Security and Dependability Engineering

Advances in Information Security

Volumn 45, Issue , 2009, Pages 21-36

  Jürjens, Jan ^a  

^a OPEN UNIVERSITY   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84874759719     PISSN: 15682633     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-88775-3_2     Document Type: Article

References (93)

1. Agreiter B, Alam M, Hafner M, Seifert J-P, and Zhang X (2007). Model driven configuration of secure operating systems for mobile applications in healthcare. In Sztipanovits et al. [83].
2. Alam M, Hafner M, and Breu R (2007). Model-driven security engineering for trust management in SECTET. Journal of Software, 2(1).
3. Alam M, Hafner M, Memon M, and Hung P (2007). Modeling and enforcing advanced access control policies in healthcare systems with SECTET. In Sztipanovits et al. [83].
4. Anderson R (2001). Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, New York.
5. Apvrille A and Pourzandi M (2005). Secure software development by example. IEEE Security & Privacy, 3(4):10-17.
6. Arenas A, Aziz B, Bicarregui J, Matthews B, and Yang EY (2008). Modelling security properties in a grid-based operating system with anti-goals. In ARES [42]: 1429-1436.
7. Basin DA, Clavel M, Doser J, Egea M (2007). A Metamodel-Based Approach for Analyzing Security-Design Models. MoDELS 2007: 420-435.
8. Breu R, Burger K, Hafner M, Jürjens J, Popp G, Wimmel G, Lotz V (2003). Key Issues of a Formally Based Process Model for Security Engineering. In Sixteenth Intern. Conference on Software & Systems Engineering & their Applications (ICSSEA 2003).
9. Baldwin A, Beres Y, Shiu S, and Kearney P (2006). A model based approach to trust, security and assurance. BT Technology Journal, 24(4):53-68.
10. Basin DA, Doser J, and Lodderstedt T (2006). Model driven security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol., 15(1): 39-91.
11. Bauer A and Jürjens J (2008). Security protocols, properties, and their monitoring. In Bart De Win, Seok-Won Lee, and Mattia Monga, editors, SESS: 33-40. ACM.
12. Best B, Jürjens J, and Nuseibeh B (2007). Model-based security engineering of distributed information systems using UMLsec. In ICSE. ACM.
13. Bhargavan K, Fournet C, Gordon AD, and Tse S (2006). Verified interoperable implementations of security protocols. In CSFW: 139-152. IEEE Computer Society.
14. Blobel B, Nordberg R, Davis JM, and Pharow P (2006). Modelling privilege management and access control. International Journal of Medical Informatics, 75(8): 597-623.
15. Blobel B and Pharow P (2007). A model-driven approach for the german health telematics architectural framework and security infrastructure. International Journal of Medical Informatics, 76(2-3): 169-175.
16. Boehm BW (1981). Software Engineering Economics. Prentice Hall, Englewood Cliffs, NJ.
17. Brucker AD, Doser J, and Wolff B (2006). A model transformation semantics and analysis methodology for SecureUML. In MoDELS 2006, volume 4199 of LNCS: 306-320. Springer.
18. Buchholtz M, Gilmore S, Haenel V, and Montangero C (2005). End-to-end integrated security and performance analysis on the DEGAS Choreographer Platform. In FM 2005, volume 3582 of LNCS: 286-301. Springer.
19. Crook R, Ince DC, Lin L, and Nuseibeh B (2002). Security requirements engineering: When anti-requirements hit the fan. In RE 2002: 203-205. IEEE.
20. Daskala B and Maghiros I (2007). D1gital Territ0ries-Towards the protection of public and private space in a digital and Ambient Intelligence environment. Institute for Prospective Technological Studies (IPTS).
21. Deubler M, Grünbauer J, Jürjens J, and Wimmel G (2004). Sound development of secure service-based systems. In ICSOC 2004: 115-124. ACM.
22. Devanbu P and Stubblebine S (2000). Software engineering for security: a roadmap. In The Future of Software Engineering (ICSE 2000): 227-239.
23. Dimitrakos T, Ritchie B, Raptis D, Aagedal JØ, den Braber F, Stølen K, and Houmb SH (2002). Integrating model-based security risk management into ebusiness systems development: The CORAS approach. In Second IFIP Conference on E-Commerce, E-Business, E-Government (I3E 2002): 159-175. Kluwer.
24. Eckert C and Marek D (1997). Developing secure applications: A systematic approach. In 13th International Conference on Information Security (SEC 1998): 267-279.
