A Semantic Paradigm for Component-Based Specification Integrating a Notion of Security Risk

Brændeland, Gyrd; Stølen, Ketil

doi:10.1007/978-3-540-75227-1_3

Cited by 2 publications

(3 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We build composites using the basic composition operators of STAIRS. For the full details of the semantics of composite component specifications, see [1].…”

Section: Component Specificationmentioning

confidence: 99%

“…We refer to [1] for the full details of composite security risk specifications. If the identified risks are found to violate the risk acceptance criteria, we need to identify protection mechanisms to ensure that the requirements to protection are met.…”

Section: Component Protection Specificationmentioning

confidence: 99%

“…A provided interface represent the view of the user, who does not need to know how an operation is implemented. Formally we obtain the provided interface of a basic component by filtering away the interactions on the required interface[1].…”

mentioning

confidence: 99%

See 2 more Smart Citations

Using model-based security analysis in component-oriented system development

Brændeland

Stølen

2006

Proceedings of the 2nd ACM Workshop on Quality of Protection

Self Cite

View full text Add to dashboard Cite

We propose an integrated process for component-based system development and security risk analysis. The integrated process is evaluated in a case study involving an instant messaging component for smart phones. We specify the risk behaviour and functional behaviour of components using the same kinds of description techniques. We represent main security risk analysis concepts, such as assets, stakeholders, threats and risks, at the component level.

show abstract

“…We build composites using the basic composition operators of STAIRS. For the full details of the semantics of composite component specifications, see [1].…”

Section: Component Specificationmentioning

confidence: 99%

Section: Component Protection Specificationmentioning

confidence: 99%

See 1 more Smart Citation

Using model-based security analysis in component-oriented system development

Brændeland

Stølen

2006

Proceedings of the 2nd ACM Workshop on Quality of Protection

Self Cite

View full text Add to dashboard Cite

show abstract

Using Model-Driven Risk Analysis in Component-Based Development

Brændeland

Stølen

2012

Dependability and Computer Engineering

Self Cite

View full text Add to dashboard Cite

Modular system development causes challenges for security and safety as upgraded sub-components may interact with the system in unforeseen ways. Due to their lack of modularity, conventional risk analysis methods are poorly suited to address these challenges. We propose to adjust an existing method for model-based risk analysis into a method for component-based risk analysis. We also propose a stepwise integration of the component-based risk analysis method into a component-based development process. By using the same kinds of description techniques to specify functional behaviour and risks, we may achieve upgrading of risk analysis documentation as an integrated part of component composition and refinement.

show abstract

A Semantic Paradigm for Component-Based Specification Integrating a Notion of Security Risk

Cited by 2 publications

References 14 publications

Using model-based security analysis in component-oriented system development

Using model-based security analysis in component-oriented system development

Using Model-Driven Risk Analysis in Component-Based Development

Contact Info

Product

Resources

About