Abstract—Graph-based assessment formalisms have proven to be useful in the safety, dependability, and security communities to help stakeholders manage risk and maintain appropriate documentation throughout the system lifecycle. In this paper, we propose a set of methods to automatically construct security argument graphs, a graphical formalism that integrates various security-related information to argue about the security level of a system. Our approach is to generate the graph in a progressive manner by exploiting logical relationships among pieces of di-verse input information. Using those emergent argument patterns as a starting point, we define a set of extension templates that can be applied iteratively to grow a security argument gra...
A method must be provided to support the analysis of security policy rules interdependencies in a (p...
A method must be provided to support the analysis of security policy rules interdependencies in a (p...
Numerous data breach incidents have been reported in recent years and there is a continuing requirem...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
International audienceThis paper presents an approach allowing for a given security and utility requ...
Attack graphs have been used to model the vulnerabilities of the systems and their potential exploit...
AbstractAn integral part of modeling the global view of network security is constructing attack grap...
When software systems are verified against security requirements, formal and informal arguments prov...
Abstract — Verified and validated security policies are essential components of high assurance compu...
With the number of devices connected to the internet growing rapidly and software systems being incr...
Attack graphs depict ways in which an adversary exploits system vulnerabilities to achieve a desire...
A method must be provided to support the analysis of security policy rules interdependencies in a (p...
A method must be provided to support the analysis of security policy rules interdependencies in a (p...
Numerous data breach incidents have been reported in recent years and there is a continuing requirem...
Identifying threats and risks to complex systems often requires some form of brainstorming. In addit...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
Computer-based systems are increasingly being exposed to evolving security threats, which often reve...
International audienceThis paper presents an approach allowing for a given security and utility requ...
Attack graphs have been used to model the vulnerabilities of the systems and their potential exploit...
AbstractAn integral part of modeling the global view of network security is constructing attack grap...
When software systems are verified against security requirements, formal and informal arguments prov...
Abstract — Verified and validated security policies are essential components of high assurance compu...
With the number of devices connected to the internet growing rapidly and software systems being incr...
Attack graphs depict ways in which an adversary exploits system vulnerabilities to achieve a desire...
A method must be provided to support the analysis of security policy rules interdependencies in a (p...
A method must be provided to support the analysis of security policy rules interdependencies in a (p...
Numerous data breach incidents have been reported in recent years and there is a continuing requirem...