Note: This page is part of the archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact if you have any questions about the US-CERT website archive.

Note: This page is part of the archive.

This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact if you have any questions about the US-CERT website archive.

Modeling Tools References

Author(s): Samuel T. Redwine Maturity Levels and Audience Indicators: / E  SDLC Life Cycles: Design  Copyright: Copyright © Carnegie Mellon University 2005-2012.


Content area bibliography.


[Abrams 2006]
Abrams, S.; Bloom, B.; Keyser, P.; Kimelman, D.; Nelson, E.; Neuberger, W.; Roth, T.; Simmonds, I.; Tang, S.; & Vlissides, J. “Architectural Thinking and Modeling with the Architects’ Workbench.” IBM Systems Journal, Special Issue on Model-Driven Software Development, 45, 3 (2006): 481.

[Alexander 2005]
Alexander, R.; Hall-May, M.; Despotou, G.; & Kelly, T. "Using Simulation to Evaluate Safety Policy for Systems of Systems.” 2nd International Workshop on Safety and Security of Multi Agent Systems (SASEMAS), 4th International Joint Conference on Autonomous Agents and Multiagent Systems. Utrecht, Netherlands, July 2005.

[Balz 2005]
Balz, E. & Goll, J. “Use Case-based Fault Tree Analysis of Safety-Related Embedded Systems.” Proceedings Software Engineering and Applications, 2005.

[Blackburn 2001]
Blackburn, Mark; Busser, Robert; Nauman, Aaron; & Chandramouli, Ramaswamy. Model-based Approach to Security Test Automation. National Institute of Standards and Technology, 2001.

[Boudra 1993]
Boudra, P. Jr. Report on Rules of System Composition: Principles of Secure System Design (I9 Technical Report 1-93, Library No. S-240, 330). Washington, DC: National Security Agency, Information Security Systems Organization, Office of Infosec Systems Engineering, March 1993.

[BSI 2008a]
Build Security In. "Assurance Cases," 2008.

[BSI 2008b]
Build Security In. "Code Analysis," 2008.

[BSI 2008c]
Build Security In. "Penetration Testing," 2008.

[BSI 2008d]
Build Security In. "Security Testing," 2008.

[Damianou 2002a]
Damianou, N. “A Policy Framework for Management of Distributed Systems.” PhD diss., University of London, London, UK, 2002.

[Damianou 2002b]
Damianou, N.; Dulay, N.; Lupu, E.; Sloman, M.; & Tonouchi, T. “Tools for Domain-Based Policy Management of Distributed Systems,” 203-217. Proceedings of the IEEE/IFIP Network Operations and Management Symposium. Florence, Italy, April 2002b. New York, NY: IEEE Computer Society Press, 2002.

[Despotou 2007]
Despotou, G.; Kolovos, D.; Paige, R.; Polack, F.; & Kelly, T. “Towards a Metamodel for Dependability Cases.” Presentation at the Object Management Group (OMG) 1st Software Assurance Workshop, Washington DC, March 2007.

[Despotou 2006a]
Despotou, G.; Hall-May, M.; Kelly, T. “Eliciting Safety Policy and Balancing with Operational Fitness in Systems of Systems.” Proceedings of the 1st IEEE International Conference on Systems of Systems Engineering (SoSE). Los Angeles, CA, April 2006. Proceedings by IEEE SMC, ISBN 1-4244-0188-7.

[Despotou 2006b]
Despotou, G. & Kelly, T. “An Argument Based Approach for Assessing Design Alternatives and Facilitating Trade-offs in Critical Systems.” Proceedings of the 24th International System Safety Conference (ISSC). Albuquerque, NM, August 2006. Proceedings published by the System Safety Society.

[Despotou 2005]
Despotou, G.; McDermid, J.; & Kelly, T. “Using Scenarios to Identify and Trade-off Dependability Objectives in Design.” Proceedings of the 23rd International System Safety Conference (ISSC). San Diego, CA, August 2005. Proceedings published by the System Safety Society.

[Despotou 2003]
Despotou, G.; Alexander, R.; Hall-May, M. “Key Concepts and Characteristics of Systems of Systems (SoS).” Defence and Aerospace Research Partnership (DARP-HIRTS), February 2003.

[Fan 2006]
Fan, Chin-Feng, & Cheng, Chun-Yin. “Constraint-Based Software Specifications and Verification Using UML.” IEICE Transactions on Information and Systems E89–D, 6 (JUNE 2006): 1914-1922.

[Fernandez 2007]
Fernandez, E. B.; Larrondo-Petrie, M. M.; Sorgente, T.; & Vanhilst, M. Ch. 5, “A Methodology to Develop Secure Systems Using Patterns.” Integrating Security and Software Engineering: Advances and Future Visions. Edited by Haralambos Mouratidis and Paolo Giorgini. Hershey, PA: Idea Group Publishing, 2007 (ISBN 1599041472).

[FormalSystems 2008]
FormalSystems. Oxford, England (2008).

[Funes 2002]
Funes, Ana & George, Chris. Ch. 8, “Formal Foundations in RSL for UML Class Diagrams.” Formalizing UML Class Diagrams of UML and the Unified Process. Edited by Liliana Favre. IRM Press, 2003. (Also published as Technical Report 253 by UNU-IIST, P.O. Box 3058, Macau, May 2002.)

[Hailpern 2006]
Hailpern, B. & Tarr, P. Model-driven development: The good, the bad, and the ugly.” IBM Systems Journal, Special Issue on Model-Driven Software Development 45, 3 (2006): 451.

[Hall 2002]
Hall, Anthony & Chapman, Rodrick. “Correctness by Construction: Developing a Commercial Secure System.” IEEE Software 19, 1 (Jan/Feb 2002): 18-25.

[Hoglund 2004]
Hoglund, Greg & McGraw, Gary. Exploiting Software: How to Break Code. Boston, MA: Addison-Wesley Professional, 2004 (ISBN 0-201-78695-8).

[IBM 2006]
IBM. IBM Systems Journal, Special Issue on Model-Driven Software Development 45, 3 (2006).

[Jackson 2004]
Jackson, David. CESG EAL4 Study: Study Report, S.P1273.40.1 Issue: 1.4 (Abridged). Praxis Critical Systems, September 22, 2004.

[Jürjens 2004]
Jürjens, Jan. Secure Systems Development with UML. Berlin, Germany: Springer-Verlag, 2004.

[Jürjens 2005]
Jürjens, Jan. “Sound Methods and Effective Tools for Model-based Security Engineering with UML.” 27th International Conference on Software Engineering. St.Louis, Missouri, May 15-21, 2005.

[Kornecki 2006]
Kornecki, Andrew J. "Publications." Department of Computer and Software Engineering, Embry-Riddle Aeronautical University, 2006.

[Kornecki 2005]
Kornecki, Andrew J. & Zalewski, Janusz. “Software Development Tool Qualification from the DO-178B Certification Perspective.” Crosstalk: The Journal of Defense Software Engineering, July, 2005.

[Lang 2008]
Lang, Ulrich and Schreiner, Rudolf. “Model Driven Security Management: Making Security Management Manageable in Complex Distributed Systems.” Presented at the Modeling Security Workshop. Toulouse, France, September 2008.

[Lang 2009]
Lang, Ulrich and Schreiner, Rudolf. “Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes.” Presented at The 1st ACM Workshop on Information Security Governance. Chicago, Illinois, November 2009.

[Leveson 1995]
Leveson, Nancy G. Safeware: System Safety and Computers. Reading, MA: Addison-Wesley Professional, 1995 (ISBN-0-201-11972-2).

[Liang 2005]
Liang, Z. & Sekar, R. “Fast and automated generation of attack signatures: a basis for building self-protecting servers,” 213-222. Proceedings of the 12th ACM Conference on Computer and Communications Security. Alexandria, VA, November 07-11, 2005. New York, NY: ACM Press.

[Liu 2005]
Liu, P.; Zang, W.; & Yu, M. “Incentive-based modeling and inference of attacker intent, objectives, and strategies.” ACM Transactions on Information Systems Security 8, 1 (Feb. 2005): 78-118.

[Lodderstedt 2002]
Lodderstedt, T.;Basin, D. A.; & Doser, J. “SecureUML: A UML-based modeling language for model-driven security,” 426-441. Proceedings of the 5th International Conference on UML. Berlin, Germany: Springer Verlag, LNCS Vol. 2460, 2002.

[Manadhata 2004]
Manadhata, P. & Wing, J. M. Measuring A System's Attack Surface (CMU-CS-04-102). School of Computer Science, Carnegie Mellon University, January 2004.

[Mantel 2002]
Mantel, Heiko. “On the Composition of Secure Systems.” 2002 IEEE Symposium on Security and Privacy. Oakland, CA, May 12-15, 2002.

