liu.seSearch for publications in DiVA
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Unified modeling of attacks, vulnerabilities and security activities
Linköping University, The Institute of Technology. Linköping University, Department of Computer and Information Science, Database and information techniques.
Linköping University, Department of Computer and Information Science, Database and information techniques. Linköping University, The Institute of Technology.
2010 (English)In: Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems, New York, USA: ACM , 2010, 36-42 p.Conference paper, Published paper (Refereed)
Abstract [en]

Security is becoming recognized as an important aspect of software development, leading to the development of many different security-enhancing techniques, many of which use some kind of custom modeling language. Models in these different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers.

In this paper we present a modeling language that can be used in place of four existing modeling languages: attacktrees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in our language can be more precise than earlier models, which allows them to be used in automated applications, such as automatic testing and static analysis. Models in the new language can be derived automatically from models in the existing languages, and can be viewed using existing notation.

Our modeling language exploits a data model, also presented in this paper, that permits rich interconnections between various items of security knowledge. In this data model it is straightforward to relate different kinds of models, and thereby different software security techniques, to each other.

Place, publisher, year, edition, pages
New York, USA: ACM , 2010. 36-42 p.
National Category
Software Engineering
Identifiers
URN: urn:nbn:se:liu:diva-56576DOI: 10.1145/1809100.1809106ISBN: 978-1-60558-965-7 (print)OAI: oai:DiVA.org:liu-56576DiVA: diva2:320414
Conference
2010 ICSE Workshop on Software Engineering for Secure Systems
Available from: 2010-05-25 Created: 2010-05-25 Last updated: 2014-10-01

Open Access in DiVA

No full text

Other links

Publisher's full text

Authority records BETA

Byers, DavidShahmehri, Nahid

Search in DiVA

By author/editor
Byers, DavidShahmehri, Nahid
By organisation
The Institute of TechnologyDatabase and information techniques
Software Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 156 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf