Content area bibliography.
Abrams, S.; Bloom, B.; Keyser, P.; Kimelman, D.; Nelson, E.; Neuberger, W.; Roth, T.; Simmonds, I.; Tang, S.; & Vlissides, J. “Architectural Thinking and Modeling with the Architects’ Workbench.” IBM Systems Journal, Special Issue on Model-Driven Software Development, 45, 3 (2006): 481.
Alexander, R.; Hall-May, M.; Despotou, G.; & Kelly, T. "Using Simulation to Evaluate Safety Policy for Systems of Systems.” 2nd International Workshop on Safety and Security of Multi Agent Systems (SASEMAS), 4th International Joint Conference on Autonomous Agents and Multiagent Systems. Utrecht, Netherlands, July 2005.
Balz, E. & Goll, J. “Use Case-based Fault Tree Analysis of Safety-Related Embedded Systems.” Proceedings Software Engineering and Applications, 2005.
Blackburn, Mark; Busser, Robert; Nauman, Aaron; & Chandramouli, Ramaswamy. Model-based Approach to Security Test Automation. National Institute of Standards and Technology, 2001.
Boudra, P. Jr. Report on Rules of System Composition: Principles of Secure System Design (I9 Technical Report 1-93, Library No. S-240, 330). Washington, DC: National Security Agency, Information Security Systems Organization, Office of Infosec Systems Engineering, March 1993.
Build Security In. "Assurance Cases," 2008.
Build Security In. "Code Analysis," 2008.
Build Security In. "Penetration Testing," 2008.
Build Security In. "Security Testing," 2008.
Damianou, N. “A Policy Framework for Management of Distributed Systems.” PhD diss., University of London, London, UK, 2002.
Damianou, N.; Dulay, N.; Lupu, E.; Sloman, M.; & Tonouchi, T. “Tools for Domain-Based Policy Management of Distributed Systems,” 203-217. Proceedings of the IEEE/IFIP Network Operations and Management Symposium. Florence, Italy, April 2002b. New York, NY: IEEE Computer Society Press, 2002.
Despotou, G.; Kolovos, D.; Paige, R.; Polack, F.; & Kelly, T. “Towards a Metamodel for Dependability Cases.” Presentation at the Object Management Group (OMG) 1st Software Assurance Workshop, Washington DC, March 2007.
Despotou, G.; Hall-May, M.; Kelly, T. “Eliciting Safety Policy and Balancing with Operational Fitness in Systems of Systems.” Proceedings of the 1st IEEE International Conference on Systems of Systems Engineering (SoSE). Los Angeles, CA, April 2006. Proceedings by IEEE SMC, ISBN 1-4244-0188-7.
Despotou, G. & Kelly, T. “An Argument Based Approach for Assessing Design Alternatives and Facilitating Trade-offs in Critical Systems.” Proceedings of the 24th International System Safety Conference (ISSC). Albuquerque, NM, August 2006. Proceedings published by the System Safety Society.
Despotou, G.; McDermid, J.; & Kelly, T. “Using Scenarios to Identify and Trade-off Dependability Objectives in Design.” Proceedings of the 23rd International System Safety Conference (ISSC). San Diego, CA, August 2005. Proceedings published by the System Safety Society.
Despotou, G.; Alexander, R.; Hall-May, M. “Key Concepts and Characteristics of Systems of Systems (SoS).” Defence and Aerospace Research Partnership (DARP-HIRTS), February 2003.
Fan, Chin-Feng, & Cheng, Chun-Yin. “Constraint-Based Software Specifications and Verification Using UML.” IEICE Transactions on Information and Systems E89–D, 6 (JUNE 2006): 1914-1922.
Fernandez, E. B.; Larrondo-Petrie, M. M.; Sorgente, T.; & Vanhilst, M. Ch. 5, “A Methodology to Develop Secure Systems Using Patterns.” Integrating Security and Software Engineering: Advances and Future Visions. Edited by Haralambos Mouratidis and Paolo Giorgini. Hershey, PA: Idea Group Publishing, 2007 (ISBN 1599041472).
