Virginia N. L. Franqueira

Learn More
Copyright and Moral Rights for the articles on this site are retained by the individual authors and/or other copyright owners. For more information on Open Research Online's data policy on reuse of materials please consult the policies page. Abstract—When software systems are verified against security requirements, formal and informal arguments provide a(More)
(2011). Risk and argument: a risk-based argumentation method for practical security. Copyright and Moral Rights for the articles on this site are retained by the individual authors and/or other copyright owners. For more information on Open Research Online's data policy on reuse of materials please consult the policies page. Abstract—When showing that a(More)
 Risk management is a good tool for controlling risk but it has the inherent challenge of quantitatively estimating frequency and impact in an accurate and trustworthy way.  Quantifying the frequency and impact of potential security threats requires experience-based data which is limited and rarely reusable because it involves company confidential data. (More)
—Role-Based Access Control (RBAC) has been a success in terms of the amount of research that went into it, its uptake in international standards, and its adoption by major software vendors. Yet, RBAC remains complex to implement in user organizations. In this paper we review the state of the art of RBAC in terms of RBAC features, assumptions, strengths and(More)
Attackers take advantage of any security breach to penetrate an organisation perimeter and exploit hosts as stepping stones to reach valuable assets, deeper in the network. The exploitation of hosts is possible not only when vulnerabilities in commercial off-the-shelf (COTS) software components are present, but also, for example, when an attacker acquires a(More)
—Increasingly, organizations collaborate with other organizations in value webs with various arrangements, such as outsourcing, partnering, joint ventures, or subcontracting. As the Jericho Forum (an industry consortium of the Open Group) observed, in all these forms of collaboration, the boundaries between organizations become permeable and, as a(More)
Making well-founded security investment decisions is hard: several alternatives may need to be considered, the alternatives' space is often diffuse, and many decision parameters that are traded-off are uncertain or incomplete. We cope with these challenges by proposing a method that supports decision makers in the process of making well-founded and balanced(More)
Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the(More)