Lin Liu,Eric Yu,John Mylopoulos

DOI: https://doi.org/10.1109/compsac.2006.159

2006-01-01

Abstract:Design for security is extremely complicated due to the unique nature of the issue. It requires a thorough understanding about the social setting of the security system. To obtain such understanding, sensible steps to take include identifying the players involved in the system, recognizing their personal preferences, agenda and power in relation to other players, identifying the assets being protected, the vulnerable points at which the systems may fail when attacked. Equally important is to taking rationale steps to predict most likely attackers, knowing their possible motivations, and capabilities enabled by latest the technologies and resource occupations. Only based on integrated analysis on both sides, rationale, informative and efficient tradeoffs on security can be made. Unfortunately, current system development practices treat design decisions on security in an adhoc way, often as an afterthought. This paper proposes to use social modeling concepts to analyze the business and organizational context of systems with regard to security. The main concepts used are actor, role, agent and goal, task, and resource dependencies between actors. The approach encompasses several analysis steps on the functional and non-functional requirements in relevance to security, thus integrating security into the system design process from the outset.

Linzhang Wang,Eric Wong,Dianxiang Xu

DOI: https://doi.org/10.1109/SESS.2007.2

2007-01-01

Abstract:In this paper, we propose a novel threat model-driven security testing approach for detecting undesirable threat behavior at runtime. Threats to security policies are modelled with UML (Unified Modeling Language) sequence diagrams. From a design-level threat model we extract a set of threat traces, each of which is an event sequence that should not occur during the system execution. The same threat model is also used to decide what kind of information should be collected at runtime and to guide the code instrumentation. The instrumented code is recompiled and executed using test cases randomly generated. The execution traces are collected and analyzed to verify whether the aforementioned undesirable threat traces are matched. If an execution trace is an instance of a threat trace, security violations are reported and actions should be taken to mitigate the threat in the system. Thus the linkage between models, code implementations, and security testing are extended to form a systematic methodology that can test certain security policies.

Yuhong Wen,Haihong Zhao,Lin Liu

DOI: https://doi.org/10.1109/RePa.2011.6046726

2011-01-01

Abstract:Security requirements analysis for business information systems in today's networked organization is difficult due to the complexity of the systems and the frequent change in the environment. Thus, it requires security knowledge to be explicitly represented, and well understood by system analysts and designer, which in turn being applied in feasible problem contexts. System requirements are often represented in modelling frameworks with different analytical focus, so security requirements knowledge shall reflect such difference and form an integrated treatment. This paper proposes to use modelling concepts from the i* and PF modeling language to capture recurring patterns of security problems. The main concepts used are actors, assets, and relations such as ownership and permissions. The major contribution of the approach is proposing the specific problem frames such as ownership, authorization, attack and protection, by decomposing a large problem into sub-problems (base frames), then evaluate the potential threats (attacking frames) applicable to each sub-problem by evaluate the compatibility of the two, security analysis is integrated into the system design process from the outset. The proposal can be generalized to the design of defensive measures as well as other NFR treatments. © 2011 IEEE.

Ming Huang,Yisha Lu,Qingkai Zeng

2010-01-01

Abstract:As the core of various security problems, software vulnerability is the main challenge in the information security field. Particularly, software vulnerability modeling is an actively defensive measure for software security, aiming to detect and eliminate the potential vulnerabilities before they have been exploited. In this paper, a structured and graphic method for modeling vulnerability is proposed. The method combines the advantages of existing methods to depict and reason about security vulnerabilities, which would be useful for a better understanding of the nature of vulnerabilities, and become an effective way to detect and prevent the software vulnerabilities. The practical application result shows that GSM could reveal some related information and properties that existing methods cannot find in the vulnerability databases in public.

YU Zhi-wei,TANG Ren-zhong

DOI: https://doi.org/10.3785/j.issn.1008-973x.2007.11.026

2007-01-01

Abstract:In order to overcome the shortcomings of the existing information system models,an information system security model was proposed to protect business activities and describe information systems from security view.Through analyzing the characteristic and security of information systems,this work presented the fundamental elements and their operation relationships,and the need,permit,can security constraints between the elements.The security relationships of the fundamental elements were described with formal method.The security model substantially reflects the security relationship between the assets of information systems,explicitly posts the essence that the information system supports the business operation,and clarities the relationship between business activities and the assets of information systems.Finally a case of security model of a manufacturing enterprise information system was given.

