Skip to main content
Springer Nature Link
Log in

CoSMo: An Approach Towards Conceptual Security Modeling

  • Conference paper
  • First Online:
Database and Expert Systems Applications (DEXA 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2453))

Included in the following conference series:

Abstract

Security is generally believed to be a very important topic. However, during software development security requirements are hardly ever properly treated, least of all on the conceptual level. Security is considered as some kind of add-on which will be applied to the system after development. To fill this gap we work on the development of a conceptual security modeling method we refer to as CoSMo (Conceptual Security Modeling). In this paper first a comprehensive summary of available security modeling methodologies is presented. Second, various security requirements and mechanisms which are necessary for building secure software systems are described systematically to give a clear distinction between requirements and mechanisms to enforce the security requirements. Finally, a modeling example is given to illustrate particular security requirements and mechanisms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Smith, G. W., The Sematic Data Model for Security: Representing the Security Semantics of an Application, Proc. 6th Int’l Conf. on Data Engineering (ICDE’90), IEEE, Computer Society Press

    Google Scholar 

  2. Smith, G. W., Modeling Security Relevant Data Semantics, Proc. 1990 Sy mp. on Research in Security and Privacy, IEEE Computer Society Press

    Google Scholar 

  3. Pernul G., Database Security, Academic Press, 1994, ISBN# 0-12-012138-7

    Google Scholar 

  4. Chen, P. P., The Entity Relationship Model: Towards a Unified View of Data, ACM Trans. on Database Systems (T ODS), Vol. 1(1)

    Google Scholar 

  5. Ellmer E., Pernul G., Kappel G., Object-Oriented Modeling of Security Semantics, Proceedings of the 11th Annual Computer Security Applications Conference (ACSAC’95), IEEE Computer Society Press, New Orleans (LA), Dec. 1995, pp. 52–61

    Google Scholar 

  6. Rumbauh, J. et al., Object-Oriented Modeling and Design, Prentice Hall, Englewood Cliffs, NJ, 1991

    Google Scholar 

  7. Herrmann G., Pernul G., Viewing Business Process Security from Different Perspectives, Proceedings of the 11th Int’1 Bled Electronic Commerce Conference “Electronic commerce in the Information Society”. Slovenia, 1998, pp. 89–103

    Google Scholar 

  8. Herrmann G., Security and Integrity Requirements of Business Processes-Analysis and Approach to Support their Realization, Proc. CAiSE*99 6th Doctoral Consortium on Advanced Information Systems Engineering, Heidelberg, 14–15. June, 1999, pp. 36–47

    Google Scholar 

  9. Röhm A., Pernul G., COPS: A Model and Infrastructure for Secure and Fair Electronic Markets, IEEE Proceedings of the Hawai’i International Conference On System Sciences 32, January 5–8, 1999, Maui, Hawai’i.

    Google Scholar 

  10. Thoben W., Sicherheitsanforderungen im Rahmen der Bedrohungs-und Risikoanalyse von IT-Systemen, Datenbanksysteme in Büro, Technik und Wissenschaft (BTW’ 97), Springer-Verlag, S. 279–298, 1997

    Google Scholar 

  11. Schönberg A., Thoben W.., Ein unscharfes Bewertungskonzept für die Bedrohungs-und Risikoanalyse Workflow-basierter Anwendungen, Sicherheit und Electronic Commerce-Konzepte, Modelle und technische Möglichkeiten (WS SEC’98), A. Röhm, D. Fox, R. Grimm und D. Schoder (Hrsg.), S. 47–62, Vieweg-Verlag, Essen, Oktober 98

    Google Scholar 

  12. Gollmann D., Computer Security, John Wiley & Sohns, 1999, ISBN# 0-471-97844-2

    Google Scholar 

  13. Bichler P.: Conceptual Design of Secure Workflow Systems. An Object-Oriented Approach to the Uniform Modeling of Workflows, Organizations and Security. Dissertation

    Google Scholar 

  14. Sandhu R., Samarati P., Authentication, Access Control and Audit, ACM Computing Surveys, Vol. 28, No. 1, March 1996

    Google Scholar 

  15. International Organisation for Standardization (ISO): Information processing systems-Guidelines for the Use and Management of Trusted Third Parties-Part 2: Technical Aspects. International Standard ISO/IEC Draft 14516-2, Genf, 1995

    Google Scholar 

  16. Eßmayr W., Role-Based Access Controls in Interoperable Environments, Faculty of Natural Sciences and Engineering Johannes Kepler University Linz, PhD Thesis, January 1999

    Google Scholar 

  17. Berthold O., Federrath H., Köhntopp M. Project “Anonymity and Unobservability in the Internet”, Workshop on Freedom and Privacy by Design CFP2000, Toronto, 2000

    Google Scholar 

  18. Gerhard M., Röhm A., A Secure Electronic Market for Anonymous Transferable Emission Permits, IEEE Proceedings of the Hawai’i International Conference On System Sciences 31, vol. 4, January 6–9, 1998, Kona, Hawai’i

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Applied Knowledge Processing (FAW), Hauptstr. 99, A-4232, Hagenberg, Austria

    Christine Artelsmair, Peter Lang & Roland Wagner

  2. Software Competence Center Hagenberg (SCCH), Hauptstr. 99, A-4232, Hagenberg, Austria

    Wolfgang Essmayr & Edgar Weippl

Authors
  1. Christine Artelsmair
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wolfgang Essmayr
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Peter Lang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Roland Wagner
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Edgar Weippl
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Université Paul Sabatier, IRIT, 118 route de Narbonne, 31062, Toulouse Cedex, France

    Abdelkader Hameurlain

  2. Département Informatique, Université Aix-Marseille II, IUT, 413 Avenue Gaston Berger, 13625, Aix-en-Provence Cedex 1, France

    Rosine Cicchetti

  3. Institute of Applied Computer Science, University of Linz, Altenbergerstr. 69, 4040, Linz, Austria

    Roland Traunmüller

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Artelsmair, C., Essmayr, W., Lang, P., Wagner, R., Weippl, E. (2002). CoSMo: An Approach Towards Conceptual Security Modeling. In: Hameurlain, A., Cicchetti, R., Traunmüller, R. (eds) Database and Expert Systems Applications. DEXA 2002. Lecture Notes in Computer Science, vol 2453. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46146-9_55

Download citation

  • DOI: https://doi.org/10.1007/3-540-46146-9_55

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44126-7

  • Online ISBN: 978-3-540-46146-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation