Risky trust: Risk-based analysis of software systems

SESS 2005 - Proceedings of the 2005 Workshop on Software Engineering for Secure Systems - Building Trustworthy Applications

Volumn , Issue , 2005, Pages

  Dwaikat, Zaid ^a,b   Parisi Presicce, Francesco ^b,c  

^a Systems and Software Consortium   (United States)

^b GEORGE MASON UNIVERSITY   (United States)

^c SAPIENZA UNIVERSITY OF ROME   (Italy)

Author keywords

Distrust; Risk analysis; Trust

Indexed keywords

APPLICATION PROGRAMS; COMPUTER SOFTWARE; RISK ANALYSIS; RISK ASSESSMENT; RISK PERCEPTION; SECURITY SYSTEMS; SOFTWARE ENGINEERING;

DECISION PROCESS; DISTRUST; INDIVIDUAL RISKS; SECURITY ENGINEERING; SECURITY REQUIREMENTS; SYSTEM COMPONENTS; TRUST; TRUST ASSUMPTIONS;

RISKS;

EID: 84882662991     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (20)

1. Alberts, C.J. , Dorofree A.J., Managing Information Security Risks: the OCTAVE Approach, Addison Wesley, July 2002.
2. Blakley, B., McDermott, E. and Geer, D., Information Security is Information Risk Management, Proceedings of the 2001 workshop on New security paradigms September 2001.
3. Devanbu, P., Fong, P.W., Stubblebine, S.G., Techniques for Trusted Software Engineering, Proceedings of the 20th International Conference on Software Engineering, Pages. 126-135, April 1998.
4. Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J. and Moody, K., Using Trust and Risk in Role-Based Access Control Policies, Proceedings of the ninth ACM symposium on Access control models and technologies, June 2004.
5. Dwaikat, Z., Parisi-Presicce, F., From Misuse Cases to Collaboration Diagrams in UML, Proceedings of the 3rd International Workshop on Critical Systems Development with UML, October 2004.
6. Grandison, T. and Sloman, M., A Survey of trust in internet applications, IEEE Communications Surveys and Tutorials 3 2000, pp. 2-16, 2004.
7. Grunbauer, J., Hollmann, H., Jurjens, J. and Wimmel, G., Modeling and Verification of Layered Security Protocols: A Bank Application, SAFECOMP 2003, LNCS 2788, pp. 116-129, 2003.
8. Guha, R., Kumar, R., Raghavan, P. and Tomkins A., Propagation of Trust and Distrust, Proceedings of the 13th international conference on WWW, May 2004.
9. Haley, C., Laney, R., Moffett, J., and Nuseibeh, B., Picking Battles: The Impact of Trust Assumptions on the Elaboration of Security Requirements, iTrust 2004, LNCS 2995, pp. 347-354, 2004.
10. Hoglund, G. and McGraw, G., Exploiting Software: How to break Code, Addison-Wesley, 2004.
11. Internet Engineering Task Force, RFC 2828, www.ietf.org
12. McGraw, G., Managing Software Security Risks, IEEE Computer , Vol. 35, Issue: 4, March 2002, Pages: 99-101.
13. Meyer, B., The Grand Challenge of Trusted Components, Proceeding of 25th ICSE, 2003, Pages. 660-667, May 2003.
14. Oheimb, D. and Lotz, V., Formal Security Analysis with Interacting State Machines, ESORICS 2002, LNCS 2502, pp. 212-229, 2002.
15. Ray, I. and Chakraborty, S., A Vector Model of Trust for Developing Trustworthy Systems, ESORIC 2004, LCNS 3139, pp. 260-275, 2004.
16. Schneider, F., Enforceable Security Policies, ACM Trans. On Information and System Security, Vol. 3, No. 1, Feb. 2000, pp. 30-50.
17. Stoneburner, G., Grogen, A., Dering, A., Risk Management Guide for Information Technology Systems, National Institute for Standards and Technology, SP 800-30.
18. Theodorakopoulos, G. and Baras, J., Trust Evaluation in Adhoc Networks, Proceedings of the 2004 ACM workshop on Wireless Security, October 2004.
19. Viega, J., Kohno, T. and Potter, B., Trust (and Mistrust) in Secure Applications, Communications of the ACM, Feb 2001, Vol. 44, No. 2.
20. Viega, J. and McGraw, G., Building Secure Software: How to Avoid Security Problems the Right Way, Addison-Wesley, 2001.