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy,Wahyudin P. Syam

DOI: https://doi.org/10.48550/arXiv.1203.6214

2012-03-28

Abstract:Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter and more structured. The case study illustrated provided to the reader with a set of guidelines, that aims easy understood and applicable as measuring tools for ISMS standards (ISO27001) compliance.

Cryptography and Security

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan,Mehmet Sabih Aksoy,Wahyudin P Syam

DOI: https://doi.org/10.48550/arXiv.1204.0240

2012-04-02

Abstract:Actually Information security becomes a very important part for the organization's intangible assets, so level of confidence and stakeholder trusted are performance indicator as successes organization. Since information security has a very important role in supporting the activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter and more structured. The case study illustrated provided to the reader with a set of guidelines, that aims easy understood and applicable as measuring tools for ISMS standards (ISO27001) compliance.

Cryptography and Security,Software Engineering

Deren Yang,Min Liu,Shengguo Wang

DOI: https://doi.org/10.1109/icsess.2012.6269442

2012-01-01

Abstract:As software are becoming more and more complex and platforms are increasing of diversity, software industry has faced some unprecedented challenges, such as interoperability. It is difficult to use objected-oriented methodology and traditional software paradigms to meet the challenges. Model Driven Architecture (MDA) has been proposed to solve the problems. In this paper, the principles, the advantages, the disadvantages, key techniques and some important issues of objected-oriented methodology and MDA are highlighted; the mechanism of combining objected-oriented methodology and MDA software paradigm is studied, especially the corresponding relations among models, domains, stages and languages are explored, and a modeling process for MDA is proposed. The research is helpful to apply MDA.

Deren Yang,Fulin Su,Tao Zhou

DOI: https://doi.org/10.1109/msna.2012.6324609

2012-01-01

Abstract:As a non-core element of UML, robustness analysis bridges the gap between analysis and design in software process, and it is a key technique to realize transformation and trace ability of models in software process. In this paper, the fundamental ideas of robustness analysis were highlighted. The compositions, essence, properties of robustness diagram were explored; and especially an interactive mechanism and corresponding principles for robustness diagram were proposed. The principles, models and corresponding properties of Model Driven Architecture (MDA) software paradigm were studied. And finally the mechanism of applying robustness analysis to MDA software paradigm was explored, the models' representations are detailed, and the way of using robustness diagram were specified. The research is useful to develop modeling tools based on MDA.

Nacha Chondamrongkul,Jing Sun,Ian Warren

DOI: https://doi.org/10.1016/j.scico.2021.102631

IF: 1.039

2021-01-01

Science of Computer Programming

Abstract:Analysing security in the architecture design of modern software systems is a challenging task. Emerging technologies utilised in building software systems may pose security threats, so software engineers need to consider both the structure and behaviour of architectural styles that employ these supporting technologies. This paper presents an automated approach to security analysis that helps to identify security characteristics at the architectural level. Key techniques used by our approach include the use of metrics, vulnerability identification and attack scenarios. Our modelling is expressive in defining architectural styles and security characteristics. Our analysis approach gives insightful results that allow software engineers to trace through the design to find parts of the system that may be impacted by attacks. We have developed an analysis tool that allows user to seamlessly model the software architecture design and analyse security. The evaluation has been conducted to assess the accuracy and performance of our approach. The results show that our analysis approach performs reasonably well to analyse the security in the architectural design. (C) 2021 Elsevier B.V. All rights reserved.

Bo Zhou,Curtis Maines,Stephen Tang,Qi Shi,Po Yan,Qiang Yang

DOI: https://doi.org/10.1109/tcss.2018.2878921

2018-01-01

IEEE Transactions on Computational Social Systems

Abstract:Social Internet-of-Things (SIoT) environment comprises not only smart devices but also the humans who interact with these IoT devices. The benefits of such system are overshadowed due to the cyber security issues. A novel approach is required to understand the security implication under such a dynamic environment while taking both the social and technical aspects into consideration. This paper addressed such challenges and proposed a 3-D security modeling platform that can capture and model the security requirements in the SIoT environment. The modeling process is graphical notation based and works as a security extension to the Business Process Model and Notation. Still, it utilizes the latest 3-D game technology; thus, the security extensions are generated through the third dimension. Consequently, the introduction of security extensions will not increase the complexity of the original SIoT scenario, while keeping all the key information on the same platform. Together with the proposed security ontology, these comprehensive security notations created a unique platform that aims at addressing the ever complicated security issues in the SIoT environment.

