Analysis of Secure Mobile Grid Systems: A systematic approach

Rosado, David G.; Fernández‐Medina, Eduardo; López, Javier; Piattini, Mario

doi:10.1016/j.infsof.2010.01.002

Cited by 21 publications

(9 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Pavlidis et al (2012) use trust based concepts such as resolution, trust, trust relationship, and entailment to support analysis and modelling of security. Rosado et al (2010) demonstrate an activity for elicitation, analysis and modelling of security and functional requirements (Rosado et al, 2010), where Security is considered as sub -factor of software quality. The work systematically uses SPEM 2.0 to define the tasks and integrate the artefacts for the security analysis.…”

Section: Security and Privacy Requirements Elicitation And Analysismentioning

confidence: 99%

A framework to support selection of cloud providers based on security and privacy requirements

Mouratidis

Islam

Kalloniatis

et al. 2013

Journal of Systems and Software

105

View full text Add to dashboard Cite

Cloud Computing is an evolving paradigm that is radically changing the way humans store, share and access their digital files. Despite the many benefits, such as the introduction of a rapid elastic resource pool, and on-demand service, the paradigm also creates challenges for both users and providers. In particular, there are issues related to security and privacy, such as unauthorized access, loss of privacy, data replication and regulatory violation that require adequate attention. Nevertheless, and despite the recent research interest in developing software engineering techniques to support systems based on the cloud, the literature fails to provide a systematic and structured approach that enables software engineers to identify security and privacy requirements and select a suitable cloud service provider based on such requirements. This paper presents a novel framework that fills this gap. Our framework incorporates a modelling language and it provides a structured process that supports elicitation of security and privacy requirements and the selection of a cloud provider based on the satisfiability of the service provider to the relevant security and privacy requirements. To illustrate our work, we present results from a real case study.

show abstract

Section: Security and Privacy Requirements Elicitation And Analysismentioning

confidence: 99%

A framework to support selection of cloud providers based on security and privacy requirements

Mouratidis

Islam

Kalloniatis

et al. 2013

Journal of Systems and Software

105

View full text Add to dashboard Cite

show abstract

“…In [39], a UML profile is proposed for defining security requirements for Data Warehouses (DW) at the business level. In the mobile Grid context, GridUCSecProfile is introduced in [40] and used in [41], where a methodology is proposed to analyse, design and construct a Secure Mobile Grid System. SecureUML [42] allows to build secure distributed systems.…”

Section: Related Workmentioning

confidence: 99%

Modelling Security of Critical Infrastructures: A Survivability Assessment

Rodríguez

Merseguer

Bernardi

2014

The Computer Journal

View full text Add to dashboard Cite

Critical infrastructures, usually designed to handle disruptions caused by human errors or random acts of nature, define assets whose normal operation must be guaranteed to maintain its essential services for human daily living. Malicious intended attacks to these targets need to be considered during system design. To face with these situations, defense plans must be developed in advance. In this paper, we present a UML profile, named SecAM, that enables the modelling and security specification for critical infrastructures during the early phases (requirements, design) of systems development life-cycle. SecAM endows security assessment, through survivability analysis, of different security solutions before system deployment. As a case study, we evaluate the survivability of the Saudi Arabia crude-oil pipeline network under two different attack scenarios. The stochastic analysis, carried out with Generalized Stochastic Petri nets, quantitatively estimates the minimisation of attack damages into the crude-oil network.

show abstract

“…This analysis model is based on use case models following the notation and modelling of the new UML profile defined for this purpose in which we can formally model all the information of the system in order to develop use case diagrams. In this activity, which has been defined in depth in [38], we build the use cases diagrams by following the steps and tasks described in the process. It is in the analysis activity tasks of "Building secure mobile Grid UC diagram" and "Identifying secure mobile Grid UC" that the UML profile is used to build use cases diagrams for mobile Grid systems.…”

Section: Extension For Specification Of Grid Use Cases For Secure Mobmentioning

confidence: 99%

Towards a UML Extension of Reusable Secure Use Cases for Mobile Grid Systems

Rosado

Fernández‐Medina

López

2011

IEICE Trans. Inf. & Syst.

Self Cite

View full text Add to dashboard Cite

SUMMARYThe systematic processes exactly define the development cycle and help the development team follow the same development strategies and techniques, thus allowing a continuous improvement in the quality of the developed products. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Grid systems allow us to build very complex information systems with different and remarkable features (interoperability between multiple security domains, cross-domain authentication and authorization, dynamic, heterogeneous and limited mobile devices, etc). With the development of wireless technology and mobile devices, the Grid becomes the perfect candidate for letting mobile users make complex works that add new computational capacity to the Grid. A methodology of development for secure mobile Grid systems is being defined. One of the activities of this methodology is the requirements analysis which is based in reusable use cases. In this paper, we will present a UML-extension for security use cases and Grid use case which capture the behaviour of this kind of systems. A detailed description of all these new use cases defined in the UML extension is necessary, describing the stereotypes, tagged values, constraints and graphical notation. We show an example of how to apply and use this extension for building the diagram of use cases and incorporating common security aspects for this kind of systems. Also, we will see how the diagrams built can be reused in the construction of others diagrams saving time and effort in this task.

show abstract

Analysis of Secure Mobile Grid Systems: A systematic approach

Cited by 21 publications

References 38 publications

A framework to support selection of cloud providers based on security and privacy requirements

A framework to support selection of cloud providers based on security and privacy requirements

Modelling Security of Critical Infrastructures: A Survivability Assessment

Towards a UML Extension of Reusable Secure Use Cases for Mobile Grid Systems

Contact Info

Product

Resources

About