FormalSystems. Oxford, England (2008).
Funes, Ana & George, Chris. Ch. 8, “Formal Foundations in RSL for UML Class Diagrams.” Formalizing UML Class Diagrams of UML and the Unified Process. Edited by Liliana Favre. IRM Press, 2003. (Also published as Technical Report 253 by UNU-IIST, P.O. Box 3058, Macau, May 2002.)
Hailpern, B. & Tarr, P. “Model-driven development: The good, the bad, and the ugly.” IBM Systems Journal, Special Issue on Model-Driven Software Development 45, 3 (2006): 451.
Hall, Anthony & Chapman, Rodrick. “Correctness by Construction: Developing a Commercial Secure System.” IEEE Software 19, 1 (Jan/Feb 2002): 18-25.
Hoglund, Greg & McGraw, Gary. Exploiting Software: How to Break Code. Boston, MA: Addison-Wesley Professional, 2004 (ISBN 0-201-78695-8).
IBM. IBM Systems Journal, Special Issue on Model-Driven Software Development 45, 3 (2006).
Jackson, David. CESG EAL4 Study: Study Report, S.P1273.40.1 Issue: 1.4 (Abridged). Praxis Critical Systems, September 22, 2004.
Jürjens, Jan. Secure Systems Development with UML. Berlin, Germany: Springer-Verlag, 2004.
Jürjens, Jan. “Sound Methods and Effective Tools for Model-based Security Engineering with UML.” 27th International Conference on Software Engineering. St.Louis, Missouri, May 15-21, 2005.
Kornecki, Andrew J. "Publications." Department of Computer and Software Engineering, Embry-Riddle Aeronautical University, 2006.
Kornecki, Andrew J. & Zalewski, Janusz. “Software Development Tool Qualification from the DO-178B Certification Perspective.” Crosstalk: The Journal of Defense Software Engineering, July, 2005.
Lang, Ulrich and Schreiner, Rudolf. “Model Driven Security Management: Making Security Management Manageable in Complex Distributed Systems.” Presented at the Modeling Security Workshop. Toulouse, France, September 2008.
Lang, Ulrich and Schreiner, Rudolf. “Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes.” Presented at The 1st ACM Workshop on Information Security Governance. Chicago, Illinois, November 2009.
Leveson, Nancy G. Safeware: System Safety and Computers. Reading, MA: Addison-Wesley Professional, 1995 (ISBN-0-201-11972-2).
Liang, Z. & Sekar, R. “Fast and automated generation of attack signatures: a basis for building self-protecting servers,” 213-222. Proceedings of the 12th ACM Conference on Computer and Communications Security. Alexandria, VA, November 07-11, 2005. New York, NY: ACM Press.
Liu, P.; Zang, W.; & Yu, M. “Incentive-based modeling and inference of attacker intent, objectives, and strategies.” ACM Transactions on Information Systems Security 8, 1 (Feb. 2005): 78-118.
Lodderstedt, T.;Basin, D. A.; & Doser, J. “SecureUML: A UML-based modeling language for model-driven security,” 426-441. Proceedings of the 5th International Conference on UML. Berlin, Germany: Springer Verlag, LNCS Vol. 2460, 2002.
Manadhata, P. & Wing, J. M. Measuring A System's Attack Surface (CMU-CS-04-102). School of Computer Science, Carnegie Mellon University, January 2004.
Mantel, Heiko. “On the Composition of Secure Systems.” 2002 IEEE Symposium on Security and Privacy. Oakland, CA, May 12-15, 2002.
McGraw, Gary. Software Security: Building Security In. Boston, MA: Addison-Wesley Professional, 2006 (ISBN 0-321-35670-5).
Neumann, Peter G. Principled Assuredly Trustworthy Composable Architectures (Final Report to DARPA, CDRL A001). Menlo Park, CA: Computer Science Laboratory, SRI International, December, 28, 2004.
