Using model-based security analysis in component-oriented system development

Gyrd Brændeland, Ketil Stølen
2006 Proceedings of the 2nd ACM workshop on Quality of protection - QoP '06  
We propose an integrated process for component-based system development and security risk analysis. The integrated process is evaluated in a case study involving an instant messaging component for smart phones. We specify the risk behaviour and functional behaviour of components using the same kinds of description techniques. We represent main security risk analysis concepts, such as assets, stakeholders, threats and risks, at the component level.
doi:10.1145/1179494.1179498 dblp:conf/ccs/BraendelandS06 fatcat:hehii7prfvbgjlnw7pn3rr2yju