Skip to main content
SpringerLink
Log in

Towards the Integration of Security Aspects into System Development Using Collaboration-Oriented Models

  • Conference paper
Security Technology (SecTech 2009)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 58))

Included in the following conference series:

Abstract

Security, as an important feature of system design, should be taken into account early in the development of systems. We propose an extension of the SPACE engineering method in order to integrate security aspects into the system design and implementation phases. The integration of security mechanisms is facilitated by collaborations. Functional system specifications are represented by collaboration-oriented models which describe functionalities reaching over different physical components in one model. Countermeasures are also modeled by collaborations since security mechanisms are often collaborative structures themselves. Our approach includes an asset-oriented security analysis on the collaboration-oriented models in order to determine the level of protection needed. We illustrate our approach by the example of an e-sale system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley & Sons, Inc., New York (2008)

    Google Scholar 

  2. Herrmann, P., Kraemer, F.A.: Design of Trusted Systems with Reusable Collaboration Models. In: Etalle, S., Marsh, S. (eds.) IFIPTM 2007. IFIP, vol. 238, pp. 317–332. Springer, Heidelberg (2007)

    Google Scholar 

  3. Kraemer, F.A.: Engineering Reactive Systems: A Compositional and Model-Driven Method Based on Collaborative Building Blocks. PhD thesis, Norwegian University of Science and Technology (August 2008)

    Google Scholar 

  4. Kraemer, F.A., Slåtten, V., Herrmann, P.: Tool Support for the Rapid Composition, Analysis and Implementation of Reactive Services. Journal of Systems and Software (2009)

    Google Scholar 

  5. Kraemer, F.A., Herrmann, P.: Automated Encapsulation of UML Activities for Incremental Development and Verification. In: Schürr, A., Selic, B. (eds.) MODELS 2009. LNCS, vol. 5795. Springer, Heidelberg (2009)

    Google Scholar 

  6. ISO/IEC: Common Criteria for Information Technology Security Evaluation, International Standard ISO/IEC 15408 (1998)

    Google Scholar 

  7. Herrmann, P., Herrmann, G.: Security-Oriented Refinement of Business Processes. Electronic Commerce Research Journal 6(3-4), 305–335 (2006)

    Article  Google Scholar 

  8. Baskerville, R.: Information Systems Security Design Methods: Implications for Information Systems Development. ACM Computing Surveys 25(4), 375–414 (1993)

    Article  Google Scholar 

  9. Baskerville, R.: Designing Information Systems Security. Wiley & Sons, Chichester (1988)

    Google Scholar 

  10. CCTA: SSADM-CRAMM Subject Guide for SSADM Version 3 and CRAMM Version 2. CCTA, London (1991)

    Google Scholar 

  11. Kienzle, D.M., Wulf, W.A.: A Practical Approach to Security Assessment. In: Proceedings of the Workshop New Security Paradigms 1997, Lake District (1997)

    Google Scholar 

  12. Leiwo, J., Gamage, C., Zheng, Y.: Harmonizer — A Tool for Processing Information Security Requirements in Organization. In: Proceedings of the 3rd Nordic Workshop on Secure Computer Systems (NORDSEC 1998), Trondheim (1998)

    Google Scholar 

  13. Lund, M.S., den Braber, F., Stølen, K.: Maintaining Results from Security Assessments. In: Proceedings of the 7th European Conference on Software Maintenance and Reengineering (CSMR 2003), pp. 341–350. IEEE Computer Society Press, Los Alamitos (2003)

    Google Scholar 

  14. Refsdal, A., Stølen, K.: Employing key indicators to provide a dynamic risk picture with a notion of confidence. In: Trust Management III, Boston. Springer, Heidelberg (2009)

    Google Scholar 

  15. Herrmann, P.: Information Flow Analysis of Component-Structured Applications. In: Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC 2001), New Orleans, pp. 45–54. IEEE Computer Society Press, Los Alamitos (2001)

