Engineering Secure Future Internet Services and Systems

1. Front Matter

   PDF

2. A Structured Comparison of Security Standards

   • Kristian Beckers, Isabelle Côté, Stefan Fenz, Denis Hatebur, Maritta Heisel

   Pages 1-34

3. Empirical Assessment of Security Requirements and Architecture: Lessons Learned

   • Riccardo Scandariato, Federica Paci, Le Minh Sang Tran, Katsiaryna Labunets, Koen Yskout, Fabio Massacci et al.

   Pages 35-64

4. STS-Tool: Security Requirements Engineering for Socio-Technical Systems

   • Elda Paja, Fabiano Dalpiaz, Paolo Giorgini

   Pages 65-96

5. Model-Driven Development of a Secure eHealth Application

   • Miguel A. García de Dios, Carolina Dania, David Basin, Manuel Clavel

   Pages 97-118

6. Modeling Security Features of Web Applications

   • Marianne Busch, Nora Koch, Santiago Suppan

   Pages 119-139

7. On the Synthesis of Secure Services Composition

   • Jose A. Martín, Fabio Martinelli, Ilaria Matteucci, Ernesto Pimentel, Mathieu Turuani

   Pages 140-159

8. Privacy and Access Control in Federated Social Networks

   • Animesh Pathak, George Rosca, Valerie Issarny, Maarten Decat, Bert Lagaisse

   Pages 160-179

9. Engineering Trust-Awareness and Self-adaptability in Services and Systems

   • Francisco Moyano, Carmen Fernandez-Gago, Benoit Baudry, Javier Lopez

   Pages 180-209

10. Validation of Access Control Systems

    • Antonia Bertolino, Traon Yves Le, Francesca Lonetti, Eda Marchetti, Tejeddine Mouelhi

    Pages 210-233

11. Evaluation of Engineering Approaches in the Secure Software Development Life Cycle

    • Marianne Busch, Nora Koch, Martin Wirsing

    Pages 234-265

12. A Toolchain for Designing and Testing Access Control Policies

    • Antonia Bertolino, Marianne Busch, Said Daoudagh, Francesca Lonetti, Eda Marchetti

    Pages 266-286

13. Verification of Authorization Policies Modified by Delegation

    • Marina Egea, Fabian Büttner

    Pages 287-314

14. ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System

    • Kristian Beckers, Maritta Heisel, Bjørnar Solhaug, Ketil Stølen

    Pages 315-344

15. Divide and Conquer – Towards a Notion of Risk Model Encapsulation

    • Atle Refsdal, Øyvind Rideng, Bjørnar Solhaug, Ketil Stølen

    Pages 345-365

16. Preserving Data Privacy in e-Health

    • Riccardo Conti, Alessio Lunardelli, Ilaria Matteucci, Paolo Mori, Marinella Petrocchi

    Pages 366-392

17. Back Matter

    PDF

This State-of-the-Art Survey contains a selection of papers representing state-of-the-art results in the engineering of secure software-based Future Internet services and systems, produced by the NESSoS project researchers. The engineering approach of the Network of Excellence NESSoS, funded by the European Commission, is based on the principle of addressing security concerns from the very beginning in all software development phases, thus contributing to reduce the amount of software vulnerabilities and enabling the systematic treatment of security needs through the engineering process. The 15 papers included in this volume deal with the main NESSoS research areas: security requirements for Future Internet services; creating secure service architectures and secure service design; supporting programming environments for secure and composable services; enabling security assurance and integrating former results in a risk-aware and cost-aware software life-cycle.

• Web applications
• Web protocol security
• access control
• empirical research
• model checking
• risk management
• social network security and privacy
• software architecture
• unified modeling language (UML)

• INKO, Software Engineering, Universität Duisburg-Essen, Duisburg, Germany

  Maritta Heisel

• Department of Computer Science, KU Leuven, Heverlee, Belgium

  Wouter Joosen

• Computer Science Department, Network, Information and Computer Security Lab, University of Malaga, Malaga, Spain

  Javier Lopez

• Istituto di Informatica e Telematica (IIT), Consiglio Nazionale delle Ricerche (CNR), Pisa, Italy

  Fabio Martinelli

Policies and ethics