U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Architectural Risk Analysis - References

Published: November 04, 2005

Author(s): Steven Lavenhar and Gary McGraw SDLC Life Cycles: Architecture Copyright: Copyright © Cigital, Inc. 2005-2007. Cigital retains copyrights to this material.

Abstract

Content area bibliography.

Anderson, Ross J. & Anderson, Ross. Security Engineering: A Guide to Building Dependable Distributed Systems. New York, NY: John Wiley & Sons, 2001.

Arlat, J; Aguera, M.; Amat, L.; Crouzet, Y.; Fabre, J.-C.; Laprie, J.-C.; Martins, E.; & Powell, D. "Fault Injection for Dependability Validation: A Methodology and Some Applications." IEEE Transactions on Software Engineering 16, 2 (February 1990): 166-82.

Bass, L.; Clements, P.; & Kazman, R. Software Architecture in Practice, 2nd ed. Reading, MA: Addison-Wesley, 2003.

Bedford, Tim & Cooke, Roger. Probabilistic Risk Analysis : Foundations and Methods. Cambridge, UK: Cambridge University Press, 2001.

Bishop, Matt. Computer Security: Art and Science. Boston, MA: Addison-Wesley Professional, 2002.

Bishop, Matt. Introduction to Computer Security. Boston, MA: Addison-Wesley Professional, 2004.

Clements, Paul; Bachmann, Felix; Bass, Len; Garlan, David; Ivers, James; Little, Reed; Nord, Robert; & Stafford, Judith. Documenting Software Architectures: Views and Beyond. Boston, MA: Addison-Wesley Professional, 2002.

Costello, Daniel J., Jr.; Hagenauer, Joachim; Imai, Hideki; & Wicker, Stephen B. “Applications of Error-Control Coding.” IEEE Transactions of Information Theory 44, 6 (October 1998): 2531-2560.

Evans, Eric. Domain-Driven Design: Tackling Complexity in the Heart of Software. Boston, MA: Addison-Wesley Professional, 2003.

Ferraiolo, David F.; Kuhn, D. Richard; & Chandramouli, Ramaswamy. Role-Based Access Control. Artech House Publishers, 2003.

Fowler, Martin. Patterns of Enterprise Application Architecture. Boston, MA: Addison-Wesley Professional, 2002.

Graff, Mark G. & Van Wyk, Kenneth R. Secure Coding: Principles and Practices. Sebastopol, CA: O’Reilly, 2003.

Hoglund, Greg & McGraw, Gary. Exploiting Software: How to Break Code. Boston, MA: Addison-Wesley Professional, 2004.

Hohpe, Gregor & Woolf, Bobby. Enterprise Integration Patterns: Designing, Building, and Deploying Messaging Solutions. Boston, MA: Addison-Wesley Professional, 2003.

Howard, Michael & LeBlanc, David C. Writing Secure Code, 2nd ed. Redmond, WA: Microsoft Press, 2002.

Ippolito, L. M. & Wallace, D. R. A Study on Hazard Analysis in High Integrity Software: Software Standards and Guidelines (NIS-TIR 5589). Gaithersburg, MD: National Institute of Standards and Technology, 1995.

Jones, Andy & Ashenden, Debi. Risk Management for Computer Security: Protecting Your Network & Information Assets. Burlington, MA: Butterworth-Heinemann, 2005.

Kaner, Cem. “Accountability for Defects in Commercial Software: Controversy Over the Ground Rules.” Colloquium at Carnegie Mellon University, Pittsburgh, PA, 2004.

Kazman, R.; Klein, M.; & Clements, P. ATAM: Method for Architecture Evaluation (CMU/SEI-2000-TR-004, ADA382629). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2000. http://www.sei.cmu.edu/publications/documents/00.reports/00tr004.html.

Kerievsky, Joshua. Refactoring to Patterns. Boston, MA: Addison-Wesley Professional, 2004.

King, Christopher; Osmanoglu, Ertem; & Dalton, Curtis. Security Architecture: Design, Deployment and Operations. Emeryville, CA: Osborne/McGraw-Hill, 2001.

Koller, Glenn Robert. Risk Assessment and Decision Making in Business and Industry: A Practical Guide. Boca Raton, FL: CRC Press, 1999.

Koziol, Jack; Litchfield, David; Aitel, Dave; Anley, Chris; Eren, Sinan “noir”; Mehta, Neel; & Hassell, Riley. The Shellcoder’s Handbook: Discovering and Exploiting Security Holes. New York, NY: John Wiley & Sons, 2004.

Kumamoto, Hiromitsu & Henley, Ernest J. Probablistic Risk Assessment and Management for Engineers and Scientists, 2nd ed. New York, NY: Wiley-IEEE Press, 2000.

Landwehr, Carl E.; Bull, A. R.; McDermott, J. P.; & Choi, W. S. A Taxonomy of Computer Security Flaws, with Examples (Naval Research Laboratory Report No. NRL/FR/5542-93/9591). Washington, DC: Naval Research Laboratory, 1993.

Lopez, M. An Evaluation Theory Perspective of the Architecture Tradeoff Analysis Method (ATAM) (CMU/SEI-2000-TR-012, ADA387265). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2000. http://www.sei.cmu.edu/publications/documents/00.reports/00tr012.html.

McConnell, Steve. Code Complete, 2nd ed. Redmond, WA: Microsoft Press, 2004.

McGraw, Gary. “Managing Software Security Risks.” Computer 35, 4 (March 2002): 99-101.

Neumann, Peter G. Computer-Related Risks. Boston, MA: Addison-Wesley Professional, 1994.

Peikari, Cyrus & Chuvakin, Anton. Security Warrior. Sebastopol, CA: O’Reilly, 2004.

Ramachandran, Jay. Designing Security Architecture Solutions. New York, NY: John Wiley & Sons, 2002.

Rubin, Aviel D. White-Hat Security Arsenal: Tackling the Threats. Boston, MA: Addison-Wesley Professional, 2001.

Swiderski, Frank & Snyder, Window. Threat Modeling. Redmond, WA: Microsoft Press, 2004.

Viega, John & McGraw, Gary. Building Secure Software: How to Avoid Security Problems the Right Way. Boston, MA: Addison-Wesley Professional, 2001.

Voas, Jeffrey M. & McGraw, Gary. Software Fault Injection: Inoculating Programs Against Errors. New York, NY: John Wiley & Sons, 1998.

Voas, Jeffrey M. & Miller, Keith W. “Using Fault Injection to Assess Software Engineering Standards,” 139-145. Proceedings of the Second IEEE International Software Engineering Standards Symposium. Montreal, Quebec, Aug. 21-25, 1995. New York, NY: IEEE Computer Society Press, 1995.

Zuse, Horst. Software Complexity: Measures and Methods. Berlin, Germany: W. de Gruyter, 1991.


Back to Top