Risk as Dependability Metrics for the Evaluation of Business Solutions: A Model-driven Approach

Asnar, Yudistira; Moretti, Rocco; Sebastianis, Maurizio; Zannone, Nicola

doi:10.1109/ares.2008.17

Cited by 21 publications

(43 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It demonstrates how existing proposals can be adopted, integrated and extended in order to support the RE process in a large-scale research project. Section 4 reports the outcome of the application of these various methodologies and processes within the TAS 3 project. Section 5 presents guidelines for performing RE activities in large-scale research projects as we derive them from lessons learned.…”

Section: Introductionmentioning

confidence: 99%

“…Section 2 discusses the challenges of applying RE methodologies to large-scale research-oriented projects. Section 3 presents the RE methodologies and processes applied in the TAS 3 project. In particular, it investigates alternative proposals from researchers as well as industry best practices, for each RE activity.…”

Section: Introductionmentioning

confidence: 99%

“…In particular, the paper analyzes and discusses the challenges faced in the context of the TAS 3 project (http://www.tas3.eu), the RE process adopted to mitigate these challenges and an evaluation of the different RE activities. TAS 3 is an EU-integrated project focusing on the main security and privacy issues in distributed systems aiming to deploy a generic architecture for managing employability and healthcare personal information services. This project was initially conceived as an ''architecture-driven project''.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Requirements engineering within a large-scale security-oriented research project: lessons learned

Gürses

Seguran²,

Zannone

2011

Requirements Eng

Self Cite

View full text Add to dashboard Cite

Requirements engineering has been recognized as a fundamental phase of the software engineering process. Nevertheless, the elicitation and analysis of requirements are often left aside in favor of architecture-driven software development. This tendency, however, can lead to issues that may affect the success of a project. This paper presents our experience gained in the elicitation and analysis of requirements in a large-scale security-oriented European research project, which was originally conceived as an architecture-driven project. In particular, we illustrate the challenges that can be faced in large-scale research projects and consider the applicability of existing best practices and off-the-shelf methodologies with respect to the needs of such projects. We then discuss how those practices and methods can be integrated into the requirements engineering process and possibly improved to address the identified challenges. Finally, we summarize the lessons learned from our experience and the benefits that a proper requirements analysis can bring to a project.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Requirements engineering within a large-scale security-oriented research project: lessons learned

Gürses

Seguran²,

Zannone

2011

Requirements Eng

Self Cite

View full text Add to dashboard Cite

show abstract

“…Vulnerable actors take measures to mitigate perceived risks, by using locks on the doors, surveillance cameras, etc. Existing security requirements engineering frameworks focus on various aspects for eliciting security requirements, such as attacker behavior [29,31] and attacker goals [32], design of secure components [15], social aspects [18,11], and events that can cause system failure [1]. However, attacks and consequent security failures often take place because of the exploitation of weaknesses or backdoors within the system.…”

Section: Introductionmentioning

confidence: 99%

“…When the risk of an attack is higher than the risk tolerance of some stakeholder, analysts need to take the adequate measure to mitigate such risks [1]. A countermeasure is a protection mechanism employed to secure the system [30].…”

Section: Introductionmentioning

confidence: 99%

A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations

Elahi¹,

Zannone

2009

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. This paper proposes a vulnerability-centric modeling ontology, which aims to integrate empirical knowledge of vulnerabilities into the system development process. In particular, we identify the basic concepts for modeling and analyzing vulnerabilities and their effects on the system. These concepts drive the definition of criteria that make it possible to compare and evaluate security frameworks based on vulnerabilities. We show how the proposed modeling ontology can be adopted in various conceptual modeling frameworks through examples.

show abstract

Towards an Ontology for Privacy Requirements via a Systematic Literature Review

Gharib

Giorgini

Mylopoulos

2017

Conceptual Modeling

View full text Add to dashboard Cite

Risk as Dependability Metrics for the Evaluation of Business Solutions: A Model-driven Approach

Cited by 21 publications

References 8 publications

Requirements engineering within a large-scale security-oriented research project: lessons learned

Requirements engineering within a large-scale security-oriented research project: lessons learned

A Modeling Ontology for Integrating Vulnerabilities into Security Requirements Conceptual Foundations

Towards an Ontology for Privacy Requirements via a Systematic Literature Review

Contact Info

Product

Resources

About