Published: Apr 1, 2014
Converted to Gold OA:
DOI: 10.4018/ijsse.20140401pre
Volume 5
Martin Gilje Jaatun, Riccardo Scandariato, Lillian Røstad
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Jaatun, Martin Gilje, et al. "Special Issue on 7th International Workshop on Secure Software Engineering (SecSE 2013)." IJSSE vol.5, no.2 2014: pp.4-6. http://doi.org/10.4018/ijsse.20140401pre
APA
Jaatun, M. G., Scandariato, R., & Røstad, L. (2014). Special Issue on 7th International Workshop on Secure Software Engineering (SecSE 2013). International Journal of Secure Software Engineering (IJSSE), 5(2), 4-6. http://doi.org/10.4018/ijsse.20140401pre
Chicago
Jaatun, Martin Gilje, Riccardo Scandariato, and Lillian Røstad. "Special Issue on 7th International Workshop on Secure Software Engineering (SecSE 2013)," International Journal of Secure Software Engineering (IJSSE) 5, no.2: 4-6. http://doi.org/10.4018/ijsse.20140401pre
Export Reference
Published: Apr 1, 2014
Converted to Gold OA:
DOI: 10.4018/ijsse.2014040101
Volume 5
Per Håkon Meland, Elda Paja, Erlend Andreas Gjære, Stéphane Paul, Fabiano Dalpiaz, Paolo Giorgini
Goal and threat modelling are important activities of security requirements engineering: goals express why a system is needed, while threats motivate the need for security. Unfortunately, existing...
Show More
Goal and threat modelling are important activities of security requirements engineering: goals express why a system is needed, while threats motivate the need for security. Unfortunately, existing approaches mostly consider goals and threats separately, and thus neglect the mutual influence between them. In this paper, the authors address this deficiency by proposing an approach that extends goal modelling with threat modelling and analysis. The authors show that this effort is not trivial and a trade-off between visual expressiveness, usability and usefulness has to be considered. Specifically, the authors integrate threat modelling with the socio-technical security modelling language (STS-ml), introduce automated analysis techniques that propagate threats in the combined models, and present tool support that enables reuse of threats facilitated by a threat repository. The authors illustrate their approach on a case study from the Air Traffic Management (ATM) domain, from which they extract some practical challenges. The authors conclude that threats provide a useful foundation and justification for the security requirements that the authors derive from goal modelling, but this should not be considered as a replacement to risk assessment. The usage of goals and threats early in the development process allows raising awareness of high-level security issues that occur regardless of the chosen technology and organizational processes.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Meland, Per Håkon, et al. "Threat Analysis in Goal-Oriented Security Requirements Modelling." IJSSE vol.5, no.2 2014: pp.1-19. http://doi.org/10.4018/ijsse.2014040101
APA
Meland, P. H., Paja, E., Gjære, E. A., Paul, S., Dalpiaz, F., & Giorgini, P. (2014). Threat Analysis in Goal-Oriented Security Requirements Modelling. International Journal of Secure Software Engineering (IJSSE), 5(2), 1-19. http://doi.org/10.4018/ijsse.2014040101
Chicago
Meland, Per Håkon, et al. "Threat Analysis in Goal-Oriented Security Requirements Modelling," International Journal of Secure Software Engineering (IJSSE) 5, no.2: 1-19. http://doi.org/10.4018/ijsse.2014040101
Export Reference
Published: Apr 1, 2014
Converted to Gold OA:
DOI: 10.4018/ijsse.2014040102
Volume 5
Kristian Beckers, Isabelle Côté, Ludger Goeke, Selim Güler, Maritta Heisel
Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of...
Show More
Cloud computing systems offer an attractive alternative to traditional IT-systems, because of economic benefits that arise from the cloud's scalable and flexible IT-resources. The benefits are of particular interest for SME's. The reason is that using Cloud Resources allows an SME to focus on its core business rather than on IT-resources. However, numerous concerns about the security of cloud computing services exist. Potential cloud customers have to be confident that the cloud services they acquire are secure for them to use. Therefore, they have to have a clear set of security requirements covering their security needs. Eliciting these requirements is a difficult task, because of the amount of stakeholders and technical components to consider in a cloud environment. Therefore, the authors propose a structured, pattern-based method supporting eliciting security requirements and selecting security measures. The method guides potential cloud customers to model the application of their business case in a cloud computing context using a pattern-based approach. Thus, a potential cloud customer can instantiate our so-called Cloud System Analysis Pattern. Then, the information of the instantiated pattern can be used to fill-out our textual security requirements patterns and individual defined security requirement patterns, as well. The presented method is tool-supported. Our tool supports the instantiation of the cloud system analysis pattern and automatically transfers the information from the instance to the security requirements patterns. In addition, they have validation conditions that check e.g., if a security requirement refers to at least one element in the cloud. The authors illustrate their method using an online-banking system as running example.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Beckers, Kristian, et al. "A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain." IJSSE vol.5, no.2 2014: pp.20-43. http://doi.org/10.4018/ijsse.2014040102
APA
Beckers, K., Côté, I., Goeke, L., Güler, S., & Heisel, M. (2014). A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain. International Journal of Secure Software Engineering (IJSSE), 5(2), 20-43. http://doi.org/10.4018/ijsse.2014040102
Chicago
Beckers, Kristian, et al. "A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain," International Journal of Secure Software Engineering (IJSSE) 5, no.2: 20-43. http://doi.org/10.4018/ijsse.2014040102
Export Reference
Published: Apr 1, 2014
Converted to Gold OA:
DOI: 10.4018/ijsse.2014040103
Volume 5
Vincenzo Ciancia, Jose Martin, Fabio Martinelli, Ilaria Matteucci, Marinella Petrocchi, Ernesto Pimentel
The authors describe a formal methodology for the automatic synthesis of a secure orchestrator for a set of BPMN processes. The synthesized orchestrator is able to guarantee that all the processes...
Show More
The authors describe a formal methodology for the automatic synthesis of a secure orchestrator for a set of BPMN processes. The synthesized orchestrator is able to guarantee that all the processes that are started reach their end, and the resulting orchestrator process is secure, that is, it does not allow the disclosure of certain secret messages. The authors present an implementation of a forth and back translation from BPMN to Crypto-CCS, that permits them to exploit the previously existing PaMoChSA tool to synthesize BPMN orchestrators. Furthermore, they study the problem of ranking orchestrators based on quantitative valuations of a process, the temporal evolution of such valuations, and their security, as a function of the knowledge of the attacker.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Ciancia, Vincenzo, et al. "Automated Synthesis and Ranking of Secure BPMN Orchestrators." IJSSE vol.5, no.2 2014: pp.44-64. http://doi.org/10.4018/ijsse.2014040103
APA
Ciancia, V., Martin, J., Martinelli, F., Matteucci, I., Petrocchi, M., & Pimentel, E. (2014). Automated Synthesis and Ranking of Secure BPMN Orchestrators. International Journal of Secure Software Engineering (IJSSE), 5(2), 44-64. http://doi.org/10.4018/ijsse.2014040103
Chicago
Ciancia, Vincenzo, et al. "Automated Synthesis and Ranking of Secure BPMN Orchestrators," International Journal of Secure Software Engineering (IJSSE) 5, no.2: 44-64. http://doi.org/10.4018/ijsse.2014040103
Export Reference
IGI Global Open Access Collection provides all of IGI Global’s open access content in one convenient location and user-friendly interface
that can easily searched or integrated into library discovery systems.
Browse IGI Global Open
Access Collection
Author Services Inquiries
For inquiries involving pre-submission concerns, please contact the Journal Development Division:
journaleditor@igi-global.comOpen Access Inquiries
For inquiries involving publishing costs, APCs, etc., please contact the Open Access Division:
openaccessadmin@igi-global.comProduction-Related Inquiries
For inquiries involving accepted manuscripts currently in production or post-production, please contact the Journal Production Division:
journalproofing@igi-global.comRights and Permissions Inquiries
For inquiries involving permissions, rights, and reuse, please contact the Intellectual Property & Contracts Division:
contracts@igi-global.comPublication-Related Inquiries
For inquiries involving journal publishing, please contact the Acquisitions Division:
acquisition@igi-global.comDiscoverability Inquiries
For inquiries involving sharing, promoting, and indexing of manuscripts, please contact the Citation Metrics & Indexing Division:
indexing@igi-global.com Editorial Office
701 E. Chocolate Ave.
Hershey, PA 17033, USA
717-533-8845 x100