Security Asset Elicitation for Collaborative Models
2012 (English)In: MDsec '12 Proceedings of the Workshop on Model-Driven Security, ACM Digital Library , 2012Conference paper (Refereed)
Building secure systems is a difficult job for most engineers since it requires in-depth understanding of security aspects. This task, however, can be assisted by capturing security knowledge in a particular domain and reusing the knowl- edge when designing applications. We use this strategy and employ an information security ontology to represent the se- curity knowledge. The ontology is associated with system designs which are modelled in collaborative building blocks specifying the behaviour of several entities. In this paper, we identify rules to be applied to the elements of collaborations in order to identify security assets present in the design. Further, required protection mechanisms are determined by applying a reasoner to the ontology and the obtained assets. We exemplify our approach with a case study from the smart metering domain.
Place, publisher, year, edition, pages
ACM Digital Library , 2012.
Model, domain, assets, security, ontology, smart grid, tools
Computer and Information Science
IdentifiersURN: urn:nbn:se:liu:diva-85226DOI: 10.1145/2422498.2422505ISBN: 978-1-4503-1806-8OAI: oai:DiVA.org:liu-85226DiVA: diva2:567123
Model-Driven Security Workshop