Idea: Reusability of threat models - Two approaches with an experimental evaluation

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5965 LNCS, Issue , 2010, Pages 114-122

  Meland, Per Håkon ^a   Tøndel, Inger Anne ^a   Jensen, Jostein ^a  

^a SINTEF ICT   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

ATTACK TREE; CONTROLLED EXPERIMENT; EXPERIMENTAL EVALUATION; KNOWLEDGE-SHARING; MISUSE CASE; PROFESSIONAL SOFTWARE; QUALITATIVE EVALUATIONS; SOFTWARE COMPANY; SOFTWARE DEVELOPER;

COMPUTER SOFTWARE SELECTION AND EVALUATION; EXPERIMENTS; PRODUCTIVITY; QUALITY CONTROL; REUSABILITY;

COMPUTER SOFTWARE REUSABILITY;

EID: 77949463181     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-11747-3_9     Document Type: Conference Paper

References (14)

1. McGraw, G.: Software Security: Building Security In. Addison-Wesley, Reading (2006)
2. Mouratidis, H., Giorgini, P., Manson, G.: When security meets software engineering: a case of modelling secure information systems. Information Systems 30(8), 609-629 (2005)
3. Torr, P.: Demystifying the threat modeling process. IEEE Security & Privacy 3(5), 66-70 (2005)
4. Schneier, B.: Attack trees. Dr. Dobb's Journal (1999)
5. Swiderski, F., Snyder, W.: Threat modeling. Microsoft Press, Redmond (2004)
6. Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Engineering 10(1), 34-44 (2005)
7. Haley, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering: A framework for representation and analysis. IEEE Transactions on Software Engineering 34(1), 133-153 (2008)
8. Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: IEEE International Conference on Requirements Engineering, pp. 151-161 (2003)
9. Opdahl, A.L., Sindre, G.: Experimental comparison of attack trees and misuse cases for security threat identification. Information and Software Technology 51(5), 916-932 (2009)
10. Sindre, G., Firesmith, D.G., Opdahl, A.L.: A reuse-based approach to determining security requirements. In: Proceedings of the 9th international workshop on requirements engineering: foundation for software quality, REFSQ 2003 (2003)
11. Diallo, M.H., Romero-Mariona, J., Sim, S.E., Alspaugh, T.A., Richardson, D.J.: A comparative evaluation of three approaches to specifying security requirements. In: 12th Working Conference on Requirements Engineering: foundation for Software Quality, REFSQ 2006 (2006)
12. Davis, F.: Perceived usefulness, perceived ease of use, and user acceptance of information technologies. MIS Quarterly 13(3), 319-340 (1989)
13. Meland, P.H., Spampinato, D.G., Hagen, E., Baadshaug, E.T., Krister, K.M., Vell, K.S.: SeaMonster: Providing tool support for security modeling. In: Norsk informasjonssikkerhetskonferanse, NISK 2008, Tapir (2008)
14. Meland, P.H., Ardi, S., Jensen, J., Rios, E., Sanchez, T., Shahmehri, N., Tøndel, I.A.: An architectural foundation for security model sharing and reuse. In: Proceedings of the Fourth International Conference on Availability, Reliability and Security (ARES2009), pp. 823-828. IEEE Computer Society, Los Alamitos (2009)