- Start page
- About the project
- Project Partners
- Public Deliverables
- Organized Workshops
- SHIELDS Tools
- Certified Tools
- Related Projects
- Contact SHIELDS
- Private Area
|Functional and Secu-rity Test Automation with TestGen (TEG) Suite||Bachar Wehbi, Wissam Mallouli||In Proceedings of the Second Inter-national Workshop on Security in Model Driven Ar-chitecture (SEC-MDA 2010) held June 2010||
This short paper pre-sents TestGen (TEG) suite is a testing envi-ronment for Web ap-plications developed by Montimage.
|Tool-Supported Inspections: Using Security Models as Reading Support for Defect Detection||Christian Jung, Frank Elberzhager, Robert Eschbach - Fraunhofer IESE||In Proceedings of the Second Inter-national Workshop on Security in Model Driven Ar-chitecture (SEC-MDA 2010) June 2010||
This paper presents Defect, an inspection tool supporting inspection models developed to enhance the efficiency of the defect detection.
|Unified modeling of attacks, vulnerabilities and security activities||David Byers and Nahid Shahmehri||the 6th International Workshop on Software Engineering for Secure Systems (SESS'2010)||ISBN: 978-1-60558-965-7||
This paper presents a modeling language that can be used in place of four existing modeling languages: attack trees, vulnerability cause graphs, security activity graphs, and security goal indicator trees.
|Practical experience gained from passive testing of Web based systems||Alessandra Bagnato, Wissam Mallouli, Fabio Raiteri, Bachar Wehbi||International Workshop on Modelling and Detection of Vulnerabilities (MDV) 2010||ISBN: 978-0-7695-4050-4||This article describes the application of the TestInv-P passive testing tool as part of the testing phase of TXT e-tourism Web application. TestInv-P is a passive testing tool that monitors communication traces of an application during run-time and verifies whether it satisfies certain security-related invariants derived from SHIELDS models.|
|Practical Experience Gained from Modeling Security Goals: Using SGITs in an Industrial Project||Alessandra Bagnato, Frank Elberzhager, Fabio Raiteri, Christian Jung||ARES 2010 - International Conference on Availability, Reliability and Security. Krakow,Poland, February, 15th - 18th 2010||ISBN: 978-1-4244-5879-0, [DOI Bookmark]||
This article describes the modeling of such security-goal-based trees as part of requirements engineering. After the probands of our industry partner received training on existing security models, the necessary knowledge for creating security models was collected and applied. This resulted in three context-specific SGITs discussed in this article.
|Combining misuse cases with attack trees and security activity diagrams||Inger Anne Tøndel, Jostein Jensen, Lillian Røstad||2010 International Conference on Availability, Reliability and Security (ARES) Krakow, Poland, February 15-18||ISBN: 978-0-7695-3965-2, [DOI Bookmark]||
In this paper we present how misuse cases and attack trees can be linked to get a high-level view of the threats towards a system through misuse case diagrams and a more detailed view on each threat through attack trees.
|Security modelling and tool support advantages||Egil Trygve Baadshaug, Gencer Erdogan, Per Hâkon Meland||The Fourth International Workshop on Secure Software Engineering, Krakow, Poland, February 15-18||ISBN: 978-0-7695-3965-2, [DOI Bookmark]||
The purpose of this paper is to give an overview of some of the current approaches to graphical security modeling and present an initial study related to benefits of tool support.Our working hypothesis is that specialized security modeling tools will substantially outperform more general, prevailing tools, and we have sought indications of evidence for this claim.
|Idea: Reusability of threat models – two approaches with an experimental evaluation||Per Håkon Meland, Inger Anne Tøndel, Jostein Jensen||ESSoS – International Symposium on Engineering Secure Software Systems, February 03 – 04, 2010||ISBN: 978-3-642-11746-6||
This paper presents a controlled experiment with a qualitative evaluation of two approaches supporting threat modelling - reuse of categorised misuse case stubs and reuse of full misuse case diagrams.
