A rigorous methodology for security architecture modeling and verification

Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS

Volumn , Issue , 2009, Pages

  Ali, Yomna ^a   El Kassas, Sherif ^a   Mahmoud, Mohy ^a  

^a AMERICAN UNIVERSITY IN CAIRO   (Egypt)

Author keywords

[No Author keywords available]

Indexed keywords

ARCHITECTURE MODELING; CONSTRAINED MODELS; FORMAL REPRESENTATIONS; IN BUILDINGS; RIGOROUS METHODOLOGIES; SECURITY ARCHITECTURES; SECURITY PROPERTIES; SECURITY REQUIREMENTS; SMV MODELS; SYMBOLIC MODEL-CHECKING; THREAT MODELING; THREAT-MODELING PROCESS;

SOFTWARE ARCHITECTURE;

MODEL CHECKING;

EID: 63349090625     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/HICSS.2009.35     Document Type: Conference Paper

References (19)

1. Dianxiang Xu, Kendall E. Nygard, "Threat-Driven Modeling and Verification of Secure Software Using Aspect-Oriented Petri Nets," IEEE Transactions on Software Engineering, vol. 32, no. 4, pp. 265-278, Apr., 2006.
2. Yi Deng, Jiacun Wang, Jeffrey J.P. Tsai, Konstantin Beznosov, "An Approach for Modeling and Analysis of Security System Architectures," IEEE Transactions on Knowledge and Data Engineering, vol. 15, no. 5, pp. 1099-1119, Sept/Oct, 2003.
3. Bruce Schneier, "Attack Trees," Dr. Dobb's Journal December 1999. http://www.schneier.com/paper-attacktrees-fig1.html
4. Ebenezer Oladimeji, Sam Supakkul, and Lawrence Chung, "Security Threat Modeling: A Goal-Oriented Approach," Proceedings of SEA'06, Dallas, TX, Dec. 2006
5. Guttorm Sindre, and Andreas L. Opdahl. "Eliciting security requirements by misuse cases. " Proceedings of TOOLS Pacific 2000, pp. 120-131, 2000.
6. Suvda Myagmar, Adam J. Lee, and William Yurcik, "Threat Modeling as a Basis for Security Requirements," Symposium on Requirements Engineering for Information Security (SREIS) in conjunction with 13th IEEE International Requirements Engineering Conference (RE), Paris, France, Aug., 2005.
7. Michael Howard and David LeBlanc, "Writing Secure Code," Microsoft Press, 2002.
8. Charles B. Haley, Robin C. Laney, Bashar Nuseibeh, "Deriving Security Requirements from Crosscutting Threat Descriptions," Proceedings of the Third Int'l Conf. Aspect-Oriented Software Development, pp. 112-121, 2004.
9. Dianxiang Xu and Josh Pauli, "Threat-Driven Design and Analysis of Secure Software Architectures," Journal of Information Assurance (JIAS), vol. 1, no. 2, June 2006.
10. Axel van Lamsweerde and Emmanuel Letier, "Handling Obstacles in Goal-Oriented Requirements Engineering," IEEE Transactions on Software Enineering. Special Issue on Exception Handling, 2000.
11. Axel van Lamsweerde, "Elaborating Security Requirements by Construction of Intentional Anti-Models," Proceedings of ICSE'04, 26th International Conference on Software Engineering,Edinburgh, pp.148-157, May 2004.
12. Yujian Fu, Zhijiang Dong, Xudong, "Modeling, Validating and Automating Composition of Web Services," ACM International Conference Proceeding Series, Proceedings of the 6th international conference on Web engineering, 2006.
13. Mihir M. Ayachit and Haiping Xu, "A Petri Net Based XML Firewall Security Model for Web Services Invocation," Proceedings of the International Conference on Communication, Network, and Information Security (CNIS 2006), pp. 61-67, MIT, Cambridge, Massachusetts, USA, Oct, 2006.
14. Meyer C. Tanuan, "Automated analysis of unified modeling language (UML) specifications." Master's thesis presented to the University of Waterloo, August 2001.
15. Xudong He, Junhua Ding, J. Wang and Yi Deng, "Model checking software architecture specifications in SAM", Proceedings of International Conference on Software Engineering and Knowledge Engineering, Ischia, Italy, July 15-19, 2002.
16. Xudong He, Huiqun Yu, Tianjun Shi, Junhua Ding, Yi Deng, "Formally analyzing software architectural specifications using SAM," Journal of Systems and Software 71 (1-2), pp.11-29, 2004.
17. Anthony Hall and Roderick Chapman, "Correctness by Construction: Developing a. Commercial Secure System," IEEE Software, Jan/Feb 2002, pp18 - 25, 2002.
18. Ken McMllan. "The SMV System". Carnegie-Mellon University, Pittsburgh, PA, Feb. 1992.
19. Matthew B. Dwyer , George S. Avrunin , James C. Corbett. "Property Specification Patterns for Finite-State Verification." 2nd Workshop on Formal Methods in Software Practice, pp 7 - 15, Clearwater Beach, FL, USA, 1998.