International journal of secure software engineering最新文献

{"title":"Modelling Security Using Trust Based Concepts","authors":"Michalis Pavlidis, H. Mouratidis, Shareeful Islam","doi":"10.4018/jsse.2012040102","DOIUrl":"https://doi.org/10.4018/jsse.2012040102","url":null,"abstract":"Security modelling and analysing not only require solving technical problems but also reasoning on the organization as a whole for the development of a secure system. Assumptions exist about trust relationships among actors within the system environment, which play an important role in modelling and analysing security. Such assumptions are critical and must be analysed systematically for ensuring the overall system security. In this paper, the authors introduce trust-based concepts to identify these trust assumptions, and integrate the trust concepts with security concepts for the development of secure software systems. For this purpose, Secure Tropos' security modelling activities are extended with trust modelling activities based on the trust-based concepts. The CASE tool SecTro was extended to include the notation of the trust-based concepts to support the methodology. Finally, a running example from the UK National Health Service NHS domain is used to demonstrate how trust can be used for security modelling.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"34 1","pages":"36-53"},"PeriodicalIF":0.0,"publicationDate":"2012-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87328837","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Attribute Decoration of Attack-Defense Trees","authors":"A. Bagnato, Barbara Kordy, P. H. Meland, P. Schweitzer","doi":"10.4018/jsse.2012040101","DOIUrl":"https://doi.org/10.4018/jsse.2012040101","url":null,"abstract":"Attack-defense trees can be used as part of threat and risk analysis for system development and maintenance. They are an extension of attack trees with defense measures. Moreover, tree nodes can be decorated with attributes, such as probability, impact, and penalty, to increase the expressiveness of the model. Attribute values are typically assigned based on cognitive estimations and historically recorded events. This paper presents a practical case study with attack-defense trees. First, the authors create an attack-defense tree for an RFID-based goods management system for a warehouse. Then, they explore how to use a rich set of attributes for attack and defense nodes and assign and aggregate values to obtain condensed information, such as performance indicators or other key security figures. The authors discuss different modeling choices and tradeoffs. The case study led them to define concrete guidelines that can be used by software developers, security analysts, and system owners when performing similar assessments.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"8 1","pages":"1-35"},"PeriodicalIF":0.0,"publicationDate":"2012-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88899383","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Software Security Engineering: Design and Applications","authors":"K. Khan","doi":"10.4018/IJSSE.2012010104","DOIUrl":"https://doi.org/10.4018/IJSSE.2012010104","url":null,"abstract":"","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"20 1","pages":"62-63"},"PeriodicalIF":0.0,"publicationDate":"2012-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73150598","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Improving Security and Safety Modelling with Failure Sequence Diagrams","authors":"A. Opdahl, Christian Raspotnig","doi":"10.4018/JSSE.2012010102","DOIUrl":"https://doi.org/10.4018/JSSE.2012010102","url":null,"abstract":"While security assessments of information systems are being increasingly performed with support of security modelling, safety assessments are still undertaken with traditional techniques such as Failure Mode and Effect Analysis (FMEA). As system modelling is becoming an increasingly important part of developing more safety critical systems, the safety field can benefit from security techniques that integrate system modelling and security aspects. This paper adapts an existing security modelling technique, Misuse Sequence Diagrams, to support failure analysis. The resulting technique, called Failure Sequence Diagrams, is used to support Failure Mode and Effect Analysis in an industrial setting. Based on the experiences, the authors suggest improvements both to traditional safety techniques and to security and safety modelling. DOI: 10.4018/jsse.2012010102 International Journal of Secure Software Engineering, 3(1), 20-36, January-March 2012 21 Copyright © 2012, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. lack. Common to the security and safety fields is that important security and safety aspects must be communicated amongst stakeholders during the information systems development. If communication fails, it can lead to fatal mishaps and to useless systems. We have therefore investigated how to use a security modelling technique in combination with a traditional safety technique in an industrial setting. For security modelling technique, we propose Failure Sequence Diagrams (FSD), which adapts Misuse sequence diagrams (MUSD) to failure analysis. We chose MUSD as our starting point because it has been shown to be well suited for visualizing interactions between system components during an intrusion (Katta, Karpati, Opdahl, Raspotnig, & Sindre, 2010). For traditional safety technique, we use FMEA, which systematically addresses failure modes of components and investigates how they affect the system (Ericson, 2005). Our primary