We present a framework that supports an incremental and modular development process of secure software systems. The framework unifies the treatment of secure information flow properties and their relationship to refinement of underspecification, translation from one level of granularity to another, and composition.
Risk analysis and testing are conducted for different purposes. Risk analysis and testing nevertheless involve processes that may be combined to the benefit of both. We may use testing to support risk analysis and risk analysis to support testing. This paper surveys literature on the combined use of risk analysis and testing. First, the existing approaches… (More)
We present an approach for secure information flow property preserving refinement and transformation of UML inspired interaction diagrams.The approach is formally underpinned by trace-semantics.The semantics is sufficiently expressive to distinguish underspecification from explicit nondeterminism. A running example is used to introduce the approach and to… (More)
We address the problem of maintaining information flow security under refinement and transformation. To this end we define a schema for the specification of secure information flow properties and show that all security properties defined in the schema are preserved by a notion of refinement. Refinement is a process that requires human guidance and is in… (More)
STAIRS is a formal approach to system development with UML 2.1 sequence diagrams that supports an incremental and modular development process. STAIRS is underpinned by denotational and operational semantics that have been proved to be equivalent. STAIRS is more expressive than most approaches with a formal notion of refinement. STAIRS supports a stepwise… (More)
Risk management is coordinated activities to direct and control an organization with regard to risk, and includes the identification, analysis and mitigation of unacceptable risks. For critical infrastruc-tures consisting of interdependent systems, risk analysis and mitigation is challenging because the overall risk picture can be strongly affected by… (More)
We present a method for (1) specifying high-level security policies using UML sequence diagrams and (2) transforming high-level sequence diagram policies into low-level state machine policies that can be enforced by monitoring mechanisms. We believe that the method is both easy to use and useful since it automates much of the policy formalization process.