Siv Hilde Houmb scite author profile

The focus of the paper is on the analysis of performance effects of different security solutions modeled as aspects in UML. Aspect oriented modeling (AOM) allows software designers to isolate and separately address solutions for crosscutting concerns, which are defined as distinct UML aspect models, then are composed with the primary UML model of the system under development. For performance analysis we use techniques developed previously in the PUMA project, which take as input UML models annotated with the standard UML Profile for Schedulability, Performance and Time (SPT), and transform them first into Core Scenario Model (CSM) and then into different performance models. The contribution of this paper is in performing the composition of the aspects with the primary model at the CSM level. The input is represented by the primary model and a number of aspect models in UML+SPT, which are processed as follows: a) converted separately to CSM; b) composed into a single CSM model; c) transformed into a Layered Queueing Networks (LQN) model and d) analyzed. The proposed approach is illustrated with a case study based on two standards, TPC-W and SSL.

show abstract

Quantifying security risk level from CVSS estimates of frequency and impact

Houmb

Franqueira

Engum

2010

Journal of Systems and Software

View full text Add to dashboard Cite

An aspect-oriented methodology for designing secure applications

Georg

Ray

Anastasakis

et al. 2009

Information and Software Technology

View full text Add to dashboard Cite

Performance analysis of security aspects by weaving scenarios extracted from UML models

Woodside

Petriu

et al. 2009

Journal of Systems and Software

View full text Add to dashboard Cite

Integrating risk management activities into requirements engineering

Islam¹,

Houmb

2010

View full text Add to dashboard Cite

Abstract-Software projects are often faced with unanticipated problems caused by e.g. changes in the development environment resulting in delays or threatening the ability of the project to succeed. Managing these uncertainties is a challenging task at all phases of the development, but nevertheless crucial in controlling schedule and costs. Therefore software development risks need to be controlled as early as possible. As software development risks are not merely of technical nature it is equally important to tackle non-technical risks. The paper presents a goal-driven software development risk management model (GSRM) that takes a holistic view on development, taking both technical and non-technical development components into consideration. The focus of the paper is on how to integrate GSRM and particularly the holistic risk perspective into requirements engineering. GSRM effectively identifies and makes explicit the critical project goals (for arriving at a successful project) and the risk factors that may obstruct these goals. GSRM also helps in planning how to employ control actions for mitigating risks and by that increase the ability to meet project goals. The integrated requirements engineering risk management model has been applied to an on-going development project in a low-cost development environment (Bangladesh). The result showed it to be relatively trivial to integrate the model into requirements engineering activities and that the model did indeed contribute to the overall project success.

show abstract

Supporting Requirements Engineers in Recognising Security Issues

Knauss

Houmb

Schneider

et al. 2011

View full text Add to dashboard Cite

Abstract. Context & motivation:More and more software projects today are security-related in one way or the other. Many environments are initially not considered security-related and no security experts are assigned. Requirements engineers often fail to recognise indicators for security problems. Question/problem: Ignoring security issues early in a project is a major source of recurring security problems in practice. Identifying security-relevant requirements is labour-intensive and error-prone. Security may be neglected in order to finish on time and in budget. Principal ideas/results: In this paper, we address this problem by presenting a tool-supported method that provides assistance for requirements engineering, with an emphasis on security requirements. We investigate whether security-relevant requirements can be automatically identified with help of a Bayesian classifier. Our results indicate that this is feasible, in particular if the classifier is trained with domain specific data and documents from previous projects. Contribution: We show how the ability to identify security-relevant requirements can be integrated in a workflow of requirements analysis and reuse of experience. In practice, this can increase security awareness within the software development process. We discuss limitations and potential of this approach.

show abstract

Goal and Risk Factors in Offshore Outsourced Software Development from Vendor's Viewpoint

Islam

Joarder

Houmb³

2009

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Siv Hilde Houmb

Eliciting security requirements and tracing them to design: an integration of Common Criteria, heuristics, and UMLsec

Performance analysis of security aspects in UML models

Quantifying security risk level from CVSS estimates of frequency and impact

An aspect-oriented methodology for designing secure applications

Performance analysis of security aspects by weaving scenarios extracted from UML models

Integrating risk management activities into requirements engineering

Supporting Requirements Engineers in Recognising Security Issues

Goal and Risk Factors in Offshore Outsourced Software Development from Vendor's Viewpoint

Contact Info

Product

Resources

About