Lightweight modeling and analysis of security concepts

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 6542 LNCS, Issue , 2011, Pages 128-141

  Eichler, Jörn ^a  

^a FRAUNHOFER INSTITUTE FOR SECURE INFORMATION TECHNOLOGY SIT   (Germany)

Author keywords

DSML; Information Security Management; Risk Assessment; Security Engineering

Indexed keywords

DSML; INFORMATION SECURITY MANAGEMENT; INFORMATION SECURITY MANAGEMENTS; MODELING AND ANALYSIS; MODELING RESULTS; OPEN FRAMEWORKS; SECURITY ENGINEERING; MODEL AND ANALYSIS; MODEL RESULTS; ORGANIZATIONAL PERSPECTIVES;

INDUSTRIAL MANAGEMENT; MODELS; RATING; RISK ASSESSMENT; SECURITY SYSTEMS; SECURITY OF DATA;

SECURITY OF DATA; RISK ASSESSMENT;

EID: 79551516193     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-19125-1_10     Document Type: Conference Paper

References (31)

1. Alberts, C., Dorofee, A., Stevens, J., Woody, C.: OCTAVE®-S implementation guide, version 1.0 (2005), http://www.sei.cmu.edu/reports/ 04hb003.pdf
2. Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley & Sons, Chichester (2001)
3. Bartels, C., Kelter, H., Oberweis, R., Rosenberg, B.: Technical guidelines for the secure use of RFID - application area trade logistics. Tech. Rep. TR 03126-4, Bundesamt für Sicherheit in der Informationstechnik (2009)
4. Bartsch, S., Sohr, K., Bormann, C.: Supporting agile development of authorization rules for SME applications. In: Bertino, E., Joshi, J.B.D. (eds.) CollaborateCom 2008. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 10, pp. 461-471. Springer, Heidelberg (2009)
5. Basin, D., Clavel, M., Doser, J., Egea, M.: Automated analysis of security-design models. Information and Software Technology 51(5), 815-831 (2009)
6. Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39-91 (2006)
7. den Braber, F., Hogganvik, I., Lund, M., Stølen, K., Vraalsen, F.: Model-based security analysis in seven steps - a guided tour to the CORAS method. BT Technology Journal 25(1), 101-117 (2007) (Pubitemid 46455705)
8. Bundesamt für Sicherheit in der Informationstechnik: BSI-Standard 100-2: IT-Grundschutz methodology (2008), https://www.bsi.bund.de/cae/servlet/ contentblob/471430/publicationFile/27993/standard-100-2-e-pdf.pdf
9. Österreich, B.: Österreichisches Informationssicherheitshandbuch (2007), http://www.a-sit.at/pdfs/OE-SIHA-I-II- V2-3-2007-05-23.pdf
10. Chivers, H., Paige, R., Ge, X.: Agile security using an incremental security architecture. In: Baumeister, H., Marchesi, M., Holcombe, M. (eds.) XP 2005. LNCS, vol. 3556, pp. 57-65. Springer, Heidelberg (2005)
11. Club de la Sécurité Informatique Français (CLUSIF): Méthodologie d'Analyse des Risques Informatiques et d'Optimisation par Niveau, MEHARI (2010)
12. Direction Centrale de la Sécurité des Systèmes d'Information, Premier Ministre: Expression des Besoins et Identification des Objectifs de Sécurité (EBIOS) - Méthode de Gestion des Risques (2010), http://www.ssi.gouv.fr/IMG/pdf/EBIOS-1-GuideMethodologique- 2010-01-25.pdf
13. Ekelhart, A., Fenz, S., Neubauer, T.: AURUM: A framework for supporting information security risk management. In: Proceedings of the 42nd Hawaii International Conference on System Sciences (2009)
14. European Network and Information Security Agency: Risk assessment and risk management methods: Information packages for small and medium sized enterprises, SMEs (2006), http://www.enisa.europa.eu/act/rm/files/deliverables/ information-packages-for-small-and-medium-sizedenterprises-smes/at-download/ fullReport
15. Evans, R., Tsohou, A., Tryfonas, T., Morgan, T.: Engineering secure systems with ISO 26702 and 27001. In: 5th International Conference on System of Systems Engineering (2010)
16. Gesellschaft für Telematikanwendungen der Gesundheitskarte mbH: Übergreifendes Sicherheitskonzept der Telematikinfrastruktur (2008), http://www.gematik.de/upload/gematik-DS-Sicherheitskonzept-V2.4.0-4493.zip
17. Houmb, S., Islam, S., Knauss, E., Jürjens, J., Schneider, K.: Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec. Requirements Engineering 15(1), 63-93 (2009)
18. ISO/IEC: ISO/IEC 13335-1: Information technology - security techniques - management of information and communications technology security - part 1: Concepts and models for information and communications technology security management (2004)
19. ISO/IEC: ISO/IEC 27001: Information technology - security techniques - information security management systems - requirements (2005)
20. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)
21. Kleppe, A.: Software Language Engineering: Creating Domain-Specific Languages Using Metamodels. Addison-Wesley Professional, Reading (2008)
22. Laforet, S., Tann, J.: Innovative characteristics of small manufacturing firms. Journal of Small Business and Enterprise Development 13(3), 363-380 (2006) (Pubitemid 44263410)
23. Mayer, N., Heymans, P., Matulevicius, R.: Design of a modelling language for information system security risk management. In: Proceedings of the 1st International Conference on Research Challenges in Information Science, pp. 121-131 (2007)
24. Ministerie van Binnenlandse Zaken en Koninkrijksrelaties: Afhankelijkheids- en kwetsbaarheidsanalyse (1996)
25. Normand, V., Félix, E.: Toward model-based security engineering: developing a security analysis DSML. In: Proceedings of the First International Workshop on Security in Model Driven Architecture, SEC-MDA (2009)
26. Object Management Group: Object constraint language (OCL) specification (2006), http://www.omg.org/spec/OCL/2.0/
27. Rodríguez, A., Fernández-Medina, E., Piattini, M.: Towards CIM to PIM transformation: From secure business processes defined in BPMN to use-cases. In: Alonso, G., Dadam, P., Rosemann, M. (eds.) BPM 2007. LNCS, vol. 4714, pp. 408-415. Springer, Heidelberg (2007)
28. Standards Australia/Standards New Zealand: AS/NZS 4360:2004: Risk management (2004)
29. Talhi, C., Mouheb, D., Lima, V., Debbabi, M., Wang, L., Pourzandi, M.: Usability of security specification approaches for UML design: A survey. Journal of Object Technology 8(6), 103-122 (2009)
30. Wolter, C., Menzel, M., Schaad, A., Miseldine, P., Meinel, C.: Model-driven business process security requirement specification. Journal of Systems Architecture 55(4), 211-223 (2009)
31. Zambon, E., Etalle, S., Wieringa, R., Hartel, P.: Model-based qualitative risk assessment for availability of IT infrastructures. In: Software and Systems Modeling, pp. 1-28 (2010)