceedings of the 4th Workshop on Runtime Verification (RV '04). Retrieved January 2005, from http://ase.arc.nasa.gov/rv2004/
28. Román, M., Hess, C. K., Cerqueira, R., Ranganathan, A., Campbell, R. H., & Nahrstedt, K. (2002, October-December). Gaia: A middleware infrastructure to enable active spaces. Proceedings of IEEE Pervasive Computing (pp. 74-83).
29. Romanosky, S. (2002). Enterprise security patterns. Proceedings of the 7th European Conference on Pattern Languages of Programs.
30. Schmidt, D. C. (2003, May 3-10). Patterns, frameworks, and middleware: Their synergestic relationships. Invited talk at IEEE/ACM International Conference on Software Engineering, Portland, Oregon.
31. Schumacher, M. (2003). Security engineering with patterns: Origins, theoretical model and new applications. Springer.
32. Serban, C., & McMillin, B. (1996). Run-time security evaluation (RTSE) for distributed applications. IEEE Symposium on Security and Privacy.
33. Shi, Q., & Zhang, N. (1998, November). An effective model for composition of secure systems. Journal of Systems and Software, 43(3), 233-44.
34. Thati, P., & Rosu, G. (2004). Monitoring algorithms for metric temporal logic specifications. Proceedings of the 4th Workshop on Runtime Verification (RV '04). Retrieved January 2005, from http://ase.arc.nasa.gov/rv2004/
35. Tryfonas, T., Kiountouzis, E., & Poulymenakou, A. (2001). Embedding security practices in contemporary information systems development approaches. Information Management & Computer Security, 9(4), 183-197.
36. Wimmel, G., & Wisspeintner, A. (2001). Extended description techniques for security engineering. In M. Dupuy & P. Paradinas (Eds.), Trusted information: The new decade challenge, IFIP TC11. The 16th International Conference on Information Security (IFIP/Sec'01) (pp. 470-485). Paris: Kluwer Academic Publishers.
37. Yagüe, M., Maña, A., & Sanchez, F. (2004). Semantic interoperability of authorizations. Security in information systems. Proceedings of the 2nd International Workshop on Security In Information Systems, WOSIS 2004.
38. Yang, H., Luo, H., Ye, F., Lu, S., & Zhang, L. (2004, February). Security in mobile ad hoc networks: Challenges and solutions. IEEE Wireless Communications, 11(1), 38-47.
39. Yoder, J., & Barcalow, J. (2000). Architectural patterns for enabling application security: Pattern languages of program design 4 (pp. 301-336). Reading, MA: Addison Wesley.