    Google Scholar 

  16. Herrmann, P., Krumm, H.: Object-oriented security analysis and modeling. In: Proceedings of the 9th International Conference on Telecommunication Systems — Modelling and Analysis, Dallas, ATSMA, IFIP, March 2001, pp. 21–32 (2001)

    Google Scholar 

  17. http://people.inf.ethz.ch/cremersc/scyther/

  18. http://web.comlab.ox.ac.uk/people/gavin.lowe/Security/Casper/

  19. Courtney, R.: Security Risk Assessment in Electronic Data Processing. In: AFIPS Conference Proceedings of the National Computer Conference, vol. 46, Arlington, pp. 97–104 (1977)

    Google Scholar 

  20. http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html

  21. http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html

  22. Siponen, M., Heikka, J.: Do secure information system design methods provide adequate modeling support? Information and Software Technology 50(9-10) (2008)

    Google Scholar 

  23. Vaughn Jr., R.B., Henning, R., Fox, K.: An empirical study of industrial security-engineering practices. Journal of System and Software 61(3), 225–232 (2002)

    Article  Google Scholar 

  24. Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From uml models to access control infrastructures. ACM Transactions on Software Engineering Methodology 15(1), 39–91 (2006)

    Article  Google Scholar 

  25. Lodderstedt, T., Basin, D.A., Doser, J.: Secureuml: A uml-based modeling language for model-driven security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Google Scholar 

  26. Jürjens, J.: Secure System Development with UML. Springer, Heidelberg (2004)

    Google Scholar 

  27. Mouheb, D., Talhi, C., Lima, V., Debbabi, M., Wang, L., Pourzandi, M.: Weaving security aspects into uml 2.0 design models. In: AOM 2009: Proceedings of the 13th workshop on Aspect-oriented modeling, pp. 7–12. ACM, New York (2009)

    Chapter  Google Scholar 

  28. Georg, G., Ray, I., Anastasakis, K., Bordbar, B., Toahchoodee, M., Houmb, S.H.: An aspect-oriented methodology for designing secure applications. Information and Software Technology 51(5), 846–864 (2009); SPECIAL ISSUE: Model-Driven Development for Secure Information Systems

    Article  Google Scholar 

  29. Pavlich-Mariscal, J., Michel, L., Demurjian, S.: Enchancing uml to model custom security aspects. In: AOM 2007: Proceedings of the 11th workshop on Aspect-oriented modeling (2007)

    Google Scholar 

  30. Braber, F., Hogganvik, I., Lund, M.S., Stølen, K., Vraalsen, F.: Model-based security analysis in seven steps — a guided tour to the coras method. BT Technology Journal 25(1), 101–117 (2007)

    Article  Google Scholar 

  31. Myers, A.C.: JFlow: Practical Mostly-Static Information Flow Control. In: Proceedings of the 26th ACM Symposium on Principles of Programming Languages (POPL 1999), San Antonio (1999)

    Google Scholar 

  32. Zheng, L., Myers, A.C.: Dynamic security labels and static information flow control. International Journal of Information Security 6(2), 67–84 (2007)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Telematics, Norwegian University of Science and Technology (NTNU), Trondheim, Norway

    Linda Ariani Gunawan, Peter Herrmann & Frank Alexander Kraemer

Authors
  1. Linda Ariani Gunawan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peter Herrmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frank Alexander Kraemer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Warsaw & Infobright Inc.,, Poland

    Dominik Ślęzak

  2. Hannam University, 306-791, Daejeon, South Korea

    Tai-hoon Kim

  3. National Chiao Tung University, Hsinchu, Taiwan

    Wai-Chi Fang

  4. Mississippi State University, Mississippi State MS, USA

    Kirk P. Arnett

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gunawan, L.A., Herrmann, P., Kraemer, F.A. (2009). Towards the Integration of Security Aspects into System Development Using Collaboration-Oriented Models. In: Ślęzak, D., Kim, Th., Fang, WC., Arnett, K.P. (eds) Security Technology. SecTech 2009. Communications in Computer and Information Science, vol 58. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10847-1_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10847-1_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10846-4

  • Online ISBN: 978-3-642-10847-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation