Analysis of Secure Mobile Grid Systems: A systematic approach

Information and Software Technology

Volumn 52, Issue 5, 2010, Pages 517-536

  Rosado, David G ^a   Fernández Medina, Eduardo ^a   López, Javier ^b   Piattini, Mario ^a  

^a UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

^b UNIVERSITY OF MÁLAGA   (Spain)

Author keywords

Requirements Analysis; Reusable use cases; Secure mobile Grid development; Security

Indexed keywords

DEVELOPMENT METHODOLOGY; DEVELOPMENT PROCESS; MOBILE GRID; MOBILE USERS; NON-FUNCTIONAL REQUIREMENTS; REQUIREMENTS ANALYSIS; SECURITY REQUIREMENTS; SOFTWARE DEVELOPMENT; SYSTEMATIC PROCESS; TECHNOLOGICAL ENVIRONMENT;

COMPUTER SOFTWARE; GLOBAL SYSTEM FOR MOBILE COMMUNICATIONS; REQUIREMENTS ENGINEERING;

GRID COMPUTING;

EID: 77949490964     PISSN: 09505849     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.infsof.2010.01.002     Document Type: Article

References (65)

1. C. Artelsmair, R. Wagner, Towards a security engineering process, in: The 7th World Multiconference on Systemics, Cybernetics and Informatics, Orlando, Florida, USA, 2003.
2. D. Basin, J. Doser, SecureUML: a UML-based modeling language for model-driven security, in: 5th International Conference on the Unified Modeling Language, Lecture Notes in Computer Science 2460, 2002.
3. Basin D., Doser J., and Lodderstedt T. Model driven security for process-oriented systems. ACM Symposium on Access Control Models and Technologies (2003), ACM Press, Como, Italy
4. Bass L., Bachmann F., Ellison R.J., Moore A.P., and Klein M. Security and survivability reasoning frameworks and architectural design tactics. SEI (2004)
5. S. Bhanwar, S. Bawa, Securing a Grid, in World Academy of Science, Engineering and Technology, 2008.
6. P.G. Bradford, B.M. Grizzell, G.T. Jay, J.T. Jenkins, Cap. 4. Pragmatic Security for Constrained Wireless Networks, in Security in Distributed, Grid, Mobile, and Pervasive Computing, A. Publications, Editor, The University of Alabama, Tuscaloosa, USA, 2007, p. 440.
7. Bresciani P., Giorgini P., Giunchiglia F., Mylopoulos J., and Perin A. TROPOS: an agent-oriented software development methodology. Journal of Autonomous Agents and Multi-Agent Systems 8 3 (2004) 203-236
8. R. Breu, K. Burger, M. Hafner, J. Jürjens, G. Popp, V. Lotz, G. Wimmel, Key issues of a formally based process model for security engineering, in: International Conference on Software and Systems Engineering and their Applications, 2003.
9. J. Castro, M. Kolp, J. Mylopoulos, A requirements-driven development methodology, in: 13th Int. Conf. on Advanced Information Systems Engineering, CAiSE'01, 2001.
10. D'Ambrogio A., and Conticelli L. A UML profile for modeling software applications based on grid services. IASTED International Conference on Software Engineering (2008), ACTA Press
11. H. Dail, O. Sievert, F. Berman, H. Casanova, A. YarKhan, S. Vadhiyar, J. Dongarra, C. Liu, L. Yang, D. Angulo, I. Foster, Scheduling in the grid application development software project, in: Grid Resource Management: State Of The Art And Future Trends, 2004, p. 73-98.
12. V. Dehlen, J.Ø. Aagedal, A UML profile for modeling mobile information systems, in: Distributed Applications and Interoperable Systems - DAIS'07 (LNCS 4531), 2007.
13. C. Estay, J. Pastor, Towards the project-based action-research for information systems, in: 10th Annual Business and Information Technology Conference (BIT'2000), Manchester, United Kingdom, 2000.
14. Fernández-Medina E., Jurjens J., Trujillo J., and Jajodia S. Model-driven development for secure information systems. Information and Software Technology 51 5 (2009) 809-814
15. Fernández-Medina E., and Piattini M. Designing secure databases. Information and Software Technology 47 7 (2005) 463-477
16. I. Foster, C. Kesselman, J.M. Nick, S. Tuecke, The physiology of the grid: an open grid services architecture for distributed systems integration, Open Grid Service Infrastructure WG, Global Grid Forum, 2002.
17. Foster I., Kesselman C., Tsudik G., and Tuecke S. A security architecture for computational grids. 5th Conference on Computer and Communications Security (1998), ACM Press, San Francisco, USA
