Identification of Vulnerabilities in Web Services using Model-Based Security
暂无分享,去创建一个
Jan Jürjens | Lutz Lowis | Rafael Accorsi | Sebastian Höhn | J. Jürjens | R. Accorsi | Sebastian Höhn | Lutz Lowis
[1] Louise Yngström,et al. Proceedings of the IFIP TC11 13 international conference on Information Security (SEC '97) on Information security in research and business , 1997 .
[2] David A. Basin,et al. A metamodel-based approach for analyzing security-design models , 2007, MODELS'07.
[3] Manfred Reichert,et al. ADEPT Next Generation Process Management Technology - Tool Demonstration , 2006 .
[4] Rafael Accorsi. Automated counterexample-driven audits of authentic system records , 2008 .
[5] Bernd Blobel,et al. Modelling privilege management and access control , 2006, Int. J. Medical Informatics.
[6] Eduardo B. Fernandez,et al. A Methodology to Develop Secure Systems Using Patterns , 2006 .
[7] Indrakshi Ray,et al. An aspect-based approach to modeling access control concerns , 2004, Inf. Softw. Technol..
[8] Jan Jürjens,et al. Secure Information Flow for Concurrent Processes , 2000, CONCUR.
[9] Jing Xu,et al. Performance analysis of security aspects by weaving scenarios extracted from UML models , 2009, J. Syst. Softw..
[10] Duminda Wijesekera,et al. Executable misuse cases for modeling security concerns , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.
[11] Indrakshi Ray,et al. Proceedings of the eleventh ACM symposium on Access control models and technologies , 2006 .
[12] Jan Jürjens,et al. Secure systems development with UML , 2004 .
[13] George Spanoudakis,et al. Towards security monitoring patterns , 2007, SAC '07.
[14] Sotirios Koussouris,et al. Provision of Web 2.0 Services by Interoperable GIS-Powered Local Administration Portal Systems , 2011 .
[15] John Mylopoulos,et al. Computer-aided Support for Secure Tropos , 2007, Automated Software Engineering.
[16] Bernd Blobel,et al. A model driven approach for the German health telematics architectural framework and security infrastructure , 2007, Int. J. Medical Informatics.
[17] Calin Gurau. Self-Service Systems: Investigating the Perceived Importance of Various Quality Dimensions , 2009, Int. J. E Serv. Mob. Appl..
[18] John Wang,et al. Innovations in Information Systems for Business Functionality and Operations Management , 2012 .
[19] Jan Jürjens,et al. Secrecy-Preserving Refinement , 2001, FME.
[20] Jan Jürjens,et al. Specification-Based Test Generation for Security-Critical Systems Using Mutations , 2002, ICFEM.
[21] Jan Jürjens,et al. Security protocols, properties, and their monitoring , 2008, SESS '08.
[22] Jan Jürjens,et al. Automated Verification of UMLsec Models for Security Requirements , 2004, UML.
[23] Igor Siveroni,et al. Property Specification and Static Verification of UML Models , 2008, 2008 Third International Conference on Availability, Reliability and Security.
[24] Benjamin Livshits,et al. Improving software insecurity with precise static and runtime analysis , 2006 .
[25] Jan Jürjens,et al. Security Modelling for Electronic Commerce: The Common Electronic Purse Specifications , 2001, I3E.
[26] Wolfgang Reif,et al. A Modeling Framework for the Development of Provably Secure E-Commerce Applications , 2007, International Conference on Software Engineering Advances (ICSEA 2007).
[27] Francesco Parisi-Presicce,et al. UML specification of access control policies and their formal verification , 2006, Software & Systems Modeling.
[28] Frank Swiderski,et al. Threat Modeling , 2018, Hacking Connected Cars.
[29] Kurt Stenzel,et al. A Method for Secure Smartcard Applications , 2002, AMAST.
[30] Stephen Gilmore,et al. End-to-End Integrated Security and Performance Analysis on the DEGAS Choreographer Platform , 2005, FM.
[31] Haralambos Mouratidis,et al. Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems , 2003, CAiSE.
[32] Al Bento,et al. Cloud Computing Service and Deployment Models: Layers and Management , 2012 .
[33] Matthew K. Franklin,et al. A survey of key evolving cryptosystems , 2006, Int. J. Secur. Networks.
[34] Ross J. Anderson. Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .
[35] Maritta Heisel,et al. Confidentiality-Preserving Refinement is Compositional - Sometimes , 2002, ESORICS.
[36] Ghalem Belalem,et al. Fault Tolerant Architecture to Cloud Computing Using Adaptive Checkpoint , 2011, Int. J. Cloud Appl. Comput..
[37] H. B. Williams,et al. A Survey , 1992 .
[38] Shadi Aljawarneh. Cloud Computing Advancements in Design, Implementation, and Technologies , 2012 .
[39] Claudia Eckert,et al. Developing secure applications: a systematic approach , 1997, SEC.
[40] Jan Jürjens,et al. Rubacon: automated support for model-based compliance engineering , 2008, ICSE '08.