25. Elahi G and Yu E (2007). A goal oriented approach for modeling and analyzing security trade-offs. In ER 2007, volume 4801 of LNCS: 375-390. Springer.
26. Fernandez EB and Hawkins JC (1997). Determining role rights from use cases. In Workshop on Role-Based Access Control: 121-125. ACM.
27. Fernandez EB, Larrondo-Petrie MM, Sorgente T, and Van Hilst M (2006). A methodology to develop secure systems using patterns. In H Mouratidis and P Giorgini, editors, Integrating security and software engineering: Advances and future vision, chapter 5: 107-126. IDEA Press.
28. Fernández-Medina E and Piattini M (2004). Extending OCL for secure database development. In UML 2004, LNCS: 380-394. Springer.
29. Flechais I, Mascolo C, and Sasse MA (2007). Integrating security and usability into the requirements and design process. International Journal of Electronic Security and Digital Forensics, 1(1):12-26.
30. Model-driven security: Enabling a real-time, adaptive security infrastructure. Gartner Briefing G00151498, 21 Sep. 2007.
31. Gilmore S, Haenel V, Kloul L, and Maidl M (2005). Choreographing security and performance analysis for web services. In EPEW/WS-FM 2005, volume 3670 of LNCS: 200-214. Springer.
32. Giorgini P, Massacci F, and Mylopoulos J (2003). Requirement engineering meets security: A case study on modelling secure electronic transactions by VISA and Mastercard. In I.-Y. Song, S.W. Liddle, T.W. Ling, and P Scheuermann, editors, 22nd International Conference on Conceptual Modeling (ER 2003), volume 2813 of LNCS: 263-276. Springer.
33. Giorgini P, Massacci F, Mylopoulos J, and Zannone N (2005). Modeling security requirements through ownership, permission and delegation. In RE: 167-176. IEEE Computer Society.
34. Gollmann D (2000). On the verification of cryptographic protocols-a tale of two committees. In S Schneider and P Ryan, editors, Workshop on Security Architectures and Information Flow, volume 32 of ENTCS. Elsevier.
35. Goubault-Larrecq J and Parrennes F (2005). Cryptographic protocol analysis on real c code. In VMCAI'05, LNCS. Springer.
36. Gürgens S and Peralta R (2000). Validation of cryptographic protocols by efficient automated testing. In James N. Etheredge and Bill Z. Manaris, editors, FLAIRS Conference: 7-12. AAAI Press.
37. Haley CB, Laney RC, Moffett JD, and Nuseibeh B (2008). Security requirements engineering: A framework for representation and analysis. IEEE Trans. Software Eng., 34(1):133-153.
38. Haneberg D, Reif W, and Stenzel K (2002). A method for secure smartcard applications. In Hélène Kirchner and Christophe Ringeissen, editors, AMAST, volume 2422 of Lecture Notes in Computer Science: 319-333. Springer.
39. Heldal R and Hultin F (2003). Bridging model-based and language-based security. In E Snekkenes and D Gollmann, editors, 8th European Symposium on Research in Computer Security (ESORICS 2003), volume 2808 of LNCS: 235-252. Springer.
40. Höhn S and Jürjens J (2008). Rubacon: automated support for model-based compliance engineering. In Robby, editor, ICSE: 875-878. ACM.
41. Houmb SH, Georg G, France RB, Bieman JM, and Jürjens J (2005). Cost-benefit trade-off analysis using BBN for aspect-oriented risk-driven development. In ICECCS: 195-204. IEEE Computer Society.
42. IEEE. 3rd Int Conference on Availability, Reliability and Security (ARES 2008), 2008.
43. Jayaram KR and Mathur A (2005). Software engineering for secure software-state of the art: A survey. Technical Report CERIAS-TR-2005-67, SERC-TR-279, CERIAS, Purdue.
44. Jürjens J (2000). Secure information flow for concurrent processes. In C Palamidessi, editor, CONCUR 2000 (11th International Conference on Concurrency Theory), volume 1877 of LNCS: 395-409. Springer.
45. Jürjens J (2001). Secrecy-preserving refinement. In International Symposium on Formal Methods Europe (FME), volume 2021 of LNCS: 135-152. Springer.
46. Jürjens J (2001). Towards development of secure systems using UMLsec. In H Hußmann, editor, 4th International Conference on Fundamental Approaches to Software Engineering (FASE), volume 2029 of LNCS: 187-200. Springer. Also Oxford University Computing Laboratory TR-9-00 (November 2000), http://web.comlab.ox.ac.uk/oucl/publications/tr/tr-9-00.html.