|Progress report on the experimental evaluation of security inspection guidance||Frank Elberzhager, Marek Jawurek, Christian Jung, Alexander Klaus||ESEM 2009, Empirical Software Engineering and Measurement, Lake Buena Vista, FL, USA, 15-16 October 2009.||ISSN: 1938-6451, ISBN: 978-1-4244-4842-5, [DOI Bookmark]||In this paper, is sketched the initial experimental evaluation of VIDs and SIS with a group of software developers of an industrial project partner. It is presented the setup and the experiment's results. In addition, it describes the implications of our results on future work regarding the approach and further evaluation.|
|A qualitative evaluation of model-based security activities for software development||Erkuden Rios, Per Håkon Meland, Shanai Ardi, Alessandra Bagnato, Jostein Jensen , Wissam Mallouli, Fabio Raiteri, Txus Sanchez, Inger Anne Tøndel, Bachar Wehbi||SEC-MDA'09 Security in Model Driven Architecture, 24 June 2009, Enschede, Netherlands.||ISBN: 978-90-365-2857-3||
This paper gives an overview of the six security activities that are part of SHIELDS, and presents the results of a qualitative evaluation involving software developers from the industry.
|Software Vulnerabilities, Prevention and Detection Methods: A Review||Willy Jimenez, Amel Mammar, Ana Cavalli||SEC-MDA'09 Security in Model Driven Architecture, 24-June 2009, Enschede, Netherlands.||ISBN: 978-90-365-2857-3||
The paper presents a review on the existing methods and approach about the modelling and the detection of vulnerabilities.
|Modélisation et Détection Formelles de Vulnérabilités Logicielles par le Test Passif||Amel Mammar, Ana Cavalli, Edgardo Montes de Oca, Shanai Ardi, David Byers, Nahid Shahmehri||Conference: SAR-SSI 2009 (Security in Network Architectures and Information Systems) June 2009||ISBN: 2748348338||
Presentation of formal models and passive testing to detect vulnerabilities in C programs.
|Prioritisation and Selection of Software Security Activities||David Byers, Nahid Shahmehri||ARES 2009 – International Conference on Availability, Reliability and Security. Fukuoka, Japan, March 16-19, 2009.||ISBN: 9978-0-7695-3564-7 [DOI Bookmark]||
This paper describes a process for estimating relative costs of security activities, and based on security activity graphs, selecting the optimal set of activities that addresses a particular security problem.
|A post-mortem incident modelling method||Shanai Ardi, Nahid Shahmehri||ARES 2009 – International Conference on Availability, Reliability and Security. Fukuoka, Japan, March 16-19, 2009.||ISBN: 978-0-7695-3564-7 [DOI Bookmark]||
This paper describes the application of vulnerability cause graphs to incident management.
|Reusable Security Requirements for Healthcare Applications||Jostein Jensen, Inger Anne Tøndel, Martin Gilje Jaatun, Per Håkon Meland, Herbjørn Andresen||ARES 2009 – International Conference on Availability, Reliability and Security. Fukuoka, Japan, March 16-19, 2009.||Not yet available||
The paper mainly presents results from another EU project (MPOWER) but also introduces the SHIELDS repository as an example on how reusable security requirements can be shared between development projects, and how repository content (in this case requirements).
|An architectural foundation for security model sharing and reuse||Per Håkon Meland, Shanai Ardi, Jostein Jensen, Erkuden Rios, Txus Sanchez, Nahid Shahmehri and Inger Anne Tøndel||The third International Workshop on Secure Software Engineering (SecSe 2009). In conjunction with: ARES 2009. Fukuoka, Japan, March 18th, 2009.||ISBN: 978-0-7695-3564-7 [DOI Bookmark]||
The purpose of this paper is to explain the main reference architecture description of the SHIELDS repository and the more general tool stereotypes that can communicate with it.
|Software Inspections Using Guided Checklists to Ensure Security Goals||Frank Elberzhager, Alexander Klaus, Marek Jawurek||The third International Workshop on Secure Software Engineering (SecSe 2009).||ISBN: 978-0-7695-3564-7||
Introduction of Guided Checklists (GC) that support inspectors to find defects violating security goals, description of the elements of GC, how GC are developed and how GC are applied.
|Security Inspection Scenarios – A Facet of Security (Conducting Vulnerability-based Code Inspections)||Alexander Klaus, Frank Elberzhager||First International Conference on Advances in System Testing and Validation Lifecycle (VALID 09)||IEEE Computer Society Conferences Publishing Services, to be published||
In this paper, we show how to create Security Inspection Scenarios and demonstrate their usage with a short example. After analyzing the possible benefits of our approach, a proposal for an evaluation is presented. We assume our scenarios are able to support practitioners in a beneficial way and are applicable in most development lifecycles which are concerned with security aspects.
|A Passive Testing Approach for Security Checking and its Practical Usage for Web Services Monitoring||Ana Rosa Cavalli, Azzedine Benameur, Wissam Mallouli, Keqin Li||Conference: NOTERE 2009 (New Technologies of Distributed Systems)||Not yet available||
Presentation of a passive security testing approach for SOA and Web Services.
