MODELS

We have seen many efforts invested in research on engineering security aspects of software and systems over the last years, but we have also seen spectacular security breaches and privacy leaks in web applications, mobile apps, and enterprise systems. ...

The use of formal models to guide security design is appealing. This paper presents a model driven approach whereby security systems in operation can be assessed and measured against various requirements that are defined when the system is created. By ...

A secure system architecture is often based on a variety of design and security model elements. Without some way of evaluating the impact of these individual design elements in the face of possible attacks, design flaws may weaken a software ...

We introduce a UML-based notation for graphically modeling systems' security aspects in a simple and intuitive way and a model-driven process that transforms graphical specifications of access control policies in XACML. These XACML policies are then ...

Network security constitutes a critical concern when developing and maintaining nowadays corporate information systems. Firewalls are a key element of network security by filtering the traffic of the network in compliance with a number of access control ...

Pervasive systems typically involve heterogeneous users, devices and networks to provide services seamlessly interacting with the physical world. In order to be flexible, these systems must be both dynamically adaptive to handle and still open to the ...

Building secure systems is a difficult job for most engineers since it requires in-depth understanding of security aspects. This task, however, can be assisted by capturing security knowledge in a particular domain and reusing the knowledge when ...

The research presented in this paper is aimed at developing a holistic modelling method that comprehensively considers and integrates technical, organizational, behavioral and business aspects -- all crucial to create and manage secure IT systems. Our ...

SecureMDD is a model-driven approach to develop security-critical applications. The focus lies on the development of smart card and service applications. Those are inherently security-critical and are based on cryptographic protocols. These protocols ...

Security is one of the main challenges of service oriented computing. Services need to be loosely coupled, easily accessible and yet provide tight security guarantees enforced by cryptographic protocols. In this paper, we address how to automatically ...