47. th Int Conf on the Unified Modeling Language (UML), LNCS. Springer.
48. Jürjens J (2002). Formal Semantics for Interacting UML subsystems. In Formal Methods for Open Object-Based Distributed Systems (FMOODS 2002), IFIP, Kluwer: 29-43.
49. Jürjens J, Shabalin P (2004). Automated Verification of UMLsec Models for Security Requirements. In 7th Intern. Conference on The Unified Modeling Language (UML 2004), Lecture Notes in Computer Science: 142-155. Springer.
50. Jürjens J (2005). Secure Systems Development with UML. Springer.
51. Jürjens J (2005). Sound methods and effective tools for model-based security engineering with UML. In 27th Int Conf on Softw Engineering. IEEE.
52. Jürjens J (2006). Security analysis of crypto-based Java programs using automated theorem provers. In S Easterbrook and S Uchitel, editors, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE 2006). ACM.
53. Jürjens J (2009). A domain-specific language for cryptographic protocols based on streams. To appear, Journal of Logic and Algebraic Programming (JLAP): 54-73.
54. Jürjens J and Rumm R (2008). Model-based security analysis of the German Health Card architecture. Methods of Information in Medicine, vol. 47, 5: 409-416. Special section on Model-based Development of Trustworthy Health Information Systems.
55. Jürjens J and Shabalin P (2007). Tools for secure systems development with UML. Intern. Journal on Software Tools for Technology Transfer, 9(5-6):527-544. Invited submission to the special issue for FASE 2004/05.
56. Jürjens J, Wimmel G (2001). Security Modelling for Electronic Commerce: The Common Electronic Purse Specifications. In Towards the E-Society: E-Commerce, E-Business, and E-Government. Intern. Federation for Information Processing (IFIP), Kluwer Academic Publishers: 489-506. First IFIP Conference on E-Commerce, E-Business, and E-Government (I3E 2001).
57. Jürjens J and Yampolskiy M(2005). Code security analysis with assertions. In D.F. Redmiles, T Ellman, and A Zisman, editors, 20th IEEE/ACM International Conference on Automated Software Engineering (ASE 2005): 392-395. ACM.
58. Kearney P and Brügger L (2007). A risk-driven security analysis method and modeling language. BT Technology Journal, 25(1).
59. Koch M and Parisi-Presicce F (2006). UML specification of access control policies and their formal verification. Software and System Modeling, 5(4):429-447.
60. Kolarczyk S, Koch M, Löhr K-P, and Pauls K (2006). SecTOOL-supporting requirements engineering for access control. In Günter Müller, editor, ETRICS, volume 3995 of Lecture Notes in Computer Science: 254-267. Springer.
61. Lotz V (1997). Threat scenarios as a means to formally develop secure systems. Journal of Computer Security, 5(1):31-68.
62. Maña A, Montenegro JA, Rudolph C, and Vivas JL (2003). A business process-driven approach to security engineering. In DEXA Workshops: 477-481. IEEE Computer Society.
63. Maña A, Rudolph C, Spanoudakis G, Lotz V, Massacci F, Melideo M, and López-Cobo J-M (2006). Security engineering for Ambient Intelligence: A manifesto. In H Mouratidis, editor, Integrating Security and Software Engineering: Advances and Future Vision. Idea Group.
64. Massacci F, Mylopoulos J, and Zannone N (2007). Computer-aided support for secure tropos. Autom. Softw. Eng., 14(3):341-364.
65. Mathe J, Duncavage S, Werner J, Malin B, Ledeczi A, and Sztipanovits J (2007). Implementing a model-based design environment for clinical information systems. In Sztipanovits et al. [83].
66. McGraw G (2006). Software Security: Building Security In. Addison Wesley.
67. Méry D and Merz S (2007). Specification and refinement of access control. J. UCS, 13(8):1073-1093.
68. Moebius N, Haneberg D, Reif W, and Schellhorn G (2007). A modeling framework for the development of provably secure e-commerce applications. In ICSEA: 8. IEEE Computer Society.
69. Mouratidis H, Giorgini P, and Manson GA (2003). Integrating security and systems engineering: Towards the modelling of secure information systems. In J Eder andMMissikoff, editors, 15th International Conference on Advanced Information Systems Engineering (CAiSE 2003), volume 2681 of LNCS: 63-78. Springer.
70. Mouratidis H, Jürjens J, and Fox J (2006). Towards a comprehensive framework for secure systems development. In 18th International Conference on Advanced Information Systems Engineering (CAiSE 2006), LNCS. Springer.