Object Management Group. "Information About OMG's Specifications." Needham, MA (2008).
Object Management Group. "MDA Directory." Needham, MA (2008).
Paradis, Richard & Tran, Bambi. Balancing Security/Safety and Sustainability Objectives. Whole Building Design Guide (2007).
Riley, Mike. “A Special Guide-MDA and UML Tools: CASE 2.0—or the Developer's Dream.” Software Development Magazine (through Dr. Dobb’s Portal), March 9, 2006.
Ritter, Tom; Schreiner, Rudolf; and Lang, Ulrich. “Integrating Security Policies via Container Portable Interceptors.” IEEE Distributed Systems Online, vol. 7, no. 7, 2006, art. no. 0607-o7001.
Schechter, S. E. “Toward econometric models of the security risk from remote attacks.” IEEE Security & Privacy Magazine 3, 1 (Jan.-Feb. 2005): 40-44.
Sinha, A.; Williams, C. E.; & Santhanam, P. “A measurement framework for evaluating model-based test generation tools.” IBM Systems Journal, Special Issue on Model-Driven Software Development 45, 3 (2006): 501.
Spivey, J. M. The Z Notation: A Reference Manual, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1992.
Srivatanakul, Thitima; Clark, John A.; Stepney, Susan; & Polack, Fiona. “Challenging Formal Specifications by Mutation: A CSP Security Example,” 340-350. Proceedings of the Tenth Asia-Pacific Software Engineering Conference (APSEC'03). December 10-13, 2003. New York, NY: IEEE Computer Society Press, 2003.
Stavridou, Victoria & Dutertre, Bruno. “From Security to Safety and Back,” 182-195. Computer Security, Dependability, and Assurance: From Needs to Solutions. New York, NY: IEEE Computer Society Press, 1998.
Steffan, J. & Schumacher, M. “Collaborative Attack Modeling,” 253-259. Proceedings of the 2002 ACM Symposium on Applied Computing. Madrid, Spain, March 11-14, 2002. New York, NY: ACM Press, 2002.
Stroud, R.; Welch, I.; Warne, J.; & Ryan, P. “A qualitative analysis of the intrusion-tolerance capabilities of the MAFTIA architecture,” 453-461. 2004 International Conference on Dependable Systems and Networks. June 28-July 1, 2004. New York, NY: IEEE Computer Society Press, 2004.
Swiderski, Frank & Snyder, Window. Threat Modeling. Redmond, WA: Microsoft Press, 2004 (ISBN 0-735-61991-3).
Symposium on Usable Privacy and Security (SOUPS), July 6-8, 2005.
Swigart, Scott. “Gearing Up for Modeling, Microsoft Style.” Software Development Magazine (through Dr. Dobb’s Portal), March 9, 2006.
Viega, J.; Bloch, J. T.; & Chandra, P. “Applying Aspect-Oriented Programming to Security.” Cutter Journal 14, 2 (February 2001): 31-39.
Wagner, David; Foster, Jeffrey S.; Brewer, Eric A.; & Aiken, Alexander. “A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities.” Network and Distributed System Security Symposium (NDSS). Internet Society, 2000.
Weaver, Rob; Despotou, George; Kelly, Tim; & McDermid, John. “Combining Software Evidence - Arguments and Assurance.” Workshop in Realising Evidence Based Software Engineering (REBSE), 25th International Conference on Software Engineering. Saint Louis, MO. ACM SIGSOFT Software Engineering Notes 30 , 4 (July 2005) (ISBN 1-59593-121-X)
Copyright © Carnegie Mellon University 2005-2012.
This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at firstname.lastname@example.org.
The Build Security In (BSI) portal is sponsored by the U.S. Department of Homeland Security (DHS), National Cyber Security Division. The Software Engineering Institute (SEI) develops and operates BSI. DHS funding supports the publishing of all site content.
THIS MATERIAL OF CARNEGIE MELLON UNIVERSITY AND ITS SOFTWARE ENGINEERING INSTITUTE IS FURNISHED ON AN “AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.