An architectural approach to achieving higher-level security for component (service) based software systems

........................................................................................................................................ i The Author’s Publications ........................................................................................................ iii Acknowledgements .................................................................................................................... iv Declaration................................................................................................................................... v Table of

[1]  Bashar Nuseibeh Crosscutting requirements , 2004, AOSD '04.

[2]  Niels Provos,et al.  Hide and Seek: An Introduction to Steganography , 2003, IEEE Secur. Priv..

[3]  Tim O'Reilly,et al.  What is Web 2.0: Design Patterns and Business Models for the Next Generation of Software , 2007 .

[4]  Jun Han,et al.  Security Attack Ontology for Web Services , 2006, SKG.

[5]  Li Xiao,et al.  Low-Cost and Reliable Mutual Anonymity Protocols in Peer-to-Peer Networks , 2003, IEEE Trans. Parallel Distributed Syst..

[6]  Dafydd Stuttard,et al.  The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws , 2007 .

[7]  B. Bhattacharjee,et al.  A Protocol for Scalable Anonymous Communication , 1999 .

[8]  Hector Garcia-Molina,et al.  PPay: micropayments for peer-to-peer systems , 2003, CCS '03.

[9]  Brian Neil Levine,et al.  Responder anonymity and anonymous peer-to-peer file sharing , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[10]  Jun Han,et al.  Specifying Dynamic Security Properties of Web Service Based Systems , 2006, SKG.

[11]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[12]  J. Undercofer Intrusion Detection: Modeling System State to Detect and Classify Aberrant Behavior , 2004 .

[13]  肖欣,et al.  CISSP学习工具和策略如何通过Certified Information Systems Security Professional考试 , 2008 .

[14]  Sushil Jajodia,et al.  Abstraction-based intrusion detection in distributed environments , 2001, TSEC.

[15]  Jun Han,et al.  Secrobat: Secure and Robust Component-based Architectures , 2006, 2006 13th Asia Pacific Software Engineering Conference (APSEC'06).

[16]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[17]  Daniel Sabbah Aspects: from promise to reality , 2004, AOSD '04.

[18]  Yi Deng,et al.  A formal approach to designing secure software architectures , 2004, Eighth IEEE International Symposium on High Assurance Systems Engineering, 2004. Proceedings..

[19]  Micah Adler,et al.  An Analysis of the Degradation of Anonymous Protocols , 2002, NDSS.

[20]  Yi Deng,et al.  Integrating Security Administration into Software Architectures Design , 2004, SEKE.

[21]  Dimitris Gritzalis,et al.  Towards an Ontology-based Security Management , 2006, 20th International Conference on Advanced Information Networking and Applications - Volume 1 (AINA'06).

[22]  Jan Wessels APPLICATIONS OF BAN-LOGIC , 2001 .

[23]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[24]  Antony I. T. Rowstron,et al.  Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems , 2001, Middleware.

[25]  Richard E. Smith Cost profile of a highly assured, secure operating system , 2001, TSEC.

[26]  Yi Deng,et al.  Formal Software Architecture Design of Secure Distributed Systems , 2003, SEKE.

[27]  Hector Garcia-Molina,et al.  Designing a super-peer network , 2003, Proceedings 19th International Conference on Data Engineering (Cat. No.03CH37405).

[28]  Robert C. Seacord,et al.  A Structured Approach to Classifying Security Vulnerabilities , 2005 .

[29]  Kaustubh Supekar,et al.  OntoGenie: Extracting Ontology Instances from WWW , 2003 .

[30]  Li Yang,et al.  Enhancing Mediation Security by Aspect-Oriented Approach , 2004, SEKE.

[31]  Mark Handley,et al.  A scalable content-addressable network , 2001, SIGCOMM '01.

[32]  Vern Paxson,et al.  Enhancing byte-level network intrusion detection signatures with context , 2003, CCS '03.

[33]  Paul Dourish,et al.  Towards an architectural treatment of software security , 2005 .

[34]  Bart De Win,et al.  Engineering application-level security through aspect-oriented software development , 2004 .

[35]  J. A. Robinson,et al.  Logic and logic programming , 1992, CACM.

[36]  Tran Cao Son,et al.  Adding Time and Intervals to Procedural and Hierarchical Control Specifications , 2004, AAAI.

[37]  Wanli Ma,et al.  An Overview of Temporal and Modal Logic Programming , 1994, ICTL.

[38]  Emin Gün Sirer,et al.  CliqueNet: A Self-Organizing, Scalable, Peer-to-Peer Anonymous Communication Substrate , 2001 .

[39]  Timothy W. Finin,et al.  A Target-Centric Ontology for Intrusion Detection , 2003, IJCAI 2003.

[40]  Clemens A. Szyperski,et al.  Component software - beyond object-oriented programming, 2nd Edition , 2002, Addison-Wesley component software series.

[41]  Herbert H. Thompson,et al.  Why Security Testing Is Hard , 2003, IEEE Secur. Priv..

[42]  George Kurtz,et al.  Hacking Exposed , 2005 .

[43]  Michael Uschold,et al.  The Enterprise Ontology , 1998, The Knowledge Engineering Review.

[44]  Ruby B. Lee,et al.  Taxonomies of Distributed Denial of Service Networks, Attacks, Tools, and Countermeasures , 2003 .

[45]  Markus Schumacher,et al.  Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.

[46]  Gary McGraw,et al.  Software Security Testing , 2004, IEEE Secur. Priv..