[McGraw 2006]
McGraw, Gary. Software Security: Building Security In. Boston, MA: Addison-Wesley Professional, 2006 (ISBN 0-321-35670-5).

[Neumann 2004]
Neumann, Peter G. Principled Assuredly Trustworthy Composable Architectures (Final Report to DARPA, CDRL A001). Menlo Park, CA: Computer Science Laboratory, SRI International, December, 28, 2004.

[OMG 2008a]
Object Management Group. "Information About OMG's Specifications." Needham, MA (2008).

[OMG 2008b]
Object Management Group. "MDA Directory." Needham, MA (2008).

[Paradis 2007]
Paradis, Richard & Tran, Bambi. Balancing Security/Safety and Sustainability Objectives. Whole Building Design Guide (2007).

[Riley 2006]
Riley, Mike. “A Special Guide-MDA and UML Tools: CASE 2.0—or the Developer's Dream.” Software Development Magazine (through Dr. Dobb’s Portal), March 9, 2006.

[Ritter 2009]
Ritter, Tom; Schreiner, Rudolf; and Lang, Ulrich. “Integrating Security Policies via Container Portable Interceptors.” IEEE Distributed Systems Online, vol. 7, no. 7, 2006, art. no. 0607-o7001.

[Schechter 2005]
Schechter, S. E. “Toward econometric models of the security risk from remote attacks.”  IEEE Security & Privacy Magazine 3, 1 (Jan.-Feb. 2005): 40-44.

[Sinha 2006]
Sinha, A.; Williams, C. E.; & Santhanam, P. “A measurement framework for evaluating model-based test generation tools.” IBM Systems Journal, Special Issue on Model-Driven Software Development 45, 3 (2006): 501.

[Spivey 1992]
Spivey, J. M. The Z Notation: A Reference Manual, 2nd ed. Englewood Cliffs, NJ: Prentice-Hall, 1992.

[Srivatanakul 2003]
Srivatanakul, Thitima; Clark, John A.; Stepney, Susan; & Polack, Fiona. “Challenging Formal Specifications by Mutation: A CSP Security Example,” 340-350. Proceedings of the Tenth Asia-Pacific Software Engineering Conference (APSEC'03). December 10-13, 2003. New York, NY: IEEE Computer Society Press, 2003.

[Stavridou 1998]
Stavridou, Victoria & Dutertre, Bruno. “From Security to Safety and Back,” 182-195. Computer Security, Dependability, and Assurance: From Needs to Solutions. New York, NY: IEEE Computer Society Press, 1998.

[Steffan 2002]
Steffan, J. & Schumacher, M. “Collaborative Attack Modeling,” 253-259. Proceedings of the 2002 ACM Symposium on Applied Computing. Madrid, Spain, March 11-14, 2002. New York, NY: ACM Press, 2002.

[Stroud 2004]
Stroud, R.; Welch, I.; Warne, J.; & Ryan, P. “A qualitative analysis of the intrusion-tolerance capabilities of the MAFTIA architecture,” 453-461. 2004 International Conference on Dependable Systems and Networks. June 28-July 1, 2004. New York, NY: IEEE Computer Society Press, 2004.

[Swiderski 2004]
Swiderski, Frank & Snyder, Window. Threat Modeling. Redmond, WA: Microsoft Press, 2004 (ISBN 0-735-61991-3).

[SOUPS 2005]
Symposium on Usable Privacy and Security (SOUPS), July 6-8, 2005.

[Swigart 2006]
Swigart, Scott. “Gearing Up for Modeling, Microsoft Style.” Software Development Magazine (through Dr. Dobb’s Portal), March 9, 2006.

[Viega 2001]
Viega, J.; Bloch, J. T.; & Chandra, P. “Applying Aspect-Oriented Programming to Security.” Cutter Journal 14, 2 (February 2001): 31-39.

[Wagner 2000]
Wagner, David; Foster, Jeffrey S.; Brewer, Eric A.; & Aiken, Alexander. “A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities.” Network and Distributed System Security Symposium (NDSS). Internet Society, 2000.

[Weaver 2005]
Weaver, Rob; Despotou, George; Kelly, Tim; & McDermid, John. “Combining Software Evidence - Arguments and Assurance.” Workshop in Realising Evidence Based Software Engineering (REBSE), 25th International Conference on Software Engineering. Saint Louis, MO. ACM SIGSOFT Software Engineering Notes 30 , 4 (July 2005) (ISBN 1-59593-121-X)