Maintaining Results from Security Assessments Mass

Security assessments are costly and time consuming and cannot be carried out from scratch each time a system is updated or modified. This motivates the need for specific methodology addressing the maintenance of assessment results, in particular, and a componentoriented approach to security assessment in general. This paper presents such a methodology in the setting of model-based security assessment as developed by the EUproject CORAS. The main focus is on the maintenance

[1]  Daoud Ait Kadi,et al.  A STATE-OF-THE-ART REVIEW OF FMEA/FMECA , 1994 .

[2]  Bev Littlewood,et al.  A Reliability Model for Systems with Markov Structure , 1975 .

[3]  Yannis C. Stamatiou,et al.  Experiences from using model-based risk assessment to evaluate the security of a telemedicine application , .

[4]  C. M. Sperberg-McQueen,et al.  eXtensible Markup Language (XML) 1.0 (Second Edition) , 2000 .

[5]  Richard L. Craft,et al.  The Use of Object-Oriented Analysis Methods in Surety Analysis , 1999 .

[6]  Brian Ritchie,et al.  Integrating Model-based Security Risk Management into eBusiness Systems Development: The CORAS Approach , 2002, I3E.

[7]  Barbara Paech,et al.  Component-based product line engineering with UML , 2001, Addison Wesley object technology series.

[8]  Rick Kazman,et al.  Evaluating Software Architectures: Methods and Case Studies , 2001 .

[9]  Yu Liu,et al.  From UML to Design by Contract , 1999 .

[10]  Ivar Jacobson,et al.  The Unified Software Development Process , 1999 .

[11]  Ketil Stølen,et al.  Towards a UML Profile for Model-Based Risk Assessment , 2002 .

[12]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[13]  Elie Najm,et al.  Contracts for ODP , 1997, ARTS.

[14]  Paul Clements,et al.  Software product lines - practices and patterns , 2001, SEI series in software engineering.

[15]  Ketil Stølen,et al.  Model-based risk assessment to improve enterprise security , 2002, Proceedings. Sixth International Enterprise Distributed Object Computing.

[16]  Cliff B. Jones,et al.  Developing methods for computer programs including a notion of interference , 1981 .

[17]  Desmond D'Souza,et al.  Objects, Components, and Frameworks with UML: The Catalysis Approach , 1998 .

[18]  David Clark,et al.  Structuring and Design of Reactive Systems Using RSDS and B , 2000, FASE.

[19]  Thomas Peltier,et al.  Information Technology: Code of Practice for Information Security Management , 2001 .