An architectural foundation for security model sharing and reuse

Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

Volumn , Issue , 2009, Pages 823-828

  Meland, Per Håkon ^a   Ardi, Shanai ^b   Jensen, Jostein ^a   Rios, Erkuden ^c   Sanchez, Txus ^c   Shahmehri, Nahid ^a   Tøndel, Inger Anne ^a  

^a SINTEF ICT   (Norway)

^b LINKÖPING UNIVERSITY   (Sweden)

^c TECNALIA RESEARCH AND INNOVATION   (Spain)

Author keywords

[No Author keywords available]

Indexed keywords

ASSISTING TOOLS; DEVELOPMENT PROCESS; ONLINE REPOSITORIES; REFERENCE ARCHITECTURE; SECURITY EXPERTS; SECURITY MODEL; SOFTWARE DEVELOPER; SOFTWARE SECURITY;

SOFTWARE DESIGN;

EID: 70349706054     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2009.110     Document Type: Conference Paper

References (18)

1. H. Mouratidis, P. Giorgini, and G. Manson, "When security meets software engineering: a case of modelling secure information systems," Information Systems, vol. 30, no. 8, pp. 609-629, 2005.
2. R. Anderson, R. Bhme, R. Clayton, and T. Moore, "Security economics and the internal market," The European Network and Information Security Agency (ENISA), Tech. Rep., January 31st. 2008.
3. N. Davis, "Developing secure software," Software Tech News, vol. 8, no. 2, pp. 3-7, July 2005.
4. OWASP Foundation, "Owasp top 10, the ten most critical web application security vulnerabilities, 2007 update," http://www.owasp.org/ index.php/Top-10-2007 (accessed November 1st 2008).
5. S. Ardi, D. Byers, P. H. Meland, I. A. Tøndel, and N. Shahmehri, "How can the developer benefit from security modeling?" in The first international workshop on secure software engineering (SecSE'07). Vienna, Austria: IEEE Computer Society, 2007, pp. 1017-1025.
6. SHIELDS Consortium, "SHIELDS - Detecting known security vulnerabilities from within design and development tools," http://www.shieldsproject.eu/ (accessed November 1st 2008).
7. U. Johansen, E. Stav, and S. Walderhaug, "The mafiia handbook - an architectural description framework for information integration systems," SINTEF ICT, Tech. Rep. STF90 A05139, 2003.
8. IEEE, "Recommended practices for architectural descriptions of software-intensive systems," IEEE, Tech. Rep. Std 1471- 2000, 2000.
9. P. Kruchten, "The 4+1 view model of architecture," IEEE Software, vol. 12, no. 6, pp. 42-50, 1995.
10. Yahoo! Inc, "Flickr - photo sharing," http://www.flickr.com (accessed April 18th 2008).
11. Hoff, Todd, "Flickr architecture - high scalability," http: //highscalability.com/flickr-architecture (accessed April 18th 2008).
12. E. Gamma, R. Helm, R. Johnson, and J. Vlissides, Design patterns: elements of reusable object-oriented software. Addison-Wesley Professional, 1995.
13. C. E. Landwehr, B. C. Gabrielson, and J. D. Humphrey, "Requirements and approaches for a computer vulnerability data archive," in Invitational Workshop on Computer Vulnerability Data Sharing, Gaithersburg, MD, 1996.
14. L. Clark, "Businesses must keep back door locked to hackers," ComputerWeekly, vol. 2008, no. March 20th, 2008.
15. The Eclipse Foundation, "Eclipse.org home," http://www. eclipse.org/ (accessed November 1st 2008).
16. C. Steel, R. Nagappan, and R. Lai, Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management. Prentice Hall, 2005.
17. NIST and OSD and DHS and NSA and DISA, "The information security automation program and the security content automation protocol," http://nvd.nist.gov/scap.cfm (accessed October 31st 2008).
18. SOMAP.org, "Security officers management & analysis project," http://www.somap.org/ (accessed November 1st 2008).