Filters








29,058 Hits in 6.4 sec

Table of Contents

2021 2021 IEEE/ACM 2nd International Workshop on Engineering and Cybersecurity of Critical Systems (EnCyCriS)  
Security Assurance Cases with Built-in Quality Assurance 29 Mazen Mohamad (Chalmers and University of Gothenburg, Sweden), Örjan Askerdal (Volvo Trucks, Sweden), Rodi Jolak (Chalmers and University  ...  University of Science and Technology, Norway), Nektaria Kaloudi (Norwegian University of Science and Technology, Norway), and Jingyue Li (Norwegian University of Science and Technology, Norway) Asset-Driven  ... 
doi:10.1109/encycris52570.2021.00004 fatcat:pjrhyy3yd5hwxbsmg73fbhtzxm

A Common Sense Way to Make the Business Case for Software Assurance

John Bailey, Antonio Drommi, Jeffrey Ingalsbe, Nancy Mead, Dan Shoemaker
2008 EDPACS: The EDP Audit, Control, and Security Newsletter  
Yet when it comes time to assign the actual cost associated with each process, the distinction between product quality assurance and product security gets lost.  ...  WHY WE NEED TO DISTINGUISH SOFTWARE DEVELOPMENT FROM SOFTWARE ASSURANCE The aim of this article is to demonstrate how a common valuation model can be used to make a dollars and cents business case for  ...  As a consequence, the business case associated with limiting vulnerabilities in assured software should be primarily built around costs associated with identifying exploitable vulnerabilities that result  ... 
doi:10.1080/07366980802231825 fatcat:gjjhgkmcnvbtbe5mrslv3pjgxq

Variation Verification

John D. McGregor
2009 Journal of Object Technology  
The asset base of a software product line organization includes many types of assets. The thing that binds them together is the range of variation they must accommodate.  ...  In this issue of Strategic Software Engineering I will discuss the relationship of verification to variation management. VARIATION VERIFICATION 8 J OURNAL OF OBJECT TECHNOLOGY  ...  Assurance cases can be constructed with variation points just like any asset.  ... 
doi:10.5381/jot.2009.8.2.c1 fatcat:5msuwpusvnf2hl4sanenjszqhi

Standards Driven Security Assurance for Mobile Networks

Sven Lachmund
2016 Journal of ICT Standardization  
A new security assurance scheme for mobile network infrastructure equipment is described in this article.  ...  In introducing an effective security assurance scheme, constraints need to be considered as the environment in which the scheme is introduced defines some boundaries.  ...  In particular I want to particularly thank James Moran from the GSM Association who supported me significantly in producing promotion material and this article.  ... 
doi:10.13052/jicts2245-800x.321 fatcat:4eiob3wo6vhclmifyx3e4x2l4e

Security Assurance Cases – State of the Art of an Emerging Approach [article]

Mazen Mohamad and Jan-Philipp Steghöfer and Riccardo Scandariato
2020 arXiv   pre-print
Security Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system.  ...  Our results indicate that, while there are numerous papers discussing the importance of security assurance cases and their usage scenarios, the literature is still immature with respect to concrete support  ...  This work intersects with our work in that assurance-driven software design can be used as a methodology or approach for creating assurance cases. However, unlike Gade et al.  ... 
arXiv:2003.14151v1 fatcat:czh7tt6ufncw7dxice2p5mvgby

Model driven security accreditation (MDSA)for agile, interconnected it landscapes

Ulrich Lang, Rudolf Schreiner
2009 Proceedings of the first ACM workshop on Information security governance - WISG '09  
This paper presents Model Driven Security Accreditation (MDSA), a novel approach for automating large parts of the compliance and assurance accreditation management processes (e.g.  ...  MDSA is a system and method for managing and analyzing security and information assurance requirements in reusable models, and for (mostly) automating the verification of the traceable correspondence between  ...  The evaluation process tries to establish the level of confidence that may be placed in the product's security features through quality assurance processes; (5) "Evaluation Assurance Level" (EAL)the numerical  ... 
doi:10.1145/1655168.1655173 fatcat:fj53h4qjinhxrmcc5yjggqz4ya

r-AnalytiCA: Requirements Analytics for Certification & Accreditation

Seok-Won Lee, Robin A. Gandhi, Siddharth J. Wagle, Ajeet B. Murty
2007 15th IEEE International Requirements Engineering Conference (RE 2007)  
Numerous interdependent quality requirements imposed by regulatory Certification and Accreditation (C&A) processes enable a rich context to gather compliance evidences for promoting software assurance.  ...  The goal of the r-AnalytiCA workbench is to make sense out of the large collection of available evidences for a complex software system though multidimensional requirements-driven problem domain analysis  ...  Goal-driven Scenario Composition Ongoing and Future work Currently, r-AnalytiCA has been applied in the domain of C&A processes for assessing software system security qualities [2] .  ... 
doi:10.1109/re.2007.34 dblp:conf/re/LeeGWM07 fatcat:yha5og3qmralhlpxtko5jdodzq

Secured Requirement Specification Framework (SRSF)

R.A. Khan, K. Mustafa
2008 American Journal of Applied Sciences  
Generally, software engineers are poorly trained to elicit, analyze and specify security requirements, often confusing them with the architectural security mechanisms that are traditionally used to fulfill  ...  This study presents a framework for the security requirement specification called Secured Requirement Specification Framework ( S RSF), which is prescriptive in nature.  ...  compromise cases, identification of the security objectives and validation of security goals against assets, threats and application goals.  ... 
doi:10.3844/ajassp.2008.1622.1629 fatcat:zlzpgmofzngdhb45ooeaysm5xy

Security assurance cases—state of the art of an emerging approach

Mazen Mohamad, Jan-Philipp Steghöfer, Riccardo Scandariato
2021 Empirical Software Engineering  
AbstractSecurity Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system.  ...  pressure to be compliant with several security standards and regulations.  ...  The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material.  ... 
doi:10.1007/s10664-021-09971-7 fatcat:sxa6pbmpbjdrhbqmiyl25okkzq

The internet of things in healthcare: an overview, challenges and model plan for security risks management process

Nur Azaliah Abu Bakar, Wan Makhtariah Wan Ramli, Noor Hafizah Hassan
2019 Indonesian Journal of Electrical Engineering and Computer Science  
For this purpose, this paper extensively explores various IoT technologies used in health care services and its security challenges.  ...  However, a systematic process is missing when managing and anticipating the risk of IoT usage in healthcare.  ...  Asset Security Management: In most cases, security leaders use the same strategy that preceded the proliferation of IoT devices but implemented them in new ways.  ... 
doi:10.11591/ijeecs.v15.i1.pp414-420 fatcat:agsngepwwndyhli2bpkryn4f6y

D1.2 System Architecture Definition

Srdjan Skrbic
2021 Zenodo  
These goals will be achieved using state-of-the-art technologies and making significant scientific and technological advances in several key relevant domains, including secure multi-party computations  ...  The COLLABS project aims at developing, demonstrating and supporting a comprehensive cyberintelligence framework for collaborative manufacturing, which enables the secure data exchange across the digital  ...  These high-level objectives are detailed with KPIs that can be found in section 1.1.2 of the proposal and will be formalized for real success measurement in WP6.  ... 
doi:10.5281/zenodo.5347678 fatcat:4jr4tibrurasfnbl23huny3xkq

A comparison of security requirements engineering methods

Benjamin Fabian, Seda Gürses, Maritta Heisel, Thomas Santen, Holger Schmidt
2009 Requirements Engineering  
This paper presents a conceptual framework for security engineering, with a strong focus on security requirements elicitation and analysis.  ...  We review these methods and assess them according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance capabilities.  ...  The majority of the methods provide means for quality assurance.  ... 
doi:10.1007/s00766-009-0092-x fatcat:eaw5fvp2yjbwtpucnk6fzwglmy

COMPARATIVE LITERATURE ANALYSIS ON SECURITY REQUIREMENTS ENGINEERING

Md Tarique Jamal Ansari*1, Dhirendra Pandey2 & Naseem Ahmad Khan3
2020 Zenodo  
Security requirements are the non-functional requirements which must be considered early in the software development lifecycle with functional requirements.  ...  We also comparatively analyze existing security requirements engineering approaches according to different criteria, such as the general approach and scope of the method, its validation, and quality assurance  ...  Peeters has extended the agile practices to deal with security in an informal, communicative and assurance driven spirit.  ... 
doi:10.5281/zenodo.3596327 fatcat:lqghlajcine4xe23xn2ma3xbha

Tool-Supported Safety-Relevant Component Reuse: From Specification to Argumentation [chapter]

Irfan Sljivo, Barbara Gallina, Jan Carlson, Hans Hansson, Stefano Puri
2018 Lecture Notes in Computer Science  
In this work we present a tool-supported methodology for contract-driven assurance and reuse.  ...  We present an implementation extending the AMASS platform to support automated instantiation of the proposed patterns, and evaluate its adequacy for assurance and reuse in a real-world case study.  ...  LACU Case Study In this section, we present our case study with the objective to apply the toolsupported contract-driven assurance and reuse methodology on a real-world case and evaluate its adequacy for  ... 
doi:10.1007/978-3-319-92432-8_2 fatcat:bteagggsxbhvrfnkduldw3ftmi

Secure Software Education

J. J. Simpson, M. J. Simpson, B. Endicott-Popovsky, V. Popovsky
2010 International Journal of Secure Software Engineering  
A pedagogical model for information assurance curriculum development is then established in the context and terms of the developed secure information system models.  ...  KEY WORDS Asset protection model, software security, secure information systems, system security, threat model, target model, system model, pedagogical model for information assurance, McCumber Cube, risk  ...  This secure coding area is a basic area of concern, and many other code vulnerabilities may be built on the secure coding flaws in this category.  ... 
doi:10.4018/jsse.2010100103 fatcat:dzx25pbbafgtrmrkjat3uufedm
« Previous Showing results 1 — 15 out of 29,058 results