Journal Contents: International Journal of Secure Software Engineering (IJSSE)

View the International Journal of Secure Software Engineering (IJSSE) home page for complete details.
Volume 8 (2017)
Issue 1
Editorial Preface
Khaled M. Khan (Department of Computer Science and Engineering, Qatar University, Doha, Qatar)
Article 1
A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams (pages 1-27)
Tosin Daniel Oyetoyan (Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway), Martin Gilje Jaatun (Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway), Daniela Soares Cruzes (Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway)
Article 2
Jif-Based Verification of Information Flow Policies for Android Apps (pages 28-42)
Lina M. Jimenez (Systems and Computing Engineering Department, Universidad de los Andes, Bogotá, Colombia), Martin Ochoa (Singapore University of Technology and Design, Singapore), Sandra J. Rueda (Systems and Computing Engineering Department, Universidad de los Andes, Bogotá, Colombia)
Article 3
Case Study of Agile Security Engineering: Building Identity Management for a Government Agency (pages 43-57)
Kalle Rindell (Informaatioteknologian laitos, University of Turku, Turku, Finland), Sami Hyrynsalmi (Tampere University of Technology, Pori, Finland), Ville Leppänen (Informaatioteknologian laitos, University of Turku, Turku, Finland)
Issue 2
Secure Software Engineering is not About Security Features
Editorial Preface
Martin Gilje Jaatun (Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway)
Article 1
Designing Secure and Privacy-Aware Information Systems (pages 1-25)
Christos Kalloniatis (Department of Cultural Technology and Communication, University of the Aegean, Lesvos, Greece), Argyri Pattakou (Department of Cultural Technology and Communication, University of the Aegean, Lesvos, Greece), Evangelia Kavakli (Department of Cultural Technology and Communication, University of the Aegean, Lesvos, Greece), Stefanos Gritzalis (Department of Information and Communication Systems Engineering, University of the Aegean, Samos, Greece)
Article 2
Introducing a Novel Security-Enhanced Agile Software Development Process (pages 26-52)
Martin Boldt (Blekinge Institute of Technology, Karlskrona, Sweden), Andreas Jacobsson (Malmö University, Malmö, Sweden), Dejan Baca (Ericsson AB, Karlskrona, Sweden), Bengt Carlsson (Institute of Technology, Karlskrona, Sweden)
Article 3
Design Patterns and Design Quality: Theoretical Analysis, Empirical Study, and User Experience (pages 53-81)
Liguo Yu (Indiana University South Bend, South Bend, IN, USA), Yingmei Li (Harbin Normal University, Harbin, China), Srini Ramaswamy (ABB Inc., Churchville, MD, USA)
Issue 3
A Stitch in Time Saves Nine
Editorial Preface
Martin Gilje Jaatun (SINTEF Digital, Trondheim, Norway & University of Stavanger, Stavanger, Norway)
Article 1
A Database of Existing Vulnerabilities to Enable Controlled Testing Studies (pages 1-23)
Sofia Rei (Faculty of Engineering of the University of Porto, Porto, Portugal), Rui Abreu (IST, University of Lisbon & INESC-ID, Lisboa, Portugal)
Article 2
Self-Modifying Code: A Provable Technique for Enhancing Program Obfuscation (pages 24-41)
Chandan Kumar Behera (Department of Computer Science and Systems Engineering, College of Engineering (A), Andhra University, Visakhapatnam, India), D. Lalitha Bhaskari (Department of Computer Science and Systems Engineering, College of Engineering (A), Andhra University, Visakhapatnam, India)
Article 3
Goal Modelling for Security Problem Matching and Pattern Enforcement (pages 42-57)
Yijun Yu (School of Computing and Communications, The Open University, Milton Keynes, UK), Haruhiko Kaiya (Kanagawa University, Hiratsuka, Japan), Nobukazu Yoshioka (GRACE Center, NII, Tokyo, Japan), Zhenjiang Hu (GRACE Center, NII, Tokyo, Japan), Hironori Washizaki (Computer Science and Engineering Department, Waseda University, Tokyo, Japan), Yingfei Xiong (Peking University, Beijing, China), Amin Hosseinian-Far (University of Hertfordshire, Hertfordshire, UK)
Issue 4
Risk in the Age of Software Security
Editorial Preface
Martin Gilje Jaatun (SINTEF Digital, Trondheim, Norway & University of Stavanger, Stavanger, Norway)
Article 1
Risk Centric Activities in Secure Software Development in Public Organisations (pages 1-30)
Inger Anne Tøndel (Department of Computer Science, Norwegian University of Science and Technology (NTNU), Trondheim, Norway & SINTEF Digital, Trondheim, Norway), Martin Gilje Jaatun (Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway), Daniela Soares Cruzes (Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway), Nils Brede Moe (SINTEF Digital, Trondheim, Norway)
Article 2
LDAP Vulnerability Detection in Web Applications (pages 31-50)
Hossain Shahriar (Kennesaw State University, Marietta, USA), Hisham Haddad (Kennesaw State University, Marietta, USA), Pranahita Bulusu (Kennesaw State University, Marietta, USA)
Article 3
Analysis of Existing Software Cognitive Complexity Measures (pages 51-71)
Sanjay Misra (Covenant University, OTA, Nigeria), Adewole Adewumi (Covenant University, Ota, Nigeria), Robertas Damasevicius (Kaunas University of Technology, Kaunas, Lithuania), Rytis Maskeliunas (Kaunas University of Technology, Kaunas, Lithuania)
Volume 7 (2016)
Issue 1
Special Issue on Agile Secure Software Development
Guest Editorial Preface
