Integrating security design into the software development process for e‐commerce systems

Chan, Mangtang; Kwok, Lam For

doi:10.1108/09685220110394758

Cited by 10 publications

(7 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…see Refs. [1,2,11,20,23,28,37,39,40,47,64,65]). These works use the UML extension mechanisms to introduce representations of dependability concerns in UML models.…”

Section: Aspect-oriented Modelingmentioning

confidence: 98%

An aspect-based approach to modeling access control concerns

Ray

Georg

2004

Information and Software Technology

View full text Add to dashboard Cite

“…see Refs. [1,2,11,20,23,28,37,39,40,47,64,65]). These works use the UML extension mechanisms to introduce representations of dependability concerns in UML models.…”

Section: Aspect-oriented Modelingmentioning

confidence: 98%

An aspect-based approach to modeling access control concerns

Ray

Georg

2004

Information and Software Technology

View full text Add to dashboard Cite

“…There has been some work on using the UML to model security concerns (e.g., see [1,2,6,9,12,15,17,18,19,22,30,32]). Chan and Kwok [6] model a design pattern for security that addresses asset and functional distribution, vulnerability, threat, and impact of loss.…”

Section: Related Workmentioning

confidence: 99%

“…Chan and Kwok [6] model a design pattern for security that addresses asset and functional distribution, vulnerability, threat, and impact of loss. UML stereotypes identify classes that have particular security needs due to their vulnerability either as assets or as a result of functional distribution.…”

Section: Related Workmentioning

confidence: 99%

Designing High Integrity Systems Using Aspects

Georg

Ray

2003

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract:In this paper we show how design-level aspects can be used to develop high integrity systems. In our approach, a system designer must first identify the specific mechanisms required for high integrity systems. To support this activity we have developed an initial tabulation of different kinds of threats and the mechanisms used to prevent, detect, and recover from the related attacks and problems. Each mechanism can be modeled independently as an aspect. After the mechanisms are identified, the corresponding aspects are then woven in the appropriate order into the models of the essential system functionality to produce a model of a high integrity system.

show abstract

“…Chan and Kwok [5] propose a design methodology for e-commerce systems to specify design details for three processes: Risk, Engineering, and Assurance, which 6 JOURNAL OF OBJECT TECHNOLOGY VOL 0, NO. 0 [20] SecureUML [17] Zisman [30] SOCLe [19] For-LySa [18] Epstein and Sandhu [7] Brose et al [4] Ahn and Shin [1] AuthUML [2] represent the main areas of security engineering in the systems security engineering capability maturity model (SSE-CMM) on which this methodology is based.…”

Section: State Of the Art Surveymentioning

confidence: 99%

“…Many contributions have been presented in the state of the art for specifying and enforcing security at UML design [1,2,4,5,6,7,8,14,16,17,18,19,20,22,23,27,28,30]. While sharing almost the same objectives, these contributions Cite this document as follows: http://www.jot.fm/general/JOT template LaTeX.tgz * The research leading to this work was possible due to funding and scientific collaboration with Software Research, Ericsson Canada.…”

Section: Introductionmentioning

confidence: 99%

Usability of Security Specification Approaches for UML Design: A Survey.

Talhi¹,

Mouheb²,

Lima³

et al. 2009

JOT

View full text Add to dashboard Cite

Since it is the de facto language for software specification and design, UML is the target language used by almost all state of the art contributions handling security at specification and design level. However, these contributions differ in the covered security requirements, specification approaches, verification tools, etc. This paper investigates the main approaches adopted for specifying and enforcing security at UML design and surveys the related state of the art. The main contribution of this paper is a discussion of these approaches from usability viewpoint. A set of criteria has been defined and used in this usability discussion. The discussed UML approaches are stereotypes and tagged values, OCL, and behavior diagrams. Extending the UML meta-language or creating new meta-languages for security specification are also covered by this study.

show abstract

Integrating security design into the software development process for e‐commerce systems

Cited by 10 publications

References 7 publications

An aspect-based approach to modeling access control concerns

An aspect-based approach to modeling access control concerns

Designing High Integrity Systems Using Aspects

Usability of Security Specification Approaches for UML Design: A Survey.

Contact Info

Product

Resources

About