Muutke küpsiste eelistusi

E-raamat: Fundamentals of Secure System Modelling

4.00/5 (2 hinnangut Goodreads-ist)
  • Formaat: PDF+DRM
  • Ilmumisaeg: 17-Aug-2017
  • Kirjastus: Springer International Publishing AG
  • Keel: eng
  • ISBN-13: 9783319617176
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 74,09 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Fundamentals of Secure System ModellingSuurem pilt
  • Formaat: PDF+DRM
  • Ilmumisaeg: 17-Aug-2017
  • Kirjastus: Springer International Publishing AG
  • Keel: eng
  • ISBN-13: 9783319617176
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

This book provides a coherent overview of the most important modelling-related security techniques available today, and demonstrates how to combine them. Further, it describes an integrated set of systematic practices that can be used to achieve increased security for software from the outset, and combines practical ways of working with practical ways of distilling, managing, and making security knowledge operational.  The book addresses three main topics: (1) security requirements engineering, including security risk management, major activities, asset identification, security risk analysis and defining security requirements; (2) secure software system modelling, including modelling of context and protected assets, security risks, and decisions regarding security risk treatment using various modelling languages; and (3) secure system development, including effective approaches, pattern-driven development, and model-driven security. The primary target audience of this book is gr

aduate students studying cyber security, software engineering and system security engineering. The book will also benefit practitioners interested in learning about the need to consider the decisions behind secure software systems. Overall it offers the ideal basis for educating future generations of security experts.

1 Introduction.- 2 Domain Model for Information Systems Security Risk Management.- 3 Security Risk.- 4 Security Requirements.- 5 Security Risk-Oriented BPMN.- 6 Security Risk-Aware Secure Tropos.- 7 Security Risk-Oriented Misuse Cases.- 8 Mal-activities for Security Risk Management.- 9 Transformations Between Security Risk-Oriented Modelling Languages.- 10 Role-Based Access Control.- 11 Secure System Development Using Patterns.- 12 Secure System Development.- 13 References.

