SecDSVL: A domain-specific visual language to support enterprise security modelling

Proceedings of the Australian Software Engineering Conference, ASWEC

Volumn , Issue , 2014, Pages 152-161

  Almorsy, Mohamed ^a   Grundy, John ^a  

^a SWINBURNE UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

Domain Specific Visual Language; model based security management; visual modelling tools

Indexed keywords

INDUSTRIAL MANAGEMENT; VISUAL LANGUAGES;

DOMAIN-SPECIFIC VISUAL LANGUAGE; ENTERPRISE SECURITY; ENTERPRISE SECURITY-MANAGEMENT; ENTERPRISE SYSTEM; EVALUATION EXPERIMENTS; SECURITY MANAGEMENT; STRUCTURED MODEL; VISUAL MODELLING;

SOFTWARE ENGINEERING;

EID: 84903533948     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ASWEC.2014.18     Document Type: Conference Paper

References (19)

1. International Organization for Standardization (ISO), "ISO/IEC 27000-Information technology-Security techniques-Information security management systems-Overview and vocabulary," ISO/IEC 27001:2005(E), 2009.
2. T. Lodderstedt, D. Basin, and J. Doser, "SecureUML: A UML-Based Modeling Language for Model-Driven Security," in Proc. of The 5th International Conference on The Unified Modeling Language, Dresden, Germany, 2002, pp. 426-441.
3. J. Jürjens, "Towards Development of Secure Systems Using UMLsec," in Fundamental Approaches to Software Engineering. vol. 2029, ed: Springer Berlin Heidelberg, 2001, pp. 187-200.
4. A. Lamsweerde, S. Brohez, and e. al, "System Goals to Intruder Anti-Goals: Attack Generation and Resolution for Security Requirements Engineering," in Proc. of the RE'03 Workshop on Requirements for High Assurance Systems, Monterey, 2003, pp. 49-56.
5. L. Liu, E. Yu, and J. Mylopoulos, "Secure: Engineering Secure Software Systems through Social Analysis," International Journal of Software and Informatics, vol. Vol. 3, pp. 89-120, 2009.
6. H. Mouratidis, J. Jürjens, and J. Fox, "Towards a Comprehensive Framework for Secure Systems Development," in Advanced Information Systems Engineering. vol. 4001, E. Dubois and K. Pohl, Eds., ed: Springer Berlin / Heidelberg, 2006, pp. 48-62.
7. M. Almorsy, J. Grundy, and A. S. Ibrahim, "MDSE@R: Model-Driven Security Engineering at Runtime," presented at the Proc. of the 4th International Symposium on Cyberspace Safety and Security Melbourne, Australia, 2012.
8. National Institute of standards and technology (NIST), "The Federal Information Security Management Act (FISMA)," Washington: U. S. Government Printing2002, http://csrc. nist. gov/ drivers/documents/FISMA-final. pdf, Accessed on August 2012.
9. C. Basile, A. Lioy, G. M. Perez, F. J. G. Clemente, and A. F. G. Skarmeta, "POSITIF: A Policy-Based Security Management System," in Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, 2007. POLICY '07, 2007, pp. 280-280.
10. B. Tsoumas and D. Gritzalis, "Towards an Ontologybased Security Management," presented at the Proc. of 20th International Conference on Advanced Information Networking and Applications-Volume 01, 2006.
11. P. Marek and J. Paulina, "The OCTAVE methodology as a risk analysis tool for business resources," presented at the Proc. of The 2006 International Multiconference Computer Science and Information Technology, 2006.
12. R. Fredriksen, M. Kristiansen, B. Gran, and K. Stølen, "The CORAS Framework for a Model-Based Risk Management Process," in Computer Safety, Reliability and Security. vol. 2434, S. Anderson, M. Felici, and S. Bologna, Eds., ed: Springer Berlin / Heidelberg, 2002, pp. 39-53.
13. H. Mouratidis, and P. Giorgini, "Secure Tropos: A security-oriented Extension of the Tropos Methodology," International Journal of Software Engineering and knowledge Engineering, 2007.
14. G. Sindre, and A. Opdahl, "Eliciting security requirements with misuse cases," Requir. Eng., vol. 10, pp. 34-44, 2005.
15. G. Elahi, E. Yu, and N. Zannone, "A vulnerabilitycentric requirements engineering framework: analyzing security attacks, countermeasures, and requirements based on vulnerabilities," Requir. Eng., vol. 15, pp. 41-62, 2010.
16. M. Almorsy, J. Grundy, and A. S. Ibrahim, "Adaptable, Model-driven Security Engineering for SaaS Cloud-based Applications," Automated Software Engineering Journal, vol. 29, 2013, pp1-38.
17. Common Criteria for Information Technology Security Evaluation, "Part 1: Introduction and general model, Version 3. 1," 2006, http://www. commoncriteriaportal. org/files/ccfiles/CC PART1V3. 1R1. pdf, Accessed on August 2013.
18. D. Moody, "The "Physics" of Notations: Toward a Scientific Basis for Constructing Visual Notations in Software Engineering," IEEE Transactions on Software Engineering, vol. 35, pp. 756-779, 2009.
19. M. Abi-Antoun and J. r. M. Barnes, "STRIDE-based security model in Acme," Technical Report CMUISR-10-106, Carnegie Mellon Univ., 2010. 2010.