Ponciano Jorge Escamilla-Ambrosio,David Alejandro Robles-Ramírez,Theo Tryfonas,Abraham Rodríguez-Mota,Gina Gallegos-García,Moisés Salinas-Rosales,David Alejandro Robles-Ramirez,Abraham Rodriguez-Mota,Gina Gallegos-Garcia,Moises Salinas-Rosales

DOI: https://doi.org/10.1109/access.2021.3125979

IF: 3.9

2021-01-01

IEEE Access

Abstract:In this paper, an approach referred to as IoTsecM is proposed. This proposal is a UML/SysML extension for security requirements modeling within the analysis stage in a waterfall development life cycle in a Model-Based Systems Engineering Approach. IoTsecM allows the security requirements representation in two very well-known modeling languages, UML and SysML. With the utilization of this extension, IoT developers can consider the security requirements from the analysis stage in the design process of IoT systems. IoTsecM allows IoT systems to be designed considering possible threats and the corresponding security requirements analysis. The applicability of IoTsecM is demonstrated through applying it to analyze and represent the security requirements in an IoT real-life system in the context of collaborative autonomous vehicles in smart cities. In this use case, IoTsecM was able to represent the security requirements identified within the system architecture elements, in which all countermeasures identified were depicted using the proposed IoTsecM profile.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zhanqi Cui,Linzhang Wang,Xuandong Li,Dianxiang Xu

DOI: https://doi.org/10.1145/1529282.1529377

2009-01-01

Abstract:Dealing with crosscutting concerns has been a critical problem in software development processes. Aspect-Oriented Programming (AOP) provides a viable programming-level solution by separating crosscutting concerns from primary concerns. To facilitate handling crosscutting concerns at earlier software development phases, this paper proposes an aspect-oriented modeling and integration approach at the design level. In our approach, primary concerns are depicted with UML activity diagrams as primary models, whereas crosscutting concerns are described with aspectual extended activity diagrams as aspect models. Each aspect model consists of pairs of pointcut and advice model. Aspect models can be integrated into primary models automatically. To this end, a prototype tool called Jasmine-AOI has been implemented as an Eclipse plug-in. With the tool support, we have conducted two case studies, including 15 primary models and 8 aspect models. The case studies demonstrate that our approach can greatly facilitate reasoning about crosscutting concerns when a system is modeled with activity diagrams.

Fengyu Zhao,Xin Peng,Wenyun Zhao

DOI: https://doi.org/10.1109/icis.2009.80

2009-01-01

Abstract:In service oriented architecture (SOA) environment, the communication and infrastructure security is crucial. The most important specification addressing Web services security is WS-Security, which collaborates with the SOAP message specifications, providing integrity, confidentiality and authentication for Web services. However, WS-Security focuses SOAP message security between trusted partners. In SOA applications, there are other vulnerabilities which can be exploited to attack by anonymous customer or even trusted partners, and these vulnerabilities do not gain enough attention as WS-Security. Among them, denial-of-service (DoS) is one attack cluster, which exhausts computer and network resources and reduces the availability of Web services. Another one is sensitive data leakage in a specific application domain. In this paper, the security of SOA applications is viewed as the security domain and a three-tier domain was divided based on security domain analysis. For each security sub-domain, security requirement scenario and requirements are presented. The security domain models were given which can be used to build up security services for sub-domain. Based on security model and security service assets, which can evolve along with understanding on security domain, the developers can establish the security implementation for SOA application integration.

Lin Liu,Eric Yu,John Mylopoulos

2002-01-01

Abstract:Security issues for software systems ultimately concern relationships among social actors -- stakeholders, users, potential attackers, etc. -- and software acting on their behalf. In assessing vulnerabilities and mitigation measures, actors make strategic decisions to achieve desired levels of security while trading off competing requirements such as costs, performance, usability and so on. This paper explores the explicit modeling of relationships among strategic actors in order to elicit, identify and analyze security requirements. In particular, actor dependency analysis helps in the identification of attackers and their potential threats, while actor goal analysis helps to elicit the dynamic decision making process of system players for security issues. Patterns of relationships at various levels of abstraction (e.g. intentional dependencies among abstract roles) can be studied separately. These patterns can be selectively applied and combined for analyzing specific system configurations. The approach is particularly suitable for new Internet applications where layers of software entities and human roles interact to create complex security challenges. Examples from Peer-to-Peer computing are used to illustrate the proposed framework.

