Towards a Model-driven based Security Framework

被引：0

作者：

Abdallah, Rouwaida ^{[1
]}

Yakymets, Nataliya ^{[1
]}

Lanusse, Agnes ^{[1
]}

机构：

[1] CEA, LIST, Lab Model Driven Engn Embedded Syst, Gif Sur Yvette, France

来源：

MODELSWARD 2015 PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON MODEL-DRIVEN ENGINEERING AND SOFTWARE DEVELOPMENT | 2015年

关键词：

Security; Model-driven; UML Profiles; EBIOS; Attack Trees; Papyrus Tool;

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

In this paper, we propose a model-driven framework for security analysis. We present a security analysis process that begins from the design phase of the system architecture then allows performing several security analysis methods. Our approach presents mainly two advantages: First, it allows the traceability of the security analysis methods with the system architecture. Second, this framework can include several security analysis methods. Moreover it allows information reuse which is complicated when we use separate methods dedicated tools. Thus, we can have more consistent and accurate security analysis results for a system. We chose to implement two methods: A qualitative method named EBIOS which is simple and helps to identify areas of focus within the system. Then, to get more accurate results, we implement a quantitative method, the Attack trees. Attack trees can be automatically generated from the Ebios analysis phase and can be completed later on to get more specific results.

引用

页码：639 / 645

页数：7

共 50 条

[21] Towards a Framework for the Application of Model-Driven Development in Situational Method Engineering
Zohrevand, Zahra
Bibalan, Yusef Mehrdad
Ramsin, Raman
[J]. 2011 18TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC 2011), 2011, : 122 - 129
[22] Delta-based regression testing: a formal framework towards model-driven regression testing
Abadeh, Maryam Nooraei
Mirian-Hosseinabadi, Seyed-Hassan
[J]. JOURNAL OF SOFTWARE-EVOLUTION AND PROCESS, 2015, 27 (12) : 913 - 952
[23] A Systematic Review of Model-Driven Security
Nguyen, Phu H.
Klein, Jacques
Le Traon, Yves
Kramer, Max E.
[J]. 2013 20TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC 2013), VOL 1, 2013, : 432 - 441
[24] MODEL-DRIVEN SECURITY FOR TRUSTED SYSTEMS
Alam, Masoom
Khan, Shahbaz
Alam, Quratulain
Ali, Tamleek
Anwar, Sajid
Hayat, Amir
Jaffar, Arfan
Ali, Muhammad
Adnan, Awais
[J]. INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL, 2012, 8 (02): : 1221 - 1235
[25] A Model-Driven Security Requirements Approach to Deduce Security Policies Based on OrBAC
Arzapalo, Denisse Munante
Chiprianov, Vanea
Gallon, Laurent
Aniorte, Philippe
[J]. INFORMATION SECURITY AND CRYPTOLOGY (INSCRYPT 2014), 2015, 8957 : 150 - 169
[26] Towards a model-driven approach to reuse
France, RB
Ghosh, S
Turk, DE
[J]. OOIS 2001: 7TH INTERNATIONAL CONFERENCE ON OBJECT-ORIENTED INFORMATION SYSTEMS, PROCEEDINGS, 2001, : 181 - 190
[27] Model-driven Framework for Requirement Traceability
Kesserwan, Nader
Al-Jaroodi, Jameela
[J]. INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS, 2021, 12 (02) : 1 - 12
[28] A Model-driven testing Framework Based on requirement for embedded software
Lei, Haishen
Wang, Yichen
[J]. PROCEEDINGS OF 2016 11TH INTERNATIONAL CONFERENCE ON RELIABILITY, MAINTAINABILITY AND SAFETY (ICRMS'2016): INTEGRATING BIG DATA, IMPROVING RELIABILITY & SERVING PERSONALIZATION, 2016,
[29] A framework for model-driven pattern matching
de Guzman, Ignacio Garcia-Rodriguez
Polo, Macario
Piattini, Mario
[J]. ICEIS 2007: PROCEEDINGS OF THE NINTH INTERNATIONAL CONFERENCE ON ENTERPRISE INFORMATION SYSTEMS: DATABASES AND INFORMATION SYSTEMS INTEGRATION, 2007, : 553 - 557
[30] A model-driven choreography conceptual framework
Arroyo, Sinuhe
Duke, Alistair
Lopez-Cobo, Jos-Manuel
Sicilia, Miguel-Angel
[J]. COMPUTER STANDARDS & INTERFACES, 2007, 29 (03) : 325 - 334

← 1 2 3 4 5 →