Sintef Report
نویسندگان
چکیده
Traditional system documentation focuses on the behaviour or functionality we would like the system or application to provide. However, it is equally important to document the undesirable behaviour; what happens when things goes wrong. Moreover, this documentation must be unambiguous and easy to read and understand for the different stakeholders involved. SINTEF has developed a graphical language, the CORAS language for security assessment, allowing undesirable behaviour to be documented in the form of threat scenarios. The CORAS language covers notions like asset, threat, risk and treatment. The objective of this report is to demonstrate the suitability of the CORAS language for modelling threats in relation to: Web Services, ASP.NET, SQL Server, Active Directory and SmartCards.
منابع مشابه
Model-Driven Service Engineering with SoaML
This chapter presents a model-driven service engineering (MDSE) methodology that uses OMG MDA specifications such as BMM, BPMN and SoaML to identify and specify services within a service-oriented architecture. The methodology takes advantage of business modelling practices and provides a guide to service modelling with SoaML. The presentation is case-driven and illuminated using the telecommuni...
متن کاملA Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams
1 A Lightweight Measurement of Software Security Skills, Usage and Training Needs in Agile Teams; Tosin Daniel Oyetoyan, Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway Martin Gilje Jaatun, Department of Software Engineering, Safety & Security, SINTEF Digital, Trondheim, Norway Daniela Soares Cruzes, Department of Software Engineering, Safety & Security,...
متن کاملThe SINTEF/Norwegian health and care services case
Introduction: SINTEF Health Services Research is part of the SINTEF Foundation. Research areas are evaluation of health and welfare services. The health and welfare authorities are the main commissioners of our research. Policy practice: SINTEF is the main supplier of research on health and social service reports to the authorities. The institute has competence on hospital and outpatient servic...
متن کاملMonitoring Extended Enterprise Operations Using KPI's and a Performance Dashboard
NUMBER: 002-0038 TITLE OF THE PAPER: Monitoring Extended Enterprise Operations Using KPI's and a Performance Dashboard Second World Conference on POM and 15th Annual POM Conference, Cancun, Mexico, April 30 May 3, 2004. Name: Marco Busi Institution: 1. Norwegian University of Science and Technology, Department of Quality and Production Engineering 2. SINTEF Industrial Management, Department of ...
متن کاملPublic Final Report
Partners: Contractors: KVAERNER/LogIT AS (Norway), Port of Gothenburg (Sweden), TRD International S.A. (Greece) Associated partners: Swedish State Railways/Gods (Sweden), Marintek Norwegian Marine Technology Research Institute (Norway) SINTEF Foundation for Scientific and Industrial Research at the Norwegian Institute of Technology (Norway), Fraunhofer Institut für Informationsund Datenverarbei...
متن کامل