[41] Mario Piattini,et al. A study of security architectural patterns , 2006, First International Conference on Availability, Reliability and Security (ARES'06).
[42] Thomas Santen,et al. Stepwise Development of Secure Systems , 2006, SAFECOMP.
[43] Jan Jürjens. A domain-specific language for cryptographic protocols based on streams , 2009, J. Log. Algebraic Methods Program..
[44] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.
[45] Dieter Gollmann. On the Verification of Cryptographic Protocols - A Tale of Two Committees , 2000, Electron. Notes Theor. Comput. Sci..
[46] M. Hafner,et al. Model Driven Configuration of Secure Operating Systems for Mobile Applications in Healthcare , 2007 .
[47] Jonathan Lee,et al. Service Life Cycle Tools and Technologies: Methods, Trends, and Advances , 2011 .
[48] Brian Ritchie,et al. Integrating Model-based Security Risk Management into eBusiness Systems Development: The CORAS Approach , 2002, I3E.
[49] Carsten Rudolph,et al. Security Engineering for Ambient Intelligence: A Manifesto , 2006 .
[50] Mario Piattini,et al. Extending OCL for Secure Database Development , 2004, UML.
[51] John Mylopoulos,et al. Requirement Engineering Meets Security: A Case Study on Modelling Secure Electronic Transactions by VISA and Mastercard , 2003, ER.
[52] Nils Gruschka,et al. SOA and Web Services: New Technologies, New Standards - New Attacks , 2007, ECOWS 2007.
[53] Michael Weis,et al. Modeling Method for Assessing Privacy Technologies , 2008 .
[54] Benjamin Livshits,et al. Finding application errors and security flaws using PQL: a program query language , 2005, OOPSLA '05.
[55] Carleen Maitland,et al. Trust in cyberspace , 2000 .
[56] Fredrik Hultin,et al. Bridging Model-Based and Language-Based Security , 2003, ESORICS.
[57] Rafael Accorsi,et al. On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems , 2006, SEC.
[58] Shinichi Honiden,et al. Security patterns: a method for constructing secure and efficient inter-company coordination systems , 2004, Proceedings. Eighth IEEE International Enterprise Distributed Object Computing Conference, 2004. EDOC 2004..
[59] Andrew D. Gordon,et al. Verified Interoperable Implementations of Security Protocols , 2006, CSFW.
[60] Andreas L. Opdahl,et al. Eliciting security requirements with misuse cases , 2004, Requirements Engineering.
[61] Jean Goubault-Larrecq,et al. Cryptographic Protocol Analysis on Real C Code , 2005, VMCAI.
[62] Premkumar T. Devanbu,et al. Software engineering for security: a roadmap , 2000, ICSE '00.
[63] Paul Oude Luttighuis,et al. Equipping the Enterprise Interoperability Problem Solver , 2010 .
[64] Axelle Apvrille,et al. Secure software development by example , 2005, IEEE Security & Privacy Magazine.
[65] Achim D. Brucker,et al. A model transformation semantics and analysis methodology for SecureUML , 2006, MoDELS'06.
[66] Paul Kearney,et al. A risk-driven security analysis method and modelling language , 2007 .
[67] Weider D. Yu,et al. Software Vulnerability Analysis for Web Services Software Systems , 2006, 11th IEEE Symposium on Computers and Communications (ISCC'06).
[68] Jan Jürjens,et al. Towards Development of Secure Systems Using UMLsec , 2001, FASE.
[69] Nicole B. Koppel,et al. InformatIon SyStemS In the ServIce Sector , 2010 .
[70] Jan Jürjens,et al. UMLsec: Extending UML for Secure Systems Development , 2002, UML.
[71] Dirk Krafzig,et al. Enterprise SOA: Service-Oriented Architecture Best Practices , 2004 .
[72] Jan Jürjens,et al. Tools for secure systems development with UML , 2007, International Journal on Software Tools for Technology Transfer.
[73] Gary McGraw,et al. Static Analysis for Security , 2004, IEEE Secur. Priv..
[74] Bashar Nuseibeh,et al. Security Requirements Engineering: A Framework for Representation and Analysis , 2008, IEEE Transactions on Software Engineering.
[75] Herbert H. Thompson. Application Penetration Testing , 2005, IEEE Secur. Priv..
[76] Paul Kearney,et al. A model-based approach to trust, security and assurance , 2006 .
[77] Bradley Malin,et al. Implementing a Model-Based Design Environment for Clinical Information Systems , 2007 .
[78] Jan Jürjens,et al. Security Analysis of Crypto-based Java Programs using Automated Theorem Provers , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).
[79] Bart De Win,et al. Transforming Security Requirements into Architecture , 2008, 2008 Third International Conference on Availability, Reliability and Security.
[80] Cecilia Mascolo,et al. Integrating security and usability into the requirements and design process , 2007, Int. J. Electron. Secur. Digit. Forensics.
[81] Xinming Ou,et al. A scalable approach to attack graph generation , 2006, CCS '06.
