4,861 research outputs found
Automated Identification and Prioritization of Business Risks in e-service Networks
Modern e-service providers rely on service innovation to stay relevant. Once a new service package is designed, implementation-specific aspects such as value (co-)creation and cost/benefit analysis are investigated. However, due to time-to-market or competitive advantage constraints, innovative services are rarely assessed for potential risks of fraud before they are put out on the market. But these risks may result in loss of economic value for actors involved in the e-service’s provision.\ud
Our e3fraude3fraud approach automatically generates and prioritizes undesired-able scenarios from a business value model of the e-service, thereby drastically reducing the time needed to conduct an assessment. We provide examples from telecom service provision to motivate and illustrate the utility of the tool
Model-Based Security Testing
Security testing aims at validating software system requirements related to
security properties like confidentiality, integrity, authentication,
authorization, availability, and non-repudiation. Although security testing
techniques are available for many years, there has been little approaches that
allow for specification of test cases at a higher level of abstraction, for
enabling guidance on test identification and specification as well as for
automated test generation.
Model-based security testing (MBST) is a relatively new field and especially
dedicated to the systematic and efficient specification and documentation of
security test objectives, security test cases and test suites, as well as to
their automated or semi-automated generation. In particular, the combination of
security modelling and test generation approaches is still a challenge in
research and of high interest for industrial applications. MBST includes e.g.
security functional testing, model-based fuzzing, risk- and threat-oriented
testing, and the usage of security test patterns. This paper provides a survey
on MBST techniques and the related models as well as samples of new methods and
tools that are under development in the European ITEA2-project DIAMONDS.Comment: In Proceedings MBT 2012, arXiv:1202.582
Advanced Cloud Privacy Threat Modeling
Privacy-preservation for sensitive data has become a challenging issue in
cloud computing. Threat modeling as a part of requirements engineering in
secure software development provides a structured approach for identifying
attacks and proposing countermeasures against the exploitation of
vulnerabilities in a system . This paper describes an extension of Cloud
Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in
relation to processing sensitive data in cloud computing environments. It
describes the modeling methodology that involved applying Method Engineering to
specify characteristics of a cloud privacy threat modeling methodology,
different steps in the proposed methodology and corresponding products. We
believe that the extended methodology facilitates the application of a
privacy-preserving cloud software development approach from requirements
engineering to design
- …