[CEUR Workshop Proceedings] Vol-413

Copyright © 2008 for the individual papers by the papers' authors. Copying permitted for private and academic purposes. Re-publication of material from this volume requires permission by the copyright owners.

Modeling Security

Proceedings of the Workshop on Modeling Security (MODSEC08) held as part of the 2008 International Conference on Model Driven Engineering Languages and Systems (MODELS)
Toulouse, France, September 28, 2008.

Edited by

Jon Whittle *
Jan Jürjens **
Bashar Nuseibeh **
Glen Dobson *

* Department of Computing, Lancaster University, UK
** Department of Computing, Open University, UK

Table of Contents

  1. SECTISSIMO: A Platform-Independent Framework for Security Services
    Mukhtiar Memon, Michael Hafner, Ruth Breu
  2. Specifying Security Aspects in UML Models
    Karine Peralta, Alex Orozco, Avelino Zorzo, Flavio Oliveira
  3. Transforming Security Audit Requirements into a Software Architecture
    Koen Yskout, Bart De Win, Wouter Joosen
  4. Mutating DAC and MAC Security Policies: A Generic Metamodel Based Approach
    Tejeddine Mouelhi, Franck Fleurey, Benoit Baudry, Yves Le Traon
  5. Experiences Threat Modeling at Microsoft
    Adam Shostack
  6. Using Common Criteria as Reusable Knowledge in Security Requirements Elicitation
    Motoshi Saeki, Haruhiko Kaiya
  7. Curriculum for Modeling Security: Experiences and Lessons Learned
    Haralambos Mouratidis
  8. A Security Domain Model for Implementing Trusted Subject Behaviors
    Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin
  9. Modeling Security Protocols using UML2
    Alain Beaulieu, Greg Phillips, Sandra Smith
  10. Modeling and Assessment of Systems Security
    Jonas Hallberg, Johan Bengtsson, Niklas Hallberg
  11. Model Driven Security Management: Making Security Management Manageable in Complex Distributed Systems
    Ulrich Lang, Rudolf Schreiner
  12. Towards an Integrated Framework for Model-Driven Security Engineering
    Jordit Cabot, Nicola Zannone
  13. Incorporating Security Requirements from Legal Regulations into UMLsec model
    Shareeful Islam, Jan Jürjens
  14. IT Security Risk Analysis based on Business Process Models enhanced with Security Requirements
    Stefan Taubenberger, Jan Jürjens
  15. Towards a Measurement Framework for Security Risk Management
    Nicolas Mayer, Eric Dubois, Raimundas Matulevicius, Patrick Heymans
  16. On the Inability of Existing Security Models to Cope with Data Mobility in Dynamic Organizations
    Trajce Dimkov, Qiang Tang, Pieter Hartel
  17. A Server Side SOA Meta Model for Assigning Aspect Services
    Andreas Ganser, Stefan Hurtz, Horst Lichter
  18. SPML: A Visual Approach for Modeling Firewall Configurations
    Kleber Trevisani, Rogério Garcia
  19. Automatic Generation of Secure Multidimensional Code for Data Warehouses by using QVT Transformations: an MDA Approach
    Carlos Blanco, Ignacio Garcia, Eduardo Fernandez-Medina, Juan Trujillo, Mario Piattini

29-Oct-2008: submitted by Jon Whittle
03-Nov-2008: published on CEUR-WS.org
10-Feb-2009: corrected name of paper 18