aim was to investigate whether FMEA could benefit from being combined with FSD for visualizing component interaction. We also wanted to investigate whether this could somehow improve security modelling with MUSD and to gain experiences from industrial use of FSD. Our research is part of a larger project, ReqSec – Requirements Engineering for Security, that investigates more broadly how modelling notations can be used to involve stakeholders in security requirements work (ReqSec project, 2008). To investigate how FSD can be used to support FMEA, we have conducted an empirical study in the Air Traffic Management (ATM) domain using research methods from case studies and field experiments. Our study shows that FSD can be used to support FMEA in at least three different ways: either using FMEA first before applying FSD to the results; using FSD first before summarize the results with FMEA; or, most beneficially in our case, using FSD and FMEA in parallel in a","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"8 1","pages":"20-36"},"PeriodicalIF":0.0,"publicationDate":"2012-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88713701","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analyzing Impacts on Software Enhancement Caused by Security Design Alternatives with Patterns","authors":"T. Okubo, H. Kaiya, Nobukazu Yoshioka","doi":"10.4018/IJSSE.2012010103","DOIUrl":"https://doi.org/10.4018/IJSSE.2012010103","url":null,"abstract":"Unlike functional implementations, it is difficult to analyze the impact on security of software enhancements. One of the difficulties is identifying the range of effects on existing software from new security threats, and the other is developing proper countermeasures. The authors propose an analysis method that uses two kinds of security patterns: security requirements patterns for identifying threats and security design patterns for identifying countermeasures at an action class level. With these two patterns and the conventional traceability methodology, developers can estimate and compare the amount of modifications needed for multiple security countermeasures. DOI: 10.4018/jsse.2012010103 38 International Journal of Secure Software Engineering, 3(1), 37-61, January-March 2012 Copyright © 2012, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited. the existing software effectively to enable the security without comprehensive knowledge about security. We cannot assume that all engineers have the knowledge in practice. Therefore, current secure development lifecycle methods are problematic for accomplishing software enhancements. It is important to estimate modification costs at the requirements stage of software enhancements for two main reasons. First, we need to consider changes in security requirements at this stage. We should avoid unnecessary countermeasures because security degrades other non-functional requirements such as development costs, performance, and usability. Additionally, we have to develop all important countermeasures. We should therefore identify major threats at the requirements stage to develop appropriate countermeasures. Second, we need to analyze the impact of identifying two or more countermeasures against a threat on the existing software. Security development involves costs that must be limited. This is why we need to estimate costs to choose a suitable security solution at the requirements stage. It is difficult to estimate what impact there will be on security without comprehensive knowledge about security, because it is hard to identify vulnerability of existing software to be modified and to grasp the effect on it without the knowledge. In addition, security concerns traverse the functionalities of existing software. There are two types of impact: horizontal impact on artifacts at the same stage and vertical impact on artifacts at a later stage. For example, suppose that we add credit card information to the user profiles of a Web shopping service to allow users to pay bills with their credit cards. As credit card information is an important asset, we need to consider a new threat, e.g., the risk of theft. It is hard to find where is vulnerability, such as vulnerability of a web protocol, to realize threats without knowledge. This threat impacts one or more functions in using user profiles, such as shopping carts, item recommendations, and edit","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"48 1","pages":"37-61"},"PeriodicalIF":0.0,"publicationDate":"2012-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"82449191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Formative User-Centered Evaluation of Security Modeling: Results from a Case Study","authors":"Sandra Trösterer, Elke Beck, F. Dalpiaz, E. Paja, P. Giorgini, M. Tscheligi","doi":"10.4018/jsse.2012010101","DOIUrl":"https://doi.org/10.4018/jsse.2012010101","url":null,"abstract":"Developing a security modeling language is a complex activity. Particularly, it becomes very challenging for Security Requirements Engineering (SRE) languages where social/organizational concepts are used to represent high-level business aspects, while security aspects are typically expressed in a technical jargon at a lower level of abstraction. In order to reduce this socio-technical mismatch and reach a high quality outcome, appropriate evaluation techniques need to be chosen and carried out throughout the development process of the modeling language. In this article, we present and discuss the formative user-centered evaluation approach, namely an evaluation technique that starts since the early design stages and actively involves end-users. We demonstrate the approach in a real case study presenting the results of the evaluation. From the gained empirical evidence, we may conclude that formative user-centered evaluation is highly recommended to investigate any security modeling language.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"26 1","pages":"1-19"},"PeriodicalIF":0.0,"publicationDate":"2012-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81844536","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Not Ready for Prime Time: A Survey on Security in Model Driven Development","authors":"Jostein Jensen, M. Jaatun","doi":"10.4018/JSSE.2011100104","DOIUrl":"https://doi.org/10.4018/JSSE.2011100104","url":null,"abstract":"Model Driven Development MDD is by many considered a promising approach for software development. This article reports the results of a systematic survey to identify the state-of-the-art within the topic of security in model driven development, with a special focus on finding empirical studies. The authors provide an introduction to the major secure MDD initiatives, but the survey shows that there is a lack of empirical work on the topic. The authors conclude that better standardization initiatives and more empirical research in the field is necessary before it can be considered mature.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"28 1","pages":"49-61"},"PeriodicalIF":0.0,"publicationDate":"2011-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85746224","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Security Evaluation of Service-Oriented Systems Using the SiSOA Method","authors":"Christian Jung, M. Rudolph, R. Schwarz","doi":"10.4018/JSSE.2011100102","DOIUrl":"https://doi.org/10.4018/JSSE.2011100102","url":null,"abstract":"The Service-Oriented Architecture paradigm SOA is commonly applied for the implementation of complex, distributed business processes. The service-oriented approach promises higher flexibility, interoperability and reusability of the IT infrastructure. However, evaluating the quality attribute security of such complex SOA configurations is not sufficiently mastered yet. To tackle this complex problem, the authors developed a method for evaluating the security of existing service-oriented systems on the architectural level. The method is based on recovering security-relevant facts about the system by using reverse engineering techniques and subsequently providing automated support for further interactive security analysis at the structural level. By using generic, system-independent indicators and a knowledge base, the method is not limited to a specific programming language or technology. Therefore, the method can be applied to various systems and adapt it to specific evaluation needs. The paper describes the general structure of the method, the knowledge base, and presents an instantiation aligned to the Service Component Architecture SCA specification.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"101 1","pages":"19-33"},"PeriodicalIF":0.0,"publicationDate":"2011-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79381053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Eliciting Policy Requirements for Critical National Infrastructure Using the IRIS Framework","authors":"Shamal Faily, I. Flechais","doi":"10.4018/JSSE.2011100101","DOIUrl":"https://doi.org/10.4018/JSSE.2011100101","url":null,"abstract":"Despite existing work on dealing with security and usability concerns during the early stages of design, there has been little work on synthesising the contributions of these fields into processes for specifying and designing systems. Without a better understanding of how to deal with both concerns at an early stage, the design process risks disenfranchising stakeholders, and resulting systems may not be situated in their contexts of use. This paper presents the IRIS process framework, which guides technique selection when specifying usable and secure systems. The authors illustrate the framework by describing a case study where the process framework was used to derive missing requirements for an information security policy for a UK water company following reports of the Stuxnet worm. The authors conclude with three lessons informing future efforts to integrate Security, Usability, and Requirements Engineering techniques for secure system design.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"157 1","pages":"1-18"},"PeriodicalIF":0.0,"publicationDate":"2011-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75386651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"JavaSPI: A Framework for Security Protocol Implementation","authors":"Matteo Avalle, A. Pironti, D. Pozza, R. Sisto","doi":"10.4018/JSSE.2011100103","DOIUrl":"https://doi.org/10.4018/JSSE.2011100103","url":null,"abstract":"This paper presents JavaSPI, a \"model-driven\" development framework that allows the user to reliably develop security protocol implementations in Java, starting from abstract models that can be verified formally. The main novelty of this approach stands in the use of Java as both a modeling language and the implementation language. The JavaSPI framework is validated by implementing a scenario of the SSL protocol. The JavaSPI implementation can successfully interoperate with OpenSSL, and has comparable execution time with the standard Java JSSE library.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"76 1","pages":"34-48"},"PeriodicalIF":0.0,"publicationDate":"2011-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89828054","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}