Muu info

"Dr. Matulevicius' book gives a coherent account of the most important modeling-related security techniques today, and is well suited for educating the next generations of security experts." (Prof. Andreas Lothe Opdahl, University of Bergen, Norway) "Dr. Matulevicius introduces a fundamental set of knowledge for the advanced management of risk and security. Going from the conceptual aspects to practical tools, this book provides a broad coverage of the field." (Nicolas Mayer, Ph.D., Luxembourg Institute of Science and Technology)
1 Introduction
1(16)
1.1 System and Security Engineering
1(1)
1.2 Security and Security Risk Management Standards
2(2)
1.3 Security Development Approaches
4(1)
1.4 Domain-Specific Languages for Security Modelling
4(1)
1.5 Model-Driven Security
5(1)
1.6 Modelling Perspectives of Secure Software Systems
6(3)
1.7 Running Example
9(3)
1.8 Exercises
12(5)
Part I Security Risk Management
2 Domain Model for Information Systems Security Risk Management
17(14)
2.1 Domain Model
17(3)
2.1.1 Asset-Related Concepts
17(2)
2.1.2 Risk-Related Concepts
19(1)
2.1.3 Risk Treatment-Related Concepts
20(1)
2.2 Relationships and Multiplicities
20(2)
2.3 Metrics
22(1)
2.4 Process
22(1)
2.5 ISSRM Application Example
23(4)
2.6 Further Reading
27(2)
2.7 Exercises
29(2)
3 Security Risk
31(12)
3.1 System Assets
31(2)
3.2 Risk Analysis
33(1)
3.3 Harm: Malicious Software
34(2)
3.4 Taxonomy of Security Errors
36(1)
3.5 Security Threats
37(2)
3.6 Threat Agent
39(2)
3.7 Further Reading
41(1)
3.8 Exercises
41(2)
4 Security Requirements
43(20)
4.1 Security Criterion
43(1)
4.2 Requirements Definition
44(1)
4.3 Security Requirements Classification
45(5)
4.4 How to Specify Security Requirements
50(2)
4.5 Related (to Security) Requirements
52(4)
4.6 Further Reading
56(2)
4.7 Exercises
58(5)
Part II Modelling Languages for Security Risk Management
5 Security Risk-Oriented BPMN
63(14)
5.1 Business Process Model and Notation
63(1)
5.2 Security Risk Management Using BPMN
64(5)
5.2.1 Semantics
65(1)
5.2.2 Abstract Syntax
65(3)
5.2.3 Concrete Syntax
68(1)
5.3 Example
69(3)
5.4 Further Reading
72(3)
5.5 Exercises
75(2)
6 Security Risk-Aware Secure Tropos
77(16)
6.1 Tropos and Secure Tropos
77(2)
6.2 Security Risk Management Using Secure Tropos
79(7)
6.2.1 Semantics and Concrete Syntax
79(2)
6.2.2 Abstract Syntax
81(5)
6.3 Examples
86(3)
6.4 Further Reading
89(2)
6.5 Exercises
91(2)
7 Security Risk-Oriented Misuse Cases
93(14)
7.1 Use and Misuse Cases
93(1)
7.2 Security Risk Management Using Misuse Cases
94(4)
7.2.1 Semantics and Concrete Syntax
94(1)
7.2.2 Abstract Syntax
95(3)
7.3 Examples
98(3)
7.4 Textual Misuse Cases
101(2)
7.5 Further Reading
103(1)
7.6 Exercises
104(3)
8 Mal-activities for Security Risk Management
107(12)
8.1 Activity and Mal-activity Diagrams
107(1)
8.2 Security Risk Management Using Mal-activities
108(4)
8.2.1 Semantics and Concrete Syntax
108(2)
8.2.2 Abstract Syntax
110(2)
8.3 Example
112(1)
8.4 Further Reading
113(1)
8.5 Exercises
113(6)
Part III Model-Driven Security Development and Application
9 Transformations Between Security Risk-Oriented Modelling Languages
119(28)
9.1 Transformation Basis
119(6)
9.1.1 Transformation Method
119(1)
9.1.2 Comparison of Modelling Languages
120(5)
9.2 Transforming from Security Risk-Oriented BPMN to Security Risk-Aware Secure Tropos
125(4)
9.3 Transforming from Security Risk-Aware Secure Tropos to Security Risk-Oriented Misuse Cases
129(6)
9.4 Transforming from Security Risk-Oriented Misuse Cases to Mal-activities for Security Risk Management
135(6)
9.5 Further Reading
141(3)
9.6 Exercises
144(3)
10 Role-Based Access Control
147(24)
10.1 Family of RBAC Models
147(2)
10.2 RBAC Administration
149(1)
10.3 RBAC Modelling Languages
150(12)
10.3.1 SecureUML
150(3)
10.3.2 UMLsec
153(3)
10.3.3 Comparison
156(2)
10.3.4 Transformation
158(4)
10.4 Model-Driven Security
162(3)
10.5 Further Reading
165(2)
10.6 Exercises
167(4)
11 Secure System Development Using Patterns
171(28)
11.1 Security Patterns
171(1)
11.2 Security Pattern Taxonomy
172(2)
11.3 Security Risk-Oriented Patterns
174(6)
11.4 Security Requirements Elicitation from Business Processes
180(13)
11.4.1 SREBP Method
182(3)
11.4.2 Pattern Application
185(8)
11.5 Further Reading
193(1)
11.6 Exercises
194(5)
Part IV Concluding Remarks
12 Secure System Development
199(10)
12.1 Secure System Development Processes
199(5)
12.1.1 Microsoft Secure System Development Lifecycle
200(1)
12.1.2 OWASP CLASP
201(1)
12.1.3 Seven Touchpoints
202(2)
12.1.4 Comparison
204(1)
12.2 Security Approaches in Secure Systems Development Processes
204(2)
12.3 Tools
206(1)
12.4 Exercises
207(2)
References 209
Raimundas Matuleviius is Associate Professor of Software Systems at the University of Tartu, Estonia. He has spent over 15 years teaching and conducting research in the fields of security requirements engineering, secure software design and information systems security in Norway, Belgium and Estonia. He is co-coordinator of the Cyber Security Masters curriculum delivered by Tallinn University of Technology and University of Tartu.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97833196171762e.html
Märksõnad: