Graphical Modeling of Security Goals and Software Vulnerabilities
2015 (English)In: Handbook of Research on Innovations in Systems and Software Engineering / [ed] Vicente García Díaz, Juan Manuel Cueva Lovelle, B. Cristina Pelayo García-Bustelo, IGI Global, 2015, 1-31 p.Chapter in book (Refereed)
Security has become recognized as a critical aspect of software development, leading to the development of various security-enhancing techniques, many of which use some kind of custom modeling language. Models in different languages cannot readily be related to each other, which is an obstacle to using several techniques together. The sheer number of languages is, in itself, also an obstacle to adoption by developers. The authors have developed a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees. Models in the new language can be transformed to and from the earlier language, and a precise definition of model semantics enables an even wider range of applications, such as testing and static analysis. This chapter explores this new language.
Place, publisher, year, edition, pages
IGI Global, 2015. 1-31 p.
Software security, Software vulnerability, Security goal modelling, Secure software engineering
IdentifiersURN: urn:nbn:se:liu:diva-117722DOI: 10.4018/978-1-4666-6359-6.ch001ISBN: 978-146666-359-6ISBN: 1-46666359-6ISBN: 978-14-6666-360-2OAI: oai:DiVA.org:liu-117722DiVA: diva2:810504