|Introducing vulnerability awareness to Common Criteria’s security targets||Shanai Ardi, Nahid Shahmehri||International Conference on Software Engineering Advances (ICSEA) 2009||Not yet available||
This paper presents a methodology to introduce information about threats from vulnerabilities to Common Criteria. The methodology uses vulnerability cause graphs and security activity graphs.
|Security Goal Indicator Trees: A Model of Software Features that Supports Efficient Security Inspection||Holger Peine, Marek Jawurek, Stefan Mandel||HASE 2008, High Assurance Systems Engineering Symposium Nanjing, China December 3-5, 2008||ISBN: 978-0-7695-3482-4||
Introduction to a new model that features positive and negative indicators, allowing for efficient inspection of security goal achievement throughout the Software Development Lifecycle.
|Two Complementary Tools for the Formal Testing of Distributed Systems with Time Constraints||Ana Rosa Cavalli, Edgardo Montes de Oca, Wissam Mallouli and Mounir Lallal||Conference: DS-RT 2008 The 12-th IEEE International Symposium on Distributed Simulation and Real Time Applications October 27 - 29, 2008||ISSN: 1550-6525 ISBN: 978-0-7695-3425-1||
Presentation of the techniques and tools (TestGen and TestInv) used in active and passive testing of real time systems and protocols.
|Modeling System Security Rules with Time Constraints Using Timed Extended Finite State Machines||Wissam Mallouli, Amel Mammar, Ana Rosa Cavalli||Conference: DS-RT 2008 The 12-th IEEE International Symposium on Distributed Simulation and Real Time Applications October 27 - 29, 2008||ISSN: 1550-6525, ISBN:978-0-7695-3425-1||
Presentation of techniques that allow integrating timed security rules described in the Nomad language, within a formal specification of the system.
|Use of invariant properties to evaluate the results of fault-injection-based robustness testing of protocol implementations||Ana Cavalli, Eliane Martins, Anderson Morais||The 4th Workshop on Advances in Model Based Testing (A-MOST 2008)||
The paper presents a previous work to SHIELDS, on the utilisation of a language based on invariants to describe expected properties and check after fault injection if the properties are valid. The invariant language is adapted in SHIELDS to the description of vulnerabilities.
|Integrating a security plug-in with the OpenUP/Basic development process||Shanai Ardi, Nahid Shahmehri||ARES 2008 – International Conference on Availability, Reliability and Security. Barcelona, Spain, March 4-7, 2008.||ISBN: 978-0-7695-3102-1 [DOI Bookmark]||
This paper describes how the S3P process, which is based on the use of vulnerability cause graphs and security activity graphs, can be used in conjunction with the OpenUP/Basic development process.
|A Cause-Based Approach to Preventing Software Vulnerabilities||David Byers, Nahid Shahmehri||ARES 2008 – International Conference on Availability, Reliability and Security. Barcelona, Spain, March 4-7, 2008.||ISBN: 978-0-7695-3102-1 [DOI Bookmark]||
This paper describes the security activity graph formalism, and its application to the S3P software process improvement process. It was awarded “best paper” at ARES 2008.
|Design of a Process for Software Security||David Byers, Nahid Shahmehri||ARES 2007– International Conference on Availability, Reliability and Security. Vienna, Austria, April 10-13, 2007||ISBN: 0-7695-2775-2 [DOI Bookmark]||
This paper contains the rationale behind the design of the S3P software process improvement process.
|Towards a Structured Unified Process for Software Security||Shanai Ardi, David Byers, Nahid Shahmehri||ICSE Workshop on Software Engineering for Secure Systems 2006||ISBN: 1-59593-375-1 [DOI Bookmark]||
This paper introduces the concepts of vulnerability cause graphs and security activity graphs, and how they might be used in software development.
|Modeling Software Vulnerabilities with Vulnerability Cause Graphs||David Byers, Shanai Ardi, Nahid Shahmehri, Claudiu Duma||International Conference on Software Maintenance 2006||ISBN: 0-7695-2354-4 [DOI Bookmark]||
This paper describes the vulnerability cause graph formalism, and its application to the S3P software process improvement process.
|A Model and Implementation of a Security plug-in for the Software Life Cycle||Shanai Ardi||Licentiate Thesis||ISBN: 978-91-7393-956-0 [DOI Bookmark]||
This thesis describes the S3P and its application to the OpenUP/Basic development process, as well as generic issues related to applying S3P to any software lifecycle process.