Learn More
The protection and security of critical in-frastructures are important parts of Homeland Defense. Adequate means for analyzing the security risks of such infrastructures is a prerequisite for properly understanding the security needs and for maintaining appropriate incident preparedness. Risk management is coordinated activities to direct and control an(More)
Risk analysis and testing are conducted for different purposes. Risk analysis and testing nevertheless involve processes that may be combined to the benefit of both. We may use testing to support risk analysis and risk analysis to support testing. This paper surveys literature on the combined use of risk analysis and testing. First, the existing approaches(More)
We present an approach for secure information flow property preserving refinement and transformation of UML inspired interaction diagrams.The approach is formally underpinned by trace-semantics.The semantics is sufficiently expressive to distinguish underspecification from explicit nondeterminism. A running example is used to introduce the approach and to(More)
We address the problem of maintaining information flow security under refinement and transformation. To this end we define a schema for the specification of secure information flow properties and show that all security properties defined in the schema are preserved by a notion of refinement. Refinement is a process that requires human guidance and is in(More)
Risk management is coordinated activities to direct and control an organization with regard to risk, and includes the identification, analysis and mitigation of unacceptable risks. For critical infrastruc-tures consisting of interdependent systems, risk analysis and mitigation is challenging because the overall risk picture can be strongly affected by(More)
STAIRS is a formal approach to system development with UML 2.1 sequence diagrams that supports an incremental and modular development process. STAIRS is underpinned by denotational and operational semantics that have been proved to be equivalent. STAIRS is more expressive than most approaches with a formal notion of refinement. STAIRS supports a stepwise(More)
We address three main problems regarding the use of the traditional dataflow language (TDL) for modelling large and dynamic networks: • The problem of scalability. The concepts and notations of TDL do not scale well. Thus TDL specifications may get large (space consuming) and chaotic. • The problem of generality. TDL does not have the expressibility for(More)