Juha Röning (Department of Computer Science and Engineering, University of Oulu, Oulu, Finland), Lotfi ben Othmane (Department Secure Software Engineering (SSE), Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany), Martin Gilje Jaatun (Department of Software Engineering, Safety and Security, SINTEF ICT, Trondheim, Norway)
Article 1
Agile Threat Assessment and Mitigation: An Approach for Method Selection and Tailoring (pages 1-16)
Clemens Teichmann (Fraunhofer AISEC, Berlin, Germany), Stephan Renatus (Chef Software Inc., Berlin, Germany), Jörn Eichler (Fraunhofer AISEC, Berlin, Germany)
Article 2
Evaluation of the Challenges of Developing Secure Software Using the Agile Approach (pages 17-37)
Hela Oueslati (Technical University Darmstadt, Darmstadt, Germany), Mohammad Masudur Rahman (Technical University Darmstadt, Darmstadt, Germany), Lotfi ben Othmane (Fraunhofer SIT, Darmstadt, Germany), Imran Ghani (Universiti Teknologi Malaysia, Malaysia), Adila Firdaus Bt Arbain (Universiti Teknologi Malaysia, Malaysia)
Article 3
Steps Towards Fuzz Testing in Agile Test Automation (pages 38-52)
Pekka Pietikäinen (Oulu University Secure Programming Group, Oulu, Finland), Atte Kettunen (Oulu University Secure Programming Group, Oulu, Finland), Juha Röning (Oulu University Secure Programming Group, Oulu, Finland)
Issue 2
Editorial Preface
Khaled M. Khan (Department of Computer Science and Engineering, Qatar University, Doha, Qatar)
Article 1
Fuzzy Rule-Based Vulnerability Assessment Framework for Web Applications (pages 1-18)
Hossain Shahriar (Kennesaw State University, Marietta, Georgia, USA), Hisham Haddad (Kennesaw State University, Marietta, Georgia, USA)
Article 2
The Case for Privacy Awareness Requirements (pages 19-36)
Inah Omoronyia (School of Computing Science, University of Glasgow, Glasgow, UK)
Article 3
An Incremental B-Model for RBAC-Controlled Electronic Marking System (pages 37-64)
Nasser Al-hadhrami (Ministry of Education, Nizwa, Oman), Benjamin Aziz (School of Computing, University of Portsmouth, Portsmouth, UK), Lotfi ben Othmane (Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany)
Issue 3
Preface
Editorial Preface
Khaled M. Khan (Department of Computer Science and Engineering, Qatar University, Doha, Qatar)
Article 1
Towards Ontological Approach to Security Risk Analysis of Information System: Model and Architecture (pages 1-25)
Oluwasefunmi ‘Tale Arogundade (Laboratory of Management Decision and Information Systems, Academy of Mathematics and Systems Science, Chinese Academy of Sciences, Beijing, China & Department of Computer Science, Federal University of Agriculture, Abeokuta, Nigeria), Olusola Adeniran (Department of Mathematics, Federal University of Agriculture, Abeokuta, Nigeria), Zhi Jin (School of Electronics Engineering and Computer Science, Peking University, Beijing, China), Yang Xiaoguang (Laboratory of Management Decision and Information Systems, Academy of Mathematics and Systems Science, Chinese Academy of Sciences, Beijing, China)
Article 2
An Exploratory Study of the Security Design Pattern Landscape and their Classification (pages 26-43)
Poonam Ponde (Department of Computer Science, Savitribai Phule Pune University, Pune, India), Shailaja Shirwaikar (Department of Computer Science, Savitribai Phule Pune University, Pune, India)
Article 3
Migration Goals and Risk Management in Cloud Computing: A Review of State of the Art and Survey Results on Practitioners (pages 44-73)
Shareeful Islam (School of Architecture, Computing and Engineering, University of East London, London, UK), Stefan Fenz (SBA Research gGmbH, Vienna, Austria), Edgar Weippl (SBA Research gGmbH, Vienna, Austria), Christos Kalloniatis (Cultural Informatics Laboratory, University of the Aegean, Mitilini, Greece)
Issue 4
Preface
Editorial Preface
Khaled M. Khan (Department of Computer Science and Engineering, Qatar University, Doha, Qatar)
Article 1
Survey of Vulnerabilities and Mitigation Techniques for Mooc-Based Applications (pages 1-18)
Hossain Shahriar (Department of Information Technology, Kennesaw State University, Marietta, Georgia, USA), Hisham M. Haddad (Department of Computer Science, Kennesaw State University, Marietta, Georgia, USA), David Lebron (Department of Computer Science, Kennesaw State University, Marietta, Georgia, USA), Rubana Lupu (Department of Information Technology, Kennesaw State University, Marietta, Georgia, USA)
Article 2
Vulnerability Discovery Modeling for Open and Closed Source Software (pages 19-38)
Ruchi Sharma (Department of Computer Engineering, Netaji Subhas Institute of Technology, New Delhi, India), Ritu Sibal (Department of Computer Engineering, Netaji Subhas Institute of Technology, New Delhi, India), A.K. Shrivastava (Amity Center for Interdisciplinary Research, Amity University, Noida, India)
Article 3
Where to Integrate Security Practices on DevOps Platform (pages 39-50)
Hasan Yasar (Software Engineering Institute, CMU, Pittsburgh, PA, USA), Kiriakos Kontostathis (Software Engineering Institute, CMU, Pittsburgh, PA, USA)
Volume 6 (2015)
Issue 1
Special Issue on Evolving Security and Privacy Requirements Engineering (ESPRE'14) 2014, Sweden
Guest Editorial Preface
Kristian Beckers (University Duisburg-Essen, Duisburg, Germany), Shamal Faily (Bournemouth University, Poole, UK), Seok-Won Lee (Ajou University, Suwon, Republic of Korea), Nancy Mead (CERT Division, SEI, Carnegie Mellon University, Pittsburgh, PA, USA)
Article 1
A Method and Case Study for Using Malware Analysis to Improve Security Requirements (pages 1-23)
Nancy R. Mead (Carnegie Mellon University, Software Engineering Institute, Pittsburgh, PA, USA), Jose Andre Morales (Carnegie Mellon University, Software Engineering Institute, Pittsburgh, PA, USA), Gregory Paul Alice (Carnegie Mellon University, Seattle, WA, USA)
