177,927 Hits in 5.5 sec

Challenges in Secure Software Evolution - The Role of Software Architecture

Stephan Seifermann, Emre Taspolatoglu, Ralf H. Reussner, Robert Heinrich
2016 Softwaretechnik-Trends  
Approaches for maintaining security properties exist but fail to exploit the knowledge of the architectural design phase. This results in high effort and slow reactions on evolutionary changes.  ...  In this paper, we describe five key challenges in maintaining security properties during software evolution and show how architecture supports mastering them.  ...  ) and German Research Foundation in the Priority Programme SPP 1593.  ... 
dblp:journals/stt/SeifermannTRH16 fatcat:jn2rtyxmcjachohutntne5b2su

Visual model-driven design, verification and implementation of security protocols

Piergiuseppe Bettassa Copet, A. Pironti, D. Pozza, R. Sisto, P. Vivoli
2012 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering  
[13] exploit the standard ports and protocols features of UML 2.0 to define executable security protocol models, from which executable code can be generated.  ...  In this work, the ProVerif tool [5] is leveraged to formally prove the security properties of a protocol model.  ... 
doi:10.1109/hase.2012.23 dblp:conf/hase/CopetPPSV12 fatcat:cqkj3f2yyfdn5lufpof2hhgkqa

DoMAIns: Domain-based modeling for Ambient Intelligence

Dario Bonino, Fulvio Corno
2012 Pervasive and Mobile Computing  
Moving from first, sparse approaches, the research community is now tackling the design of next generation buildings and homes by applying well known, sound methodologies developed in the context of Software  ...  These models must permit, on one side, to address interoperability issues by exploiting a shared environment abstraction that enables the development of technology-independent home intelligence.  ...  Since the Bank Security Booth scenario is completely modeled by means of a formally verifiable representation, interfaces between different domains are automatically generated and they are implemented  ... 
doi:10.1016/j.pmcj.2011.10.009 fatcat:am3g5isbcrgb3khzl56h4u652u

Development of an Ontology to Assist the Modeling of Accident Scenarii "Application on Railroad Transport " [article]

Ahmed Maalel, Habib Hadj mabrouk, Lassad Mejri, Henda Hajjami Ben Ghezela
2012 arXiv   pre-print
After a detailed presentation of the state of the art material, this article presents the first results of the developed model.  ...  This paper presents the contribution of ontology to modeling scenarii for rail accidents through a knowledge model based on a generic ontology and domain ontology.  ...  In addition, the formalism adopted to represent these accident scenarii is limited to a purely technical aspect.  ... 
arXiv:1203.1021v1 fatcat:h5ucw7n66bghhpcqxrsli3srui

Formal Methods in Information Security

paper describes the state of the art in the industrial use of formal methods ininformation security with a focus on verification of security protocols.  ...  Formal methods use mathematical models for analysis and verification at any part of the programlife-cycle.  ...  a wider number of protocol developers to get advantage of formal methods for security protocols.  ... 
doi:10.24297/ijct.v14i4.1963 fatcat:s7ratzapovh6jgax26zbpsct2e

Ethereum's Smart Contracts Construction and Development using Model Driven Engineering Technologies: a Review

Yassine Ait Hsain, Naziha Laaz, Samir Mbarki
2021 Procedia Computer Science  
The result can be used as a basis of tool selection for specific development aspects of SCs.  ...  The result can be used as a basis of tool selection for specific development aspects of SCs.  ...  the implementation of security concepts. • Used technologies : exploited or extended  ... 
doi:10.1016/j.procs.2021.03.097 fatcat:5sz3pdgk3rdxtpvxgmriypcp34

Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection [chapter]

Federico De Meo, Marco Rocchetto, Luca Viganò
2016 Lecture Notes in Computer Science  
We present a formal approach for the analysis of attacks that exploit SQLi to violate security properties of web applications.  ...  We give a formal representation of web applications and databases, and show that our formalization effectively exploits SQLi attacks.  ...  The database We give a general formalization of a database that can be used in any specification to exploit SQLi when searching for security flaws in a web app.  ... 
doi:10.1007/978-3-319-46598-2_13 fatcat:ipbs4yafwzbupk5jeptqsuz4fq

DAG-based attack and defense modeling: Don't miss the forest for the attack trees

Barbara Kordy, Ludovic Piètre-Cambacédès, Patrick Schweitzer
2014 Computer Science Review  
Over the course of the last two decades, graphical modeling has attracted the attention of numerous security and formal methods experts.  ...  Most of them extend the original model of threat logic trees in one or several dimensions which include defensive components, timed and ordered actions, dynamic aspects, and different types of quantification  ...  General security modeling 5 Table 1 : 1 Table summarizing aspects taken into account in formalism description.  ... 
doi:10.1016/j.cosrev.2014.07.001 fatcat:aie7uxdorjclnb5ctgg5nrczqi

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees [article]

Barbara Kordy, Ludovic Piètre-Cambacédès, Patrick Schweitzer
2013 arXiv   pre-print
Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling.  ...  This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms.  ...  Acknowledgments The authors would like to thank Sjouke Mauw and Pieter Hartel for their comments on a preliminary version of this survey, which helped them to improve the paper.  ... 
arXiv:1303.7397v1 fatcat:fiebxymrd5dcnmnufddaoaqlaa

Building an Incident Management Body of Knowledge

David A. Mundie, Robin Ruefle
2012 2012 Seventh International Conference on Availability, Reliability and Security  
This paper describes the components of the CIMBOK and how they were constructed.  ...  The CERT Incident Management Body of Knowledge (CIMBOK) was built using a systematic process that starts with a controlled vocabulary and evolves through taxonomies, static ontologies, dynamic ontologies  ...  . • event: Any observable occurrence in a network or system. • zero-day exploit: An exploit that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known  ... 
doi:10.1109/ares.2012.83 dblp:conf/IEEEares/MundieR12 fatcat:x4m66ootrrfkbaietxd3xs2bua

Formal Specification and Enactment of Security Policies through Agent Coordination Contexts

Andrea Omicini, Alessandro Ricci, Mirko Viroli
2003 Electronical Notes in Theoretical Computer Science  
Third, the general nonformalisability of complex systems should not prevent us from using formal tools whenever useful, such as in proving or ensuring properties of limited but meaningful portions of a  ...  In particular, in this paper we study the syntax and semantics of a language for ACCs specification, exploiting typical process algebra techniques.  ...  In particular, the ACC abstraction have been exploited in [23] to develop an extension of the TuCSoN infrastructure for agent coordination [24] towards security, showing how ACCs smoothly integrate  ... 
doi:10.1016/s1571-0661(04)80682-0 fatcat:3qns73o63vehvfdwjutfffw5ea

Developing a Human Activity Model for Insider IS Security Breaches Using Action Design Research [chapter]

Gurpreet Dhillon, Spyridon Samonas, Ugo Etudo
2016 IFIP Advances in Information and Communication Technology  
In this paper we present a human activity model that captures different aspects of a security culture. The model elucidates the patterns of behavior in organizations.  ...  However, whilst compliance with security policies and regulations is of great importance, the very structure of human activities that facilitates or hinders such compliance have seldom appeared in the  ...  Finally, we formalize our learning and prepare a second iteration of the model, which would lead to the development of the beta version of the model.  ... 
doi:10.1007/978-3-319-33630-5_4 fatcat:lqaaeq3k5fe4jls7b7yjwfhsue

Building a formal model for hate detection in French corpora

Delphine Battistelli, Cyril Bruneau, Valentina Dragos
2020 Procedia Computer Science  
This paper investigates the development of a formal model in order to analyse online hate in French corpora.  ...  Abstract This paper investigates the development of a formal model in order to analyse online hate in French corpora.  ...  Acknowledgements This document has been produced in the context of the FLYER project funded by the ASTRID research program.  ... 
doi:10.1016/j.procs.2020.09.299 fatcat:s6ubege5ojfslmqrrwxxbqd3vm

Measuring network security using dynamic bayesian network

Marcel Frigault, Lingyu Wang, Anoop Singhal, Sushil Jajodia
2008 Proceedings of the 4th ACM workshop on Quality of protection - QoP '08  
In this paper, we propose a Dynamic Bayesian Networks (DBNs)-based model to incorporate temporal factors, such as the availability of exploit codes or patches.  ...  Our previous research explores the causal relationships between vulnerabilities encoded in an attack graph to model the overall security of a network, which includes a general framework [26], a real-valued  ...  This material is based upon work supported by National Institute of Standards and Technology Computer Security Division; by Homeland Security Advanced Re-  ... 
doi:10.1145/1456362.1456368 dblp:conf/ccs/FrigaultWSJ08 fatcat:pxqqu3lymbhjpilaopnipnsmru

Modelling and Analysing Network Security Policies in a Given Vulnerability Setting [chapter]

Roland Rieke
2006 Lecture Notes in Computer Science  
Constraints on this graph are given by a model of the network security policy. The impact of changes to security policies can be computed and visualised by finding differences in the attack graphs.  ...  A graph of all possible attack paths is automatically computed from the model of an ICT network, of vulnerabilities, exploits and an attacker strategy.  ...  The modelling approach is described in Sect. 3, while Sect. 4 presents an exemplary analysis of network security policy adaptation aspects in a given scenario.  ... 
doi:10.1007/11962977_6 fatcat:fij2wsv5anapdcwb4kum2cq4dy
« Previous Showing results 1 — 15 out of 177,927 results