An integrated framework for security and dependability

Jonsson, Erland

doi:10.1145/310889.310903

Cited by 37 publications

(22 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, they are not identical. We and other authors consider one difference between security and safety to be intention (e.g., [26], [43], [52]). Safety concerns harm caused by accident, while security concerns harm caused by an attacker.…”

Section: Safety and Securitymentioning

confidence: 99%

Security Requirements Engineering: A Framework for Representation and Analysis

Haley

Laney

Moffett

et al. 2008

IIEEE Trans. Software Eng.

353

256

View full text Add to dashboard Cite

Abstract-This paper presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. The system context is described using a problem-oriented notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument consists of two parts: a formal argument that the system can meet its security requirements and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems. We evaluate the framework by applying it to a security requirements analysis within an air traffic control technology evaluation project.

show abstract

Section: Safety and Securitymentioning

confidence: 99%

Security Requirements Engineering: A Framework for Representation and Analysis

Haley

Laney

Moffett

et al. 2008

IIEEE Trans. Software Eng.

353

256

View full text Add to dashboard Cite

show abstract

“…Avizienis et al (2004) and Jonsson (1998) proposed a system view to integrate dependability and security. They tried to use the system function and behaviour to form a framework.…”

Section: Integration Of Dependability and Securitymentioning

confidence: 99%

Seamless integration of dependability and security concepts in SOA: A feedback control system based framework and taxonomy

Khalil

Han

et al. 2011

Journal of Network and Computer Applications

View full text Add to dashboard Cite

“…A common feature between these standard UML profiles and the modeling language of MoPED is the first class support for QoS concerns and a QoS modeling framework built around it. Our QoS modeling framework differs from that of Early efforts on integrating security with availability and reliability were toward developing a unified terminology [10] to describe systems using an extended meaning of definitions of dependability attributes. A systemic conceptual model is suggested in which various aspects of security and dependability are discussed.…”

Section: Related Workmentioning

confidence: 99%

MoPED: A Model-Based Provisioning Engine for Dependability in Component-Based Distributed Real-Time Embedded Systems

Tambe

Dabholkar

Gokhale

2011

2011 18th IEEE International Conference and Workshops on Engineering of Computer-Based Systems

View full text Add to dashboard Cite

Abstract-Developing dependable distributed real-time and embedded (DRE) systems incurs significant complexities in the tradeoffs resulting from the different conflicting attributes of dependability, such as predictability, availability, and security. In component-based systems, these challenges are exacerbated since the tradeoffs must faithfully be reflected within the complex metadata descriptors used to compose, deploy and configure the system. The benefits of design-time approaches to address these problems are well-understood. Existing model-driven designtime tools for developing dependable systems, however, focus largely on only one dependability attribute at a time and lack of extensibility results in rigid and hard to maintain tool support. This paper describes MoPED (Model-based Provisioning Engine for Dependability), which is a model-driven framework that unifies reasoning about predictability, availability, and security requirements for developing dependable component-based DRE systems. We evaluate the capabilities of MoPED using a representative case study and show how it alleviates complexities in the design of dependable systems and reduces manual efforts in the deployment phase by an order of magnitude.

show abstract

An integrated framework for security and dependability

Cited by 37 publications

References 22 publications

Security Requirements Engineering: A Framework for Representation and Analysis

Security Requirements Engineering: A Framework for Representation and Analysis

Seamless integration of dependability and security concepts in SOA: A feedback control system based framework and taxonomy

MoPED: A Model-Based Provisioning Engine for Dependability in Component-Based Distributed Real-Time Embedded Systems

Contact Info

Product

Resources

About