Yudis Asnar scite author profile

Yudis Asnar

3Publications

13Citation Statements Received

47Citation Statements Given

How they've been cited

How they cite others

Affiliations

University of Trento

Publications

Order By: Most citations

Computer Aided Threat Identification

Asnar

Massacci

et al. 2011

View full text Add to dashboard Cite

Abstract-Recently, there has been an increase of reported security threats hitting organizations. Some of them are originated from the assignments to users of inappropriate permissions on organizational sensitive data. Thus it is crucial for organizations to recognize as early as possible the risks deriving by inappropriate access right management and to identify the solutions that they need to prevent such risks.In this paper, we propose a framework to identify threats during the requirements analysis of organizations' IT systems. With respect to other works which have attempted to include security analysis into requirement engineering process (e.g., KAOS, Elahi et al., Asnar et al.), our framework does not rely on the level of expertise of the security analyst to detect threats but allows to automatically identify threats that derive from inappropriate access management.To capture the organization's setting and the system stakeholders' requirements, we adopt SI* [1], a requirement engineering framework founded on the concepts of actors, goals, tasks and resources. This framework extends SI* with a reasoning technique that identifies potential security threats on resources and relevant goals. The reasoning is based on Answer Set Programming (ASP) logic rules that take into account the relationships between resources and the delegation of permission relations between actors. We illustrate this framework using an eHealth scenario.

show abstract

Organizational Patterns for Security and Dependability

Massacci

Asnar

Saidane

et al. 2011

View full text Add to dashboard Cite

Designing secure and dependable IT systems requires a deep analysis of organizational as well as social aspects of the environment where the system will operate. Domain experts and analysts often face security and dependability (S&D) issues they have already encountered before. These concerns require the design of S&D patterns to facilitate designers when developing IT systems. This article presents the experience in designing S&D organizational patterns, which was gained in the course of an industry lead EU project. The authors use an agent-goal-oriented modeling framework (i.e., the SI* framework) to analyze organizational settings jointly with technical functionalities. This framework can assist domain experts and analysts in designing S&D patterns from their experience, validating them by proof-of-concept implementations, and applying them to increase the security level of the system.

show abstract

Organizational Patterns for Security and Dependability

Asnar

Massacci

Saidane

et al.

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yudis Asnar

Computer Aided Threat Identification

Organizational Patterns for Security and Dependability

Organizational Patterns for Security and Dependability

Contact Info

Product

Resources

About