[82] Carsten Rudolph,et al. A business process-driven approach to security engineering , 2003, 14th International Workshop on Database and Expert Systems Applications, 2003. Proceedings..
[83] Sigrid Gürgens,et al. Validation of Cryptographic Protocols by Efficient Automated Testing , 2000, FLAIRS Conference.
[84] Samuel T. Redwine. Introduction to Modeling Tools for Software Security , 2007 .
[85] Álvaro Enrique Arenas,et al. Modelling Security Properties in a Grid-based Operating System with Anti-Goals , 2008, 2008 Third International Conference on Availability, Reliability and Security.
[86] Bruce Schneier,et al. Secure audit logs to support computer forensics , 1999, TSEC.
[87] Bashar Nuseibeh,et al. Security requirements engineering: when anti-requirements hit the fan , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.
[88] Ruth Breu,et al. Model-Driven Security Engineering for Trust Management in SECTET , 2007, J. Softw..
[89] George Yee. Privacy Protection for E-Services , 2006 .
[90] David Basin,et al. Model driven security: From UML models to access control infrastructures , 2006, TSEM.
[91] Jan Jürjens,et al. Sound development of secure service-based systems , 2004, ICSOC '04.
[92] Jan Jürjens. Sound methods and effective tools for model-based security engineering with UML , 2005, ICSE '05.
[93] Dominique Méry,et al. Specification and Refinement of Access Control , 2007, J. Univers. Comput. Sci..
[94] S. K. Maharana,et al. Cloud Computing Applied for Numerical Study of Thermal Characteristics of SIP , 2011, Int. J. Cloud Appl. Comput..
[95] E. B. Fernandez,et al. Determining role rights from use cases , 1997, RBAC '97.
[96] Klaus-Peter Löhr,et al. SecTOOL - Supporting Requirements Engineering for Access Control , 2006, ETRICS.
[97] Ketil Stølen,et al. Information flow property preserving transformation of UML interaction diagrams , 2006, SACMAT '06.
[98] Mario Bravetti,et al. Formal Techniques for Computer Systems and Business Processes, European Performance Engineering Workshop, EPEW 2005 and International Workshop on Web Services and Formal Methods, WS-FM 2005, Versailles, France, September 1-3, 2005, Proceedings , 2005, EPEW/WS-FM.
[99] Eric S. K. Yu,et al. A Goal Oriented Approach for Modeling and Analyzing Security Trade-Offs , 2007, ER.
[100] Mohammad Bsoul,et al. Technology Fears: A Study of e-Commerce Loyalty Perception by Jordanian Customers , 2010, Int. J. Inf. Syst. Serv. Sect..
[101] Yijun Yu,et al. Traceability for the maintenance of secure software , 2008, 2008 IEEE International Conference on Software Maintenance.
[102] Bashar Nuseibeh,et al. Model-Based Security Engineering of Distributed Information Systems Using UMLsec , 2007, 29th International Conference on Software Engineering (ICSE'07).
[103] Gad Vitner,et al. Service Management of Special Care Units: Lessons Learned in Manufacturing , 2011, Int. J. Inf. Syst. Serv. Sect..
[104] Yannis Charalabidis,et al. Interoperability in Digital Public Services and Administration: Bridging E-Government and E-Business , 2010 .
[105] Francis G. McCabe,et al. Reference Model for Service Oriented Architecture 1.0 , 2006 .
[106] John Mylopoulos,et al. Modeling security requirements through ownership, permission and delegation , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).
[107] Karen A. Scarfone,et al. The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems , 2007 .
[108] Jan Jürjens,et al. Towards a Comprehensive Framework for Secure Systems Development , 2006, CAiSE.
[109] Michael Hafner,et al. Modeling and Enforcing Advanced Access Control Policies in Healthcare Systems with Sectet , 2008, MoDELS.
[110] Barry W. Boehm,et al. Software Engineering Economics , 1993, IEEE Transactions on Software Engineering.
[111] Nora Koch,et al. Aspect-Oriented Modeling of Access Control in Web Applications , 2005 .
[112] M. Bouaziz,et al. An Introduction to Computer Security , 2012 .
[113] Jan Jürjens,et al. Cost-benefit trade-off analysis using BBN for aspect-oriented risk-driven development , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).
[114] Nils Gruschka,et al. SOA and Web Services: New Technologies, New Standards - New Attacks , 2007, Fifth European Conference on Web Services (ECOWS'07).
[115] J Jürjens,et al. Model-based Security Analysis of the German Health Card Architecture , 2008, Methods of Information in Medicine.
[116] Rafael Accorsi,et al. Automated Privacy Audits Based on Pruning of Log Data , 2008, 2008 12th Enterprise Distributed Object Computing Conference Workshops.
[117] Alfredo Pironti,et al. Soundness Conditions for Message Encoding Abstractions in Formal Security Protocol Models , 2008, 2008 Third International Conference on Availability, Reliability and Security.
[118] Jan Jürjens,et al. Code security analysis with assertions , 2005, ASE '05.
[119] Leslie Lamport,et al. The ``Hoare Logic'' of CSP, and All That , 1984, TOPL.