O. T. Arogundade,A. T. Akinwale,Z. Jin,X. G. Yang

DOI: https://doi.org/10.4018/jisp.2011100102

2011-01-01

International Journal of Information Security and Privacy

Abstract:This paper proposes an enhanced use-misuse case model that allows both safety and security requirements to be captured during requirements elicitation. The proposed model extends the concept of misuse case by incorporating vulnerable use case and abuse case notations and relations that allows understanding and modeling different attackers and abusers behaviors during early stage of system development life cycle and finishes with a practical consistent combined model for engineering safety and security requirements.The model was successfully applied using health care information system gathered through the university of Kansas HISPC project. The authors were able to capture both security and safety requirements necessary for effective functioning of the system. In order to enhance the integration of the proposed model into risk analysis, the authors give both textual and detailed description of the model. The authors compare the proposed approach with other existing methods that identify and analyze safety and security requirements and discovered that it captures more security and safety threats.

Vivek Nigam,Alexander Pretschner,Harald Ruess

DOI: https://doi.org/10.48550/arXiv.1810.04866

2018-10-11

Logic in Computer Science

Abstract:By exploiting the increasing surface attack of systems, cyber-attacks can cause catastrophic events, such as, remotely disable safety mechanisms. This means that in order to avoid hazards, safety and security need to be integrated, exchanging information, such as, key hazards/threats, risk evaluations, mechanisms used. This white paper describes some steps towards this integration by using models. We start by identifying some key technical challenges. Then we demonstrate how models, such as Goal Structured Notation (GSN) for safety and Attack Defense Trees (ADT) for security, can address these challenges. In particular, (1) we demonstrate how to extract in an automated fashion security relevant information from safety assessments by translating GSN-Models into ADTs; (2) We show how security results can impact the confidence of safety assessments; (3) We propose a collaborative development process where safety and security assessments are built by incrementally taking into account safety and security analysis; (4) We describe how to carry out trade-off analysis in an automated fashion, such as identifying when safety and security arguments contradict each other and how to solve such contradictions. We conclude pointing out that these are the first steps towards a wide range of techniques to support Safety and Security Engineering. As a white paper, we avoid being too technical, preferring to illustrate features by using examples and thus being more accessible.

Xue Wu,Chao Liu,Qingxin Xia

DOI: https://doi.org/10.1109/comcomap.2014.7017199

2014-01-01

Abstract:Safety requirements have commanded increasing attention as software is playing a more and more important role in today's safety critical systems. As many experts, scholars have found that the main reason for safety critical systems' accident is bad requirements which means inaccurate, incomplete or inconsistent requirements may lead to misunderstanding of the system and may cause a fault in software design and realization, and brought disaster to people or environment. The main reason of bad requirements is poor communication between safety engineers and requirements analysis engineers. Safety requirements essentially are requirements to protect the software system go into a danger state which will cause lost of life or asset or environment damage. Safety requirements deal with errors, faults that the system may come across. So In this paper, we combine fault protection concepts with safety requirements, and propose a model-based safety requirements modeling approach named Safety RUCM to describe safety requirements in order to reduce inaccurate, incomplete or inconsistent safety requirements and at the same time to enhance mutual understanding on safety requirements between safety.

Zhiming Liu,Jifeng He,Xiaoshan Li,Yifeng Chen

DOI: https://doi.org/10.1007/978-3-540-39893-6_36

2003-01-01

Abstract:This paper is towards the development of a methodology for object-oriented software development. The intention is to support effective use of a formal model for specifying and reasoning during the requirements analysis and design of a software development process. The overall purpose is to enhance the application of the Unified Modelling Language (UML) with a formal semantics in the Rational Unified Software Development Process (RUP). The semantic framework defines the meaning of some UML submodels. It identifies both the static and dynamic relationships among these submodels. Thus, the focus of this paper is the development of a semantic model to consistently combine a use-case model and a conceptual class diagram to form a system specification.