Article 2
A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems (pages 24-46)
Azadeh Alebrahim (Paluno – The Ruhr Institute for Software Technology, University of Duisburg-Essen, Duisburg, Germany), Denis Hatebur (The Ruhr Institute for Software Technology, University of Duisburg-Essen, Duisburg, Germany), Stephan Fassbender (The Ruhr Institute for Software Technology, University of Duisburg-Essen, Duisburg, Germany), Ludger Goeke (ITESYS Inst. f. tech. Sys. GmbH, Dortmund, Germany), Isabelle Côté (ITESYS Inst. f. tech. Sys. GmbH, Dortmund, Germany)
Article 3
Balancing Product and Process Assurance for Evolving Security Systems (pages 47-75)
Wolfgang Raschke (Institute for Technical Informatics, Graz University of Technology, Graz, Austria), Massimiliano Zilli (Institute for Technical Informatics, Graz University of Technology, Graz, Austria), Philip Baumgartner (NXP Semiconductors Austria GmbH, Gratkorn, Austria), Johannes Loinig (NXP Semiconductors Austria GmbH, Gratkorn, Austria), Christian Steger (Institute for Technical Informatics, Graz University of Technology, Graz, Austria), Christian Kreiner (Institute for Technical Informatics, Graz University of Technology, Graz, Austria)
Issue 2
Special Issue on Quantitative Aspects in Security Assurance
Guest Editorial Preface
Alessandro Aldini (University of Urbino, Urbino, Italy), Fabio Martinelli (Pisa Research Area, National Research Council – CNR, Pisa, Italy), Neeraj Suri (Technische Universität Darmstadt, Darmstadt, Germany)
Article 1
An Empirical Bandwidth Analysis of Interrupt-Related Covert Channels (pages 1-22)
Richard Gay (TU Darmstadt, Darmstadt, Germany), Heiko Mantel (TU Darmstadt, Darmstadt, Germany), Henning Sudbrock (TU Darmstadt, Darmstadt, Germany)
Article 2
Calculating Quantitative Integrity and Secrecy for Imperative Programs (pages 23-46)
Tom Chothia (School of Computer Science, University of Birmingham, Birmingham, UK), Chris Novakovic (School of Computer Science, University of Birmingham, Birmingham, UK), Rajiv Ranjan Singh (Department of Computer Science, Shyam Lal College (Eve) University of Delhi, Delhi, India)
Article 3
Using Attack Graphs to Analyze Social Engineering Threats (pages 47-69)
Kristian Beckers (The Ruhr Institute for Software Technology, University of Duisburg-Essen, Duisburg, Germany), Leanid Krautsevich (Instituto di Informatica e Telematica, Consiglio Nazionale delle Richerche, Pisa, Italy), Artsiom Yautsiukhin (Instituto di Informatica e Telematica, Consiglio Nazionale delle Richerche, Pisa, Italy)
Article 4
Risk-Based Privacy-Aware Information Disclosure (pages 70-89)
Alessandro Armando (Security and Trust Unit, FBK-Irst, Trento, Italy & DIBRIS, University of Genova, Italy), Michele Bezzi (Product Security Research, SAP Labs, Sophia-Antipolis, France), Nadia Metoui (Security and Trust Unit, FBK-Irst, Trento, Italy & DISI, University of Trento, Italy), Antonino Sabetta (Product Security Research, SAP Labs, Sophia-Antipolis, France)
Article 5
Assessing the Usefulness of Testing for Validating and Correcting Security Risk Models Based on Two Industrial Case Studies (pages 90-112)
Gencer Erdogan (SINTEF ICT, Oslo, Norway & University of Oslo, Oslo, Norway), Fredrik Seehusen (SINTEF ICT, Oslo, Norway), Ketil Stølen (SINTEF ICT, Oslo, Norway & University of Oslo, Oslo, Norway), Jon Hofstad (EVRY, Fornebu, Norway), Jan Øyvind Aagedal (Accurate Equity, Fornebu, Norway)
Issue 3
Preface
Editorial Preface
Khaled M. Khan (Department of Computer Science and Engineering, Qatar University, Doha, Qatar)
Article 1
Request and Response Analysis Framework for Mitigating Clickjacking Attacks (pages 1-25)
Hossain Shahriar (Department of Information Technology, Kennesaw State University, Marietta, GA, USA), Hisham Haddad (Department of Computer Science, Kennesaw State University, Marietta, GA, USA), Vamshee Krishna Devendran (Department of Information Technology, Kennesaw State University, Marietta, Georgia, USA)
Article 2
Method Using Command Abstraction Library for Iterative Testing Security of Web Applications (pages 26-49)
Seiji Munetoh (Department of Informatics, The Graduate University for Advanced Studies (SOKENDAI), Tokyo, Japan & IBM Research, Tokyo, Japan), Nobukazu Yoshioka (GRACE Center, National Institute of Informatics (NII), Tokyo, Japan & The Graduate University for Advanced Studies (SOKENDAI),Tokyo, Japan)
Article 3
An Alternative Threat Model-based Approach for Security Testing (pages 50-64)
Bouchaib Falah (School of Science and Engineering, Al Akhawayn University, Ifrane, Morocco), Mohammed Akour (Department of Computer Information Systems, Yarmouk University, Irbid, Jordan), Samia Oukemeni (School of Science and Engineering, Al Akhawayn University, Ifrane, Morocco)
Issue 4
Editorial Preface
Khaled M. Khan (Department of Computer Science and Engineering, Qatar University, Doha, Qatar)
Article 1
Supporting Consistency during the Development and Evolution of Quality Unified Use-Misuse Case Models (pages 1-31)
Mohamed El-Attar (Department of Computer Science and Engineering, Mississippi State University, Starkville, MS, USA)
Article 2
Expansion and Practical Implementation of the MFC Cybersecurity Model via a Novel Security Requirements Taxonomy (pages 32-51)
Neila Rjaibi (Institut Supérieur de Gestion, Tunis, Tunisia), Latifa Ben Arfa Rabai (Institut Supérieur de Gestion, Tunis, Tunisia)
Article 3
An Introduction to Remote Installation Vulnerability in Content Management Systems (pages 52-63)
Mehdi Dadkhah (Department of Computer and Information Technology, Foulad Institute of Technology, Foulad Shahr, Iran), Shahaboddin Shamshirband (Department of Computer System and Information Technology, Faculty of Computer Science and Information Technology, University of Malaya, Kuala Lumpur, Malaysia)
Volume 5 (2014)
Issue 1
Special Issue on CRiSIS 2012
Guest Editorial Preface
Fabio Martinelli (Istituto di Informatica e Telematica - IIT National Research Council - C.N.R., Pisa, Italy), Jean-Louis Lanet (University of Limoges, Limoges, France)
Article 1
Validation of a Trust Approach in Multi-Organization Environments (pages 1-18)
Khalifa Toumi (TELECOM & Management SudParis, Evry, France), Ana Cavalli (César Andrés, Universidad Complutense de Madrid, Madrid, Spain), César Andrés (TELECOM & Management SudPAris, Evry, France)
Article 2
An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications (pages 19-38)
Romaric Ludinard (Supélec, Cesson-Sevigné, France), Éric Totel (Supélec, Cesson-Sevigné, France), Frédéric Tronel (Supélec, Cesson-Sevigné, France), Vincent Nicomette (CNRS, LAAS, Toulouse, France & INSA, LAAS, Université de Toulouse, Toulouse, France), Mohamed Kaâniche (CNRS, LAAS, Toulouse, France & Université de Toulouse, Toulouse, France), Éric Alata (CNRS, LAAS, Toulouse, France & INSA, LAAS, Université de Toulouse, Toulouse, France), Rim Akrout (CNRS, LAAS, Toulouse, France & LAAS, Université de Toulouse, Toulouse, France), Yann Bachy (CNRS, LAAS, Toulouse, France & LAAS, Université de Toulouse, Toulouse, France)
Article 3
Remote E-Voting Using the Smart Card Web Server (pages 39-60)
Sheila Cobourne (Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, UK), Lazaros Kyrillidis (Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, UK), Keith Mayes (Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, UK), Konstantinos Markantonakis (Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, UK)
Article 4
Improving the Detection of On-Line Vertical Port Scan in IP Traffic (pages 61-74)
Christine Fricker (INRIA, Le Chesnay, France), Philippe Robert (INRIA, Le Chesnay, France), Yousra Chabchoub (ISEP, Paris, France)
Issue 2
Special Issue on 7th International Workshop on Secure Software Engineering (SecSE 2013)
Guest Editorial Preface
Martin Gilje Jaatun (Department of Software Engineering, Safety and Security, SINTEF ICT, Trondheim, Norway), Riccardo Scandariato (Department of Computer Science, KU Leuven, Leuven, Belgium), Lillian Røstad (Department of Computer and Information Science, Norwegian University of Science and Technology, Trondheim, Norway)
Article 1
Threat Analysis in Goal-Oriented Security Requirements Modelling (pages 1-19)
Per Håkon Meland (SINTEF ICT, Trondheim, Norway), Elda Paja (Department of Information Engineering and Computer Science (DISI), University of Trento, Trento, Italy), Erlend Andreas Gjære (SINTEF ICT, Trondheim, Norway), Stéphane Paul (Critical Embedded Systems Laboratory, Information Science and Technology Research Group, Thales Research and Technology, Palaiseau, France), Fabiano Dalpiaz (Department of Information and Computing Sciences, Buys Ballot Laboratory, Utrecht University, Utrecht, The Netherlands), Paolo Giorgini (Department of Information Engineering and Computer Science (DISI), University of Trento, Trento, Italy)
Article 2
A Structured Method for Security Requirements Elicitation concerning the Cloud Computing Domain (pages 20-43)
Kristian Beckers (Univeristy of Duisburg-Essen, Essen, Germany), Isabelle Côté (ITESYS Institute for Technical Systems GmbH, Dortmund, Germany), Ludger Goeke (ITESYS Institute for Technical Systems GmbH, Dortmund, Germany), Selim Güler (EASY SOFTWARE AG, Mülheim an der Ruhr, Germany), Maritta Heisel (University of Duisburg-Essen, Essen, Germany)
Article 3
Automated Synthesis and Ranking of Secure BPMN Orchestrators (pages 44-64)
Vincenzo Ciancia (The “Alessandro Faedo” Institute of Information Science and Technology, Pisa, Italy), Jose Martin (The Institute of Informatics and Telematics, Pisa, Italy), Fabio Martinelli (The Institute of Informatics and Telematics, Pisa, Italy), Ilaria Matteucci (The Institute of Informatics and Telematics, Pisa, Italy), Marinella Petrocchi (The Institute of Informatics and Telematics, Pisa, Italy), Ernesto Pimentel (University of Malaga, Malaga, Spain)
Issue 3
Article 1
Information Theoretic XSS Attack Detection in Web Applications (pages 1-15)
Hossain Shahriar (Department of Computer Science, Kennesaw State University, Kennesaw, GA, USA), Sarah North (Department of Computer Science, Kennesaw State University, Kennesaw, GA, USA), Wei-Chuen Chen (Department of Computer Science, Kennesaw State University, Kennesaw, GA, USA), Edward Mawangi (Department of Computer Science, Kennesaw State University, Kennesaw, GA, USA)
Article 2
Design Churn as Predictor of Vulnerabilities? (pages 16-31)
Aram Hovsepyan (iMinds-DistriNet, KU Leuven, Leuven, Belgium), Riccardo Scandariato (iMinds-DistriNet, KU Leuven, Leuven, Belgium), Maximilian Steff (Free University of Bozen, Bolzano, Italy), Wouter Joosen (iMinds-DistriNet, KU Leuven, Leuven, Belgium)
Article 3
Secure Software Development Assimilation: Effects of External Pressures and Roles of Internal Factors (pages 32-55)
Mingqiu Song (Faculty of Management and Economics, Dalian University of Technology, Dalian, China), Donghao Chen (Faculty of Management and Economics, Dalian University of Technology, Dalian, China), Elizabeth Sylvester Mkoba (School of Computer Science and Technology, Dalian University of Technology, Dalian, China)
Article 4
Meta-Modeling Based Secure Software Development Processes (pages 56-74)
Mehrez Essafi (RIADI Laboratory, National School for Computer Science Studies, University of Manouba, Tunis, Tunisia), Henda Ben Ghezala (RIADI Laboratory, National School for Computer Science Studies, University of Manouba, Tunis, Tunisia)
Issue 4
Editorial Preface
Khaled M. Khan (Department of Computer Science and Engineering, Qatar University, Doha, Qatar)
Article 1
Validating Security Design Pattern Applications by Testing Design Models (pages 1-30)
Takanori Kobashi (Computer Science and Engineering Department, Waseda University, Tokyo, Japan), Nobukazu Yoshioka (GRACE Center, National Institute of Informatics, Tokyo, Japan), Haruhiko Kaiya (Department of Information Sciences, Kanagawa University, Kanagawa-ken, Japan), Hironori Washizaki (Computer Science and Engineering Department, Waseda University, Tokyo, Japan), Takano Okubo (Institute of Information Security, Yokohama, Japan), Yoshiaki Fukazawa (Computer Science and Engineer Department, Waseda University, Tokyo, Japan)
Article 2
A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes (pages 31-47)
Annette Tetmeyer (Department of Electrical Engineering and Computer Science, University of Kansas, Lawrence, KS, USA), Daniel Hein (Automotive OEM, Garmin International, Olathe, KS, USA), Hossein Saiedian (Department of Electrical Engineering and Computer Science, University of Kansas, Lawrence, KS, USA)
Article 3
Evolution of Security Engineering Artifacts: A State of the Art Survey (pages 48-98)
Michael Felderer (Institute of Computer Science, University of Innsbruck, Innsbruck, Austria), Basel Katt (Institute of Computer Science, University of Innsbruck, Innsbruck, Austria), Philipp Kalb (Institute of Computer Science, University of Innsbruck, Innsbruck, Austria), Jan Jürjens (Department of Software Engineering, Technical University of Dortmund, Dortmund, Germany), Martín Ochoa (Department of Software Engineering, Technical University of Munich, Munich, Germany), Federica Paci (Department of Information Engineering and Computer Science, University of Trento, Trento, Italy), Le Minh Sang Tran (Security Research Group, University of Trento, Trento, Italy), Thein Than Tun (Department of Computing, The Open University, Milton Keynes, UK), Koen Yskout (iMinds-DistriNet, KU Leuven, Leuven, Belgium), Riccardo Scandariato (iMinds-DistriNet, KU Leuven, Leuven, Belgium), Frank Piessens (iMinds-DistriNet, KU Leuven, Leuven, Belgium), Dries Vanoverberghe (iMinds-DistriNet, KU Leuven, Leuven, Belgium), Elizabeta Fourneret (SnT Centre, University of Luxembourg, Luxembourg), Matthias Gander (Institute of Computer Science, University of Innsbruck, Innsbruck, Austria), Bjørnar Solhaug (Information and Communication Technology (ICT), SINTEF, Oslo, Norway), Ruth Breu (Institute of Computer Science, University of Innsbruck, Innsbruck, Austria)
Volume 4 (2013)
Issue 1
Guest Editorial Preface
Nancy R. Mead (CERT, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, USA), Ivan Flechais (Department of Computer Science, University of Oxford, Oxford, UK), Dan Shoemaker (Department of Computer and Information Systems, College of Liberal Arts & Education, University of Detroit Mercy, Detroit, MI, USA), Carol Woody (CERT, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, USA)
Article 1
Principles and Measurement Models for Software Assurance (pages 1-10)
Nancy R. Mead (CERT, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, USA), Dan Shoemaker (Department of Computer and Information Systems, College of Liberal Arts & Education, University of Detroit Mercy, Detroit, MI, USA), Carol Woody (CERT, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, USA)
Article 2
Towards a More Systematic Approach to Secure Systems Design and Analysis (pages 11-30)
Simon Miller (Intelligent Modelling and Analysis Research Group, School of Computer Science, University of Nottingham, Nottingham, UK), Susan Appleby (Communications-Electronics Security Group, Cheltenham, Gloucestershire, UK), Jonathan M. Garibaldi (Intelligent Modelling and Analysis Research Group, School of Computer Science, University of Nottingham, Nottingham, UK), Uwe Aickelin (Intelligent Modelling and Analysis Research Group, School of Computer Science, University of Nottingham, Nottingham, UK)
Article 3
A New Method for Writing Assurance Cases (pages 31-49)
Yutaka Matsuno (Strategy Office, Information and Communications Headquarters, Nagoya University, Furo-Cho, Chikusa-ku, Nagoya, Japan), Shuichiro Yamamoto (Strategy Office, Information and Communications Headquarters, Nagoya University, Furo-Cho, Chikusa-ku, Nagoya, Japan)
Article 4
Analyzing Human Factors for an Effective Information Security Management System (pages 50-74)
Reza Alavi (School of Architecture, Computing and Engineering, University of East London, London, UK), Shareeful Islam (School of Architecture, Computing and Engineering, University of East London, London, UK), Hamid Jahankhani (School of Architecture, Computing and Engineering, University of East London, London, UK), Ameer Al-Nemrat (School of Architecture, Computing and Engineering, University of East London, London, UK)
Article 5
Advancing Cyber Resilience Analysis with Performance-Based Metrics from Infrastructure Assessments (pages 75-96)
Eric D. Vugrin (Sandia National Laboratories, Albuquerque, NM, USA), Jennifer Turgeon (Sandia National Laboratories, Albuquerque, NM, USA)
Issue 2
Guest Editorial Preface
Martin Gilje Jaatun (SINTEF ICT, Norway)
Article 1
Threat Representation Methods for Composite Service Process Models (pages 1-18)
Per Håkon Meland (Software Engineering, Safety and Security, SINTEF ICT, Trondheim, Norway), Erlend Andreas Gjære (Software Engineering, Safety and Security, SINTEF ICT, Trondheim, Norway)
Article 2
Mitigating Type Confusion on Java Card (pages 19-39)
Jean Dubreuil (Smart Secure Devices (SSD) Team, University of Limoges, Limoges Cedex, France), Guillaume Bouffard (Smart Secure Devices (SSD) Team, University of Limoges, Limoges Cedex, France), Bhagyalekshmy N. Thampi (Smart Secure Devices (SSD) Team, University of Limoges, Limoges Cedex, France), Jean-Louis Lanet (Smart Secure Devices (SSD) Team, University of Limoges, Limoges Cedex, France)
Article 3
A Taxonomy Built on Layers of Abstraction for Time and State Vulnerabilities (pages 40-66)
Horia V. Corcalciuc (School of Computer Science, University of Birmingham, Birmingham, UK)
Issue 3
Editorial Preface
Khaled M. Khan (Department of Computer Science and Engineering, Qatar University, Doha, Qatar)
Article 1
Assessing the Value of Formal Control Mechanisms on Strong Password Selection (pages 1-17)
Jeff Crawford (School of Computing & Informatics, Lipscomb University, Nashville, TN, USA)
Article 2
Semi-Automatic Annotation of Natural Language Vulnerability Reports (pages 18-41)
Yan Wu (College of Information Science and Technology, University of Nebraska at Omaha, Omaha, NE, USA), Robin Gandhi (College of Information Science and Technology, University of Nebraska at Omaha, Omaha, NE, USA), Harvey Siy (College of Information Science and Technology, University of Nebraska at Omaha, Omaha, NE, USA)
Article 3
Eliciting Security Requirements for an Information System using Asset Flows and Processor Deployment (pages 42-63)
Haruhiko Kaiya (Department of Computer Science, Shinshu University, Nagano, Japan), Junya Sakai (Department of Computer Science, Shinshu University, Nagano, Japan), Shinpei Ogata (Department of Computer Science, Shinshu University, Nagano, Japan), Kenji Kaijiri (Department of Computer Science, Shinshu University, Nagano, Japan)
Article 4
Mean Failure Cost as a Measurable Value and Evidence of Cybersecurity: E-Learning Case Study (pages 64-81)
Neila Rjaibi (Department of Computer Science, ISG, Tunis, Tunisia), Latifa Ben Arfa Rabai (Department of Computer Science, ISG, Tunis, Tunisia), Anis Ben Aissa (Department of Computer Science, ENIT, Tunis, Tunisia), Ali Mili (Department of Computer Science, New Jersey Institute of Technology, Newark, NJ, USA)
Issue 4
Special Issue on CRiSIS’11
Guest Editorial Preface
Frédéric Cuppens (Télécom Bretagne, Campus de Rennes, Cesson Sévigné, France), Simon N. Foley (Department of Computer Science, University College Cork, Cork, Ireland)
Article 1
Performance Evaluation of SHA-2 Standard vs. SHA-3 Finalists on Two Freescale Platforms (pages 1-24)
Pal-Stefan Murvay (Politehnica University of Timisoara, Timisoara, Romania), Bogdan Groza (Politehnica University of Timisoara, Timisoara, Romania)
Article 2
Optimal Voting Strategy against Random and Targeted Attacks (pages 25-46)
Li Wang (Illinois Institute of Technology, Chicago, IL, USA), Zheng Li (Illinois Institute of Technology, Chicago, IL, USA), Shangping Ren (Illinois Institute of Technology, Chicago, IL, USA), Kevin Kwiat (Air Force Research Laboratory, Rome, NY, USA)
Article 3
Trust Based Interdependency Weighting for On-Line Risk Monitoring in Interdependent Critical Infrastructures (pages 47-69)
Filipe Caldeira (CISUC - DEI, University of Coimbra, Coimbra, Portugal & Polytechnic Institute of Viseu, Viseu, Portugal), Thomas Schaberreiter (Centre de Recherche Public Henri Tudor, Luxembourg & Computer Science and Communications Research Unit (CSC), University of Luxembourg, Luxembourg), Sébastien Varrette (Computer Science and Communications Research Unit (CSC), University of Luxembourg, Luxembourg), Edmundo Monteiro (CISUC - DEI, University of Coimbra, Coimbra, Portugal), Paulo Simões (CISUC - DEI, University of Coimbra, Coimbra, Portugal), Pascal Bouvry (Computer Science and Communications Research Unit (CSC), University of Luxembourg, Luxembourg), Djamel Khadraoui (Centre de Recherche Public Henri Tudor, Luxembourg)
Volume 3 (2012)
Issue 1
Article 1
Formative User-Centered Evaluation of Security Modeling: Results from a Case Study (pages 1-19)
Sandra Trösterer (University of Salzburg, Austria), Elke Beck (University of Salzburg, Austria), Fabiano Dalpiaz (University of Trento, Italy), Elda Paja (University of Trento, Italy), Paolo Giorgini (University of Trento, Italy), Manfred Tscheligi (University of Salzburg, Austria)
Article 2
Improving Security and Safety Modelling with Failure Sequence Diagrams (pages 20-36)
Christian Raspotnig (University of Bergen, Norway), Andreas L. Opdahl (University of Bergen, Norway)
Article 3
Analyzing Impacts on Software Enhancement Caused by Security Design Alternatives with Patterns (pages 37-61)
Takao Okubo (Fujitsu Laboratories Limited, Japan), Haruhiko Kaiya (National Institute of Informatics, Japan), Nobukazu Yoshioka (National Institute of Informatics, Japan)
Article 4
Software Security Engineering: Design and Applications (pages 62-63)
Khaled M. Khan (Qatar University, Qatar)
Issue 2
Article 1
Attribute Decoration of Attack–Defense Trees (pages 1-35)
Alessandra Bagnato (TXT e-solutions, Italy), Barbara Kordy (University of Luxembourg, Luxembourg), Per Håkon Meland (SINTEF ICT, Norway), Patrick Schweitzer (University of Luxembourg, Luxembourg)
Article 2
Modelling Security Using Trust Based Concepts (pages 36-53)
Michalis Pavlidis (University of East London, UK), Haralambos Mouratidis (University of East London, UK), Shareeful Islam (University of East London, UK)
Article 3
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks (pages 54-73)
Peter Karpati (Norwegian University of Science and Technology, Norway), Guttorm Sindre (Norwegian University of Science and Technology, Norway), Raimundas Matulevicius (Institute of Computer Science, University of Tartu, Estonia)
Issue 3
Article 1
Model Based Process to Support Security and Privacy Requirements Engineering (pages 1-22)
Shareeful Islam (University of East London, UK), Haralambos Mouratidis (University of East London, UK), Christos Kalloniatis (University of the Aegean, Greece), Aleksandar Hudic (SBA Research gGmbH, Austria), Lorenz Zechner (SBA Research gGmbH, Austria)
Article 2
SETER: Towards Architecture-Model Based Security Engineering (pages 23-49)
Ayda Saidane (University of Luxembourg, Luxembourg), Nicolas Guelfi (University of Luxembourg, Luxembourg)
Article 3
Formal Modeling and Verification of Security Property in Handel C Program (pages 50-65)
Yujian Fu (Alabama A&M University, USA), Jeffery Kulick (University of Alabama in Huntsville, USA), Lok K. Yan (Air Force Research Laboratory, USA), Steven Drager (Air Force Research Laboratory, USA)
Issue 4
Article 1
A Practical Framework for Policy Composition and Conflict Resolution (pages 1-26)
Ousmane Amadou Dia (Computer Science and Engineering Department, University of South Carolina, Columbia, SC, USA), Csilla Farkas (Computer Science and Engineering Department, University of South Carolina, Columbia, SC, USA)
Article 2
Extraction of an Architectural Model for Least Privilege Analysis (pages 27-44)
Bernard Spitz (Grenoble Graduate School of Business, Grenobile, France, & KU Leuven, Leuven, Belgium), Riccardo Scandariato (IBBT-DistriNet, KU Leuven, Heverlee, Belgium), Wouter Joosen (IBBT-DistriNet, Department of Computer Science, KU Leuven, Heverlee, Belgium)
Article 3
Role Mining to Assist Authorization Governance: How Far Have We Gone? (pages 45-64)
Safaà Hachana (Swid Web Performance Service, Rennes, France, & Laboratoire d’Informatique Scientifique et Industrielle, École Nationale Supérieure de Mécanique et d’Aérotechnique, Poitiers, France), Nora Cuppens-Boulahia (Department of Logics in Uses Social Science and Information, Institut-Mines Télécom/Télécom Bretagne, Renne, France, & Swid Web Performance Service, Rennes, France), Frédéric Cuppens (Department of Logics in Uses Social Science and Information, Institut-Mines Télécom/Télécom Bretagne, Rennes, France)
Article 4
A Comparative Analysis of Access Control Policy Modeling Approaches (pages 65-83)
K. Shantha Kumari (Department of Banking Technology, Pondicherry University, Kalapet, Pondicherry, India), T.Chithraleka (Department of Computer Science, Pondicherry University, Kalapet, Pondicherry, India)
Volume 2 (2011)
Issue 1
Article 1
Performance Evaluation of Secure Key Deployment and Exchange Protocol for MANETs (pages 1-21)
Alastair Nisbet (Massey University, New Zealand), M. A. Rashid (Massey University, New Zealand)
Article 2
A Formal Language for XML Authorisations Based on Answer Set Programming and Temporal Interval Logic Constraints (pages 22-39)
Sean Policarpio (University of Western Sydney, Australia), Yan Zhang (University of Western Sydney, Australia)
Article 3
A Systematic Empirical Analysis of Forging Fingerprints to Fool Biometric Systems (pages 40-83)
Christian Schwarzl (Vienna University of Technology and SBA Research, Austria), Edgar Weippl (Vienna University of Technology and SBA Research, Austria)
Issue 2
Article 1
Integrating Patient Consent in e-Health Access Control (pages 1-24)
Kim Wuyts (Katholieke Universiteit Leuven, Belgium), Riccardo Scandariato (Katholieke Universiteit Leuven, Belgium), Griet Verhenneman (Katholieke Universiteit Leuven, Belgium), Wouter Joosen (Katholieke Universiteit Leuven, Belgium)
Article 2
Analysis of ANSI RBAC Support in EJB (pages 25-52)
Wesam Darwish (The University of British Columbia, Canada), Konstantin Beznosov (The University of British Columbia, Canada)
Article 3
Using Executable Slicing to Improve Rogue Software Detection Algorithms (pages 53-64)
Jan Durand (Louisiana Tech University, USA), Juan Flores (Louisiana Tech University, USA), Travis Atkison (Louisiana Tech University, USA), Nicholas Kraft (University of Alabama, USA), Randy Smith (University of Alabama, USA)
Article 4
Ell Secure Information System Using Modal Logic Technique (pages 65-76)
Yun Bai (University of Western Sydney, Australia), Khaled M. Khan (Qatar University, Qatar)
Issue 3
Article 1
Organizational Patterns for Security and Dependability: From Design to Application (pages 1-22)
Yudis Asnar (University of Trento, Italy), Fabio Massacci (University of Trento, Italy), Ayda Saidane (University of Trento, Italy), Carlo Riccucci (Engineering Ingegneria Informatica S.p.A, Italy), Massimo Felici (Deep Blue, Italy), Alessandra Tedeschi (Deep Blue, Italy), Paul El-Khoury (SAP Research, France), Keqin Li (SAP Research, France), Magali Séguran (SAP Research, France), Nicola Zannone (Eindhoven University of Technology, The Netherlands)
Article 2
Secure by Design: Developing Secure Software Systems from the Ground Up (pages 23-41)
Haralambos Mouratidis (University of East London, UK), Miao Kang (Powerchex Ltd., UK)
Article 3
Security Gaps in Databases: A Comparison of Alternative Software Products for Web Applications Support (pages 42-62)
Afonso Araújo Neto (University of Coimbra, Portugal), Marco Vieira (University of Coimbra, Portugal)
Article 4
Building Secure Software Using XP (pages 63-76)
Walid Al-Ahmad (King Saud University, Saudi Arabia)
Issue 4
Article 1
Eliciting Policy Requirements for Critical National Infrastructure Using the IRIS Framework (pages 1-18)
Shamal Faily (University of Oxford, UK), Ivan Fléchais (University of Oxford, UK)
Article 2
Security Evaluation of Service-Oriented Systems Using the SiSOA Method (pages 19-33)
Christian Jung (Fraunhofer Institute for Experimental Software Engineering, Germany), Manuel Rudolph (Fraunhofer Institute for Experimental Software Engineering, Germany), Reinhard Schwarz (Fraunhofer Institute for Experimental Software Engineering, Germany)
Article 3
JavaSPI: A Framework for Security Protocol Implementation (pages 34-48)
Matteo Avalle (Politecnico di Torino, Italy), Alfredo Pironti (INRIA, France), Davide Pozza (Teoresi Group, Italy), Riccardo Sisto (Politecnico di Torino, Italy)
Article 4
Not Ready for Prime Time: A Survey on Security in Model Driven Development (pages 49-61)
Jostein Jensen (Norwegian University of Science and Technology, Norway), Martin Gilje Jaatun (SINTEF, Norway)
Volume 1 (2010)
Issue 1
Article 1
Integrating Access Control into UML for Secure Software Modeling and Analysis (pages 1-19)
Thuong Doan (University of Connecticut, USA), Steven Demurjian (University of Connecticut, USA), Laurent Michel (University of Connecticut, USA), Solomon Berhe (University of Connecticut, USA)
Article 2
Retrofitting Existing Web Applications with Effective Dynamic Protection Against SQL Injection Attacks (pages 20-40)
San-Tsai Sun (University of British Columbia, Canada), Konstantin Beznosov (University of British Columbia, Canada)
Article 3
A Formal Approach for Securing XML Document (pages 41-53)
Yun Bai (University of Western Sydney, Australia)
Article 4
Security Requirements Engineering for Evolving Software Systems: A Survey (pages 54-73)
Armstrong Nhlabatsi (The Open University, UK), Bashar Nuseibeh (Lero, Ireland & The Open University, UK), Yijun Yu (The Open University, UK)
Article 5
Issue 2
Article 1
Software Engineering Security Based on Business Process Modeling (pages 1-17)
Joseph Barjis (Delft University of Technology, Netherlands)
Article 2
Towards Designing E-Services that Protect Privacy (pages 18-34)
George O. M. Yee (Carleton University, Canada)
Article 3
A Tool Support for Secure Software Integration (pages 35-56)
Khaled Md Khan (Qatar University, Qatar), Jun Han (Swinburne University of Technology, Australia)
Article 4
Improving Memory Management Security for C and C++ (pages 57-82)
Yves Younan (Katholieke Universiteit Leuven, Belgium), Wouter Joosen (Katholieke Universiteit Leuven, Belgium), Frank Piessens (Katholieke Universiteit Leuven, Belgium), Hans Van den Eynden (Katholieke Universiteit Leuven, Belgium)
Issue 3
Article 1
Katana: Towards Patching as a Runtime Part of the Compiler-Linker-Loader Toolchain (pages 1-17)
Sergey Bratus (Dartmouth College, USA), James Oakley (Dartmouth College, USA), Ashwin Ramaswamy (Dartmouth College, USA), Sean W. Smith (Dartmouth College, USA), Michael E. Locasto (George Mason University, USA)
Article 2
Monitoring Buffer Overflow Attacks: A Perennial Task (pages 18-40)
Hossain Shahriar (Queen’s University, Canada), Mohammad Zulkernine (Queen’s University, Canada)
Article 3
CONFU: Configuration Fuzzing Testing Framework for Software Vulnerability Detection (pages 41-55)
Huning Dai (Columbia University, USA), Christian Murphy (Columbia University, USA), Gail Kaiser (Columbia University, USA)
Article 4
Towards Tool-Support for Usable Secure Requirements Engineering with CAIRIS (pages 56-70)
Shamal Faily (University of Oxford, UK), Ivan Fléchais (University of Oxford, UK)
Article 5
Agile Software Development: The Straight and Narrow Path to Secure Software? (pages 71-85)
Torstein Nicolaysen (NTNU, Norway), Richard Sassoon (NTNU, Norway), Maria B. Line (SINTEF ICT, Norway), Martin Gilje Jaatun (SINTEF ICT, Norway)
Issue 4
Article 1
A Rigorous Approach to the Definition of an International Vocational Master’s Degree in Information Security Management (pages 1-17)
Frédéric Girard (Henri Tudor Public Research Center, Luxembourg), Bertrand Meunier (Henri Tudor Public Research Center, Luxembourg), Duan Hua (Henri Tudor Public Research Center, Luxembourg), Eric Dubois (Henri Tudor Public Research Center, Luxembourg)
Article 2
Development of a Master of Software Assurance Reference Curriculum (pages 18-34)
Nancy R. Mead (Carnegie Mellon University, USA), Julia H. Allen (Carnegie Mellon University, USA), Mark Ardis (Stevens Institute of Technology, USA), Thomas B. Hilburn (Embry-Riddle Aeronautical University, USA), Andrew J. Kornecki (Embry-Riddle Aeronautical University, USA), Rick Linger (Carnegie Mellon University, USA), James McDonald (Monmouth University, USA)
Article 3
Secure Software Education: A Contextual Model-Based Approach (pages 35-61)
J. J. Simpson (System Concepts, LLC, USA), M. J. Simpson (System Concepts, LLC, USA), B. Endicott-Popovsky (University of Washington,USA), V. Popovsky (University of Idaho,USA)
Article 4
Assimilating and Optimizing Software Assurance in the SDLC: A Framework and Step-Wise Approach (pages 62-80)
Aderemi O. Adeniji (University of North Carolina at Charlotte, USA), Seok-Won Lee (University of North Carolina at Charlotte, USA)