71. Pironti A, Sisto R (2008). Soundness Conditions for Message Encoding Abstractions in Formal Security Protocol Models. In ARES 2008: 72-79.
72. Ray I, France RB, Li N, and Georg G (2004). An aspect-based approach to modeling access control concerns. Information & Software Technology, 46(9):575-587.
73. Redwine S (2007). Introduction to modeling tools for software security. In: Build Security In-Setting a Higher Standard for Software Assurance. Software Engineering Institute (SEI), Carnegie Mellon University. Available at https://buildsecurityin.uscert.gov/daisy/bsi/articles/tools/modeling/698-BSI.html.
74. Rosado DG, Fernández-Medina E, Piattini M, and Gutiérrez C (2006). A study of security architectural patterns. In ARES: 358-365. IEEE Computer Society.
75. Saltzer J and Schroeder M (1975). The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308.
76. Santen T (2006). Stepwise development of secure systems. In Janusz Górski, editor, SAFECOMP, volume 4166 of Lecture Notes in Computer Science: 142-155. Springer.
77. Santen T, Heisel M, and Pfitzmann A (2002). Confidentiality-preserving refinement is compositional-sometimes. In Dieter Gollmann, Günter Karjoth, and Michael Waidner, editors, ESORICS, volume 2502 of Lecture Notes in Computer Science: 194-211. Springer.
78. Schneider F, editor (1999). Trust in Cyberspace. National Academy Press, Washington, DC. Available at http://www.nap.edu/readingroom/books/trust.
79. Seehusen F and Stølen K (2006). Information flow property preserving transformation of UML interaction diagrams. In David F. Ferraiolo and Indrakshi Ray, editors, SACMAT: 150-159. ACM.
80. Sindre G and Opdahl AL (2005). Eliciting security requirements with misuse cases. Requir. Eng., 10(1):34-44.
81. Siveroni I, Zisman A, and Spanoudakis G (2008). Property specification and static verification of UML models. In 3rd International Conference on Availability, Reliability, and Security (ARES'08).
82. Spanoudakis G, Kloukinas C, and Androutsopoulos K (2007). Towards security monitoring patterns. In SAC: 1518-1525. ACM.
83. Sztipanovits J, Breu R, Ammenwerth E, Bajcsy R, Mitchell JC, and Pretschner A, editors (2007). Workshop on Model-based Trustworthy Health Information Systems (MOTHIS@Models).
84. UMLsec group. Security analysis tool, 2004. http://www.umlsec.org.
85. Whittle J, Wijesekera D, and Hartong M (2008). Executable misuse cases for modeling security concerns. In ICSE 2008.
86. Whyte B and Harrison J (2008). Secure software development-a white paper. Knowledge Transfer Network on Cyber Security, UK. Available at http://www.ktn.qinetiqtim.net/content/files/groups/securesoft/SSDSIGsoftwareSecurityFailures.pdf.
87. Wimmel G and Jürjens J (2002). Specification-based test generation for security-critical systems using mutations. In International Conference on Formal Engineering Methods (ICFEM), volume 2495 of LNCS: 471-482. Springer.
88. Wirsing M (2008). Software engineering for secure software-intensive systems. Consultation meeting on"Engineering Secure Software Systems" in the context of the preparation of the EU FP7 ICT work programme 2009-2010, Brussels. Presentation available at ftp://ftp.cordis.europa.eu/pub/fp7/ict/docs/security/20080423-martinwirsing-lmu-munich_en.pdf.
89. Woodside M, Petriu DC, Petriu DB, Xu J, Israr T, Georg G, France R, Bieman JM, Houmb SH, and Jürjens J (2008). Performance analysis of security aspects by weaving scenarios from UML models. Journal of Systems and Software, vol. 82, 1: 56-74.
90. Yoshioka N, Honiden S, and Finkelstein A (2004). Security patterns: A method for constructing secure and efficient inter-company coordination systems. In EDOC: 84-97.
91. Yskout K, Scandariato R, De Win B, and Joosen W (2008). Transforming security requirements into architecture. In ARES [42]: 1421-1428.
92. Yu Y, Jürjens J, and Mylopoulos J (2008). Traceability for the maintenance of secure software. In 24th International Conference on Software Maintenance (ICSM). IEEE.
93. Zhang G, Baumeister H, Koch N, and Knapp A (2005). Aspect-oriented modeling of access control in web applications. In 6th International Workshop on Aspect-Oriented Modeling.