18. Foster I., Kesselman C., and Tuecke S. The anatomy of the grid: enabling scalable virtual organizations. 7th International Euro-Par Conference Manchester on Parallel Processing (2001), Springer-Verlag
19. Georg G., Ray I., Anastasakis K., Bordbar B., Toahchoodee M., and Houmb S.H. An aspect-oriented methodology for designing secure applications. Information and Software Technology 51 5 (2009) 846-864
20. Globus Project. .
21. D. Graham, Introduction to the CLASP Process, 2006.
22. V. Grassi, R. Mirandola, A. Sabetta, A UML profile to model mobile systems, in: UML 2004, LNCS 3273, 2004, p. 128-142.
23. GREDIA project. .
24. T. Guan, E. Zaluska, D.D. Roure, A grid service infrastructure for mobile devices, in: First International Conference on Semantics, Knowledge, an Grid (SKG 2005), Beijing, China, 2005.
25. C. Gutiérrez, E. Fernández-Medina, M. Piattini, Security requirements for web services based on SIREN, in: Symposium on Requirements Engineering for Information Security, Paris, France, 2005.
26. C.B. Haley, J.D. Moffet, R. Laney, B. Nuseibeh, A framework for security requirements engineering, in: Software Engineering for Secure Systems Workshop, Shangai, China, 2006.
27. M. Humphrey, M.R. Thompson, K.R. Jackson, Security for grids, Lawrence Berkeley National Laboratory, Paper LBNL-54853, 2005.
28. ISO/IEC 25010, Quality model (ISO/IEC 9126-1), 2009.
29. ISO/IEC, Information technology - guidelines for the management of IT security - Part 1: concepts and models for IT Security, 1996.
30. ITU, ITU_T Recommendation X.800. Security Architecture for Open Systems Interconnection for CCITT Applications, 1991.
31. I. Jacobson, G. Booch, J. Rumbaugh, The Unified Software Development Process. Addison-Wesley Professional, vol. 512,1999.
32. Jameel H., Kalim U., Sajjad A., Lee S., and Jeon T. Mobile-to-grid middleware: bridging the gap between mobile and grid environments. European Grid Conference EGC 2005 (2005), Springer, Amsterdam, The Netherlands
33. Jürjens J. Towards secure systems development with UMLsec in international conference of fundamental approaches to software engineering (FASE/ETAPS) (2001), Springer-Verlag, Genoa, Italy
34. Jürjens J. Secure Systems Development with UML (2004), Springer
35. Jürjens J., Schreck J., and Bartmann P. Model-based security analysis for mobile communications. International Conference on Software Engineering (2008), IEEE Computer Society, Leipzig, Germany
36. J. Jurjens, UMLsec: extending UML for secure systems development, in: 5th International Conference on the Unified Modeling Language (UML), Dresden, Germany, 2002.
37. Jurjens J. Using UMLsec and goal trees for secure systems development. Communications of the ACM 48 5 (2002) 1026-1030
38. Kolonay R., and Sobolewski M. Grid interactive service-oriented programming environment. Concurrent Engineering: The Worldwide Engineering Grid (2004), Press and Springer Verlag, Tsinghua, China
39. G. Kostopoulos, N. Sklavos, O. Koufopavlou, Cap. 10. State-of-the-Art Security in Grid Computing, in Security in Distributed, Grid, Mobile, and Pervasive Computing, A. Publications, Editor, The University of Alabama, Tuscaloosa, USA, 2007, p. 440.
40. Kruchten P. The Rational Unified Process: An Introduction. 2nd ed. (2000), Addison-Wesley p. 320
41. A. Litke, D. Skoutas, T. Varvarigou, Mobile grid computing: changes and challenges of resourse management in a mobile grid environment, in: 5th International Conference on Practical Aspects of Knowledge Management (PAKM 2004), 2004.
42. Lodderstedt T., Basin D., and Doser J.R. SecureUML: A UML-Based Modeling Language for Model-Driven Security (2002), Springer, Dresden, Germany
43. Mead N. Identifying security requirements using the SQUARE method. Integrating Security and Software Engineering: Advances and Future Visions (2006) 44-69
44. Mellado D., Fernández-Medina E., and Piattini M. A common criteria based security requirements engineering process for the development of secure information systems. Computer Standards & Interfaces 29 2 (2007) 244-253
