Model-driven development meets security: An evaluation of current approaches

Proceedings of the Annual Hawaii International Conference on System Sciences

Volumn , Issue , 2011, Pages

  Kasal, Kresimir ^a   Heurix, Johannes ^b   Neubauer, Thomas ^b  

^a SBA Research   (Austria)

^b VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

[No Author keywords available]

Indexed keywords

ABSTRACTION LEVEL; ECONOMIC CONSEQUENCES; MODEL DRIVEN DEVELOPMENT; POSITION SECURITY; PROTECTION MECHANISMS; RESEARCH CHALLENGES; SECURITY INCIDENT; SECURITY ISSUES; SOFTWARE SYSTEMS;

COMPUTER SOFTWARE; SECURITY OF DATA; SYSTEMS SCIENCE;

SOFTWARE DESIGN;

EID: 79952916356     PISSN: 15301605     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/HICSS.2011.310     Document Type: Conference Paper

References (28)

1. P. T. Devanabu and S. Stubblebine, "Software engineering for security: a roadmap," in ICSE '00: Proceedings of the Conference on The Future of Software Engineering. ACM, 2000, pp. 227-239.
2. The Economist, "Cyberwarfare is becoming scarier," The Economist (US), 2007.
3. J. Juerjens, Secure Systems Development with UML. Springer, 2005.
4. E. Fernandez-Medina, J. Juerjens, J. Trujillo, and S. Jajodia, "Model-driven development for secure information systems," Information and Software Technology, 2008.
5. D. C. Schmidt, "Model-driven engineering," IEEE Computer, vol. 39, no. 2, 2006.
6. G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. Lopes, J.-M. Loingtier, and J. Irwin, "Aspect-oriented programming," pp. 220- 242, 1997.
7. J. Dehlinger and N. Subramanian, "Architecting secure software systems using an aspect-oriented approach: A survey of current research," Iowa State University, Tech. Rep., 2006.
8. J. Juerjens, "UMLsec: Extending UML for secure systems development," in UML '02: Proceedings of the 5th International Conference on The Unified Modeling Language, 2002.
9. D. Basin, J. Doser, and T. Lodderstedt, "Model driven security for process-oriented systems," in SACMAT '03: Proceedings of the eighth ACM Symposium on Access control models and technologies. ACM, 2003, pp. 100-109.
10. L. Vigano, "Automated security protocol analysis with the AVISPA tool," Electronic Notes in Theoretical Computer Science, vol. 155, pp. 61-86, 2006.
11. A. Khwaja and J. Urban, "A synthesis of evaluation criteria for software specifications and specification techniques," International Journal of Software Engineering and Knowledge Engineering, 2002.
12. C. H. Weiss, Evaluation: Methods for Studying Programs and Policies. Prentice-Hall, 1998.
13. H. E. R., "Assumptions underlying evaluation models," Educational Researcher, 1978.
14. R. Villarroel, E. Fernandez-Medina, and M. Piattini, "Secure information systems development - a survey and comparison," Computers & Security, 2005.
15. J. Fox and J. Juerjens, "Introducing security aspects with model transformations," in ECBS '05: Proceedings of the 12th IEEE International Conference and Workshops on Engineering of Computer-Based Systems. IEEE Computer Society, 2005.
16. D. Coleman, G. Booch, D. Garlan, S. Iyengar, C. Kobryn, and V. Stavridou, "Is UML an architectural description language," 1999.
17. B. Best, J. Juerjens, and B. Nuseibeh, "Model-based security engineering of distributed information systems using UMLsec," in ICSE '07: Proceedings of the 29th international conference on Software Engineering, 2007.
18. J. Juerjens, "UML analysis tools, http://mcs.open.ac.uk/jj2924/ umlsectool/index.html,"
19. J. Juerjens, "Developing secure embedded systems: Pitfalls and how to avoid them," 2007.
20. H. Yu, D. Liu, X. He, L. Yang, and S. Gao, "Secure software architectures design by aspect orientation," in ICECCS '05: Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems. IEEE Computer Society, 2005, pp. 47-55.
21. B. Alpern, B. Alpera, F. B. Schneider, and F. B. Schneider, "Recognizing safety and liveness," Distributed Computing, vol. 2, pp. 117-126, 1987.
22. Z. J. Zhu and M. Zulkernine, "A model-based aspect-oriented framework for building intrusion-aware software systems," Information and Software Technology, 2008.
23. WASC, "Threat classification," Web Application Security Consortium, Tech. Rep., 2008. [Online]. Available: http://www.webappsec.org/ projects/threat
24. A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. H. Drielsma, P. Heam, O. Kouchnarenko, J. Mantovani, S. Moedersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Vigano, and L. Vigneron, "The AVISPA tool for the automated validation of internet security protocols and applications," in Lecture Notes in Computer Science 3576, 2005.
25. L. Lamport, "The temporal logic of actions," ACM Transactions on Programming Languages and Systems, vol. 16, pp. 872-923, 1994.
26. A. Valmari, "The state explosion problem," in Lectures on Petri Nets I: Basic Models, Advances in Petri Nets, the volumes are based on the Advanced Course on Petri Nets. London, UK: Springer Verlag, 1998, pp. 429-528.
27. M. Huth and M. Ryan, Logic in Computer Science. Cambridge University Press, 2004.
28. D. Jackson, Software abstractions: Logic, Language, and Analysis. The MIT Press, 2006.