Towards a Model-driven based Security Framework

Abstract : In this paper, we propose a model-driven framework for security analysis. We present a security analysis process that begins from the design phase of the system architecture then allows performing several security analysis methods. Our approach presents mainly two advantages: First, it allows the traceability of the security analysis methods with the system architecture. Second, this framework can include several security analysis methods. Moreover it allows information reuse which is complicated when we use separate methods dedicated tools. Thus, we can have more consistent and accurate security analysis results for a system. We chose to implement two methods: A qualitative method named EBIOS which is simple and helps to identify areas of focus within the system. Then, to get more accurate results, we implement a quantitative method, the Attack trees. Attack trees can be automatically generated from the Ebios analysis phase and can be completed later on to get more specific results.
Document type :
Conference papers
Complete list of metadatas

Cited literature [18 references]  Display  Hide  Download

https://hal-cea.archives-ouvertes.fr/cea-01810074
Contributor : Önder Gürcan <>
Submitted on : Thursday, June 7, 2018 - 2:27:56 PM
Last modification on : Thursday, February 7, 2019 - 4:17:55 PM
Long-term archiving on : Saturday, September 8, 2018 - 1:59:38 PM

File

07323180.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : cea-01810074, version 1

Collections

Citation

Rouwaida Abdallah, Nataliya Yakymets, Agnes Lanusse. Towards a Model-driven based Security Framework. Model-Driven Engineering and Software Development (MODELSWARD), 2015 3rd International Conference on, Jul 2015, Kaufbeuren, Germany. ⟨cea-01810074⟩

Share

Metrics

Record views

69

Files downloads

118