45. Mellado D., Fernández-Medina E., and Piattini M. Security requirements engineering process for software product lines: a case study. The Third International Conference on Software Engineering Advances (2008), IEEE Computer Society, Sliema, Malta
46. H. Mouratidis, A security oriented approach in the development of multiagent systems: applied to the management of the health and social are needs of older people in England, University of Sheffield, 2004.
47. H. Mouratidis, P. Giorgini, Integrating security and software engineering: advances and future vision, IGI Global, 2006.
48. OMG, Software & Systems Process Engineering Meta-Model Specification (SPEM) 2.0, 2008.
49. Open Grid Forum, The open grid services architecture, Version 1.5, 2006.
50. G. Popp, J. Jürjens, G. Wimmel, R. Breu, Security-critical system development with extended use cases, in: Tenth Asia-Pacific Software Engineering Conference (APSEC'03), IEEE, 2003.
51. D.G. Rosado, E. Fernández-Medina, J. López. Applying a UML Extension to build Use Cases diagrams in a secure mobile Grid application. in 5th International Workshop on Foundations and Practices of UML, in: conjunction with the 28th International Conference on Conceptual Modelling, ER 2009, LNCS 5833, Gramado, Brasil, 2009.
52. Rosado D.G., Fernández-Medina E., and López J. Obtaining security requirements for a mobile grid system. International Journal of Grid and High Performance Computing 1 3 (2009) 1-17
53. D.G. Rosado, E. Fernández-Medina, J. López. Reusable security use cases for mobile grid environments, in: Workshop on Software Engineering for Secure Systems, in conjunction with the 31st International Conference on Software Engineering, Vancouver, Canada, 2009.
54. D.G. Rosado, E. Fernández-Medina, J. López, M. Piattini, Engineering process based on grid use cases for mobile grid systems. in: The Third International Conference on Software and Data Technologies - ICSOFT 2008, Porto, Portugal, 2008.
55. Rosado D.G., Fernández-Medina E., López J., and Piattini M. PSecGCM: process for the development of secure grid computing based systems with mobile devices. International Conference on Availability Reliability and Security (ARES 2008) (2008), IEEE Computer Society, Barcelona, Spain
56. D.G. Rosado, E. Fernández-Medina, J. López, M. Piattini, Towards an UML extension of reusable secure use cases for mobile grid systems, IEICE Transactions on Information and Systems, submitted for publication.
57. L. Røstad, An extended misuse case notation: including vulnerabilities and the insider threat, in: XII Working Conference on Requirements Engineering: Foundation for Software Quality, Luxembourg, 2006.
58. G. Sindre, A.L. Opdahl, Capturing security requirements by misuse cases, in: 14th Norwegian Informatics Conference (NIK'2001), Tromsø, Norway, 2001.
59. C. Steel, R. Nagappan, R. Lai, The alchemy of security design methodology, patterns, and reality checks, in: Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management. 2005, Prentice Hall PTR/Sun Micros, p. 1088. (Chapter 8).
60. Talukder A., and Yavagal R. Security issues in mobile computing. Mobile Computing (2006), McGraw-Hill Professional (Chapter 18)
61. Toval A., Nicolás J., Moros B., and García F. Requirements reuse for improving information systems security: a practitioner's approach. Requirements Engineering Journal 6 (2002) 205-219
62. Trujillo J., Soler E., Fernández-Medina E., and Piattini M. An engineering process for developing secure data warehouses. Information and Software Technology 51 6 (2009) 1033-1051
63. Welch V., Siebenlist F., Foster I., Bresnahan J., Czajkowski K., Gawor J., Kesselman C., Meder S., Pearlman L., and Tuecke S. Security for grid services. 12th IEEE International Symposium on High Performance Distributed Computing (HPDC-12 '03) (2003), IEEE Computer Society
64. Win B.D., Scandariato R., Buyens K., Grégoire J., and Joosen W. On the secure software development process: CLASP. SDL and Touchpoints compared. Information and Software Technology 51 7 (2009) 1152-1171
65. J. Yoder, J. Barcalow, Architectural patterns for enabling application security, in: 4th Conference on Patterns Language of Programming (PLop'97), Monticello, IL, USA, 1997.