{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T23:16:57Z","timestamp":1725491817875},"publisher-location":"Berlin, Heidelberg","reference-count":26,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540752264"},{"type":"electronic","value":"9783540752271"}],"license":[{"start":{"date-parts":[[2007,1,1]],"date-time":"2007-01-01T00:00:00Z","timestamp":1167609600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1007\/978-3-540-75227-1_3","type":"book-chapter","created":{"date-parts":[[2007,9,12]],"date-time":"2007-09-12T21:32:47Z","timestamp":1189632767000},"page":"31-46","source":"Crossref","is-referenced-by-count":1,"title":["A Semantic Paradigm for Component-Based Specification Integrating a Notion of Security Risk"],"prefix":"10.1007","author":[{"given":"Gyrd","family":"Br\u00e6ndeland","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ketil","family":"St\u00f8len","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"3_CR1","unstructured":"Br\u00e6ndeland, G., St\u00f8len, K.: Using model-based security analysis in component-oriented system development. A case-based evaluation. In: Proceedings of the second Workshop on Quality of Protection (QoP 2006), 2006 (to appear)"},{"key":"3_CR2","series-title":"Component software series","volume-title":"UML Components. A simple process for specifying component-based software","author":"J. Cheesman","year":"2001","unstructured":"Cheesman, J., Daniels, J.: UML Components. A simple process for specifying component-based software. Component software series. Addison-Wesley, Reading (2001)"},{"key":"3_CR3","doi-asserted-by":"crossref","unstructured":"den Braber, F., Dimitrakos, T., Gran, B.A., Lund, M.S., St\u00f8len, K., Aagedal, J.\u00d8.: UML and the Unified Process, chapter The CORAS methodology: model-based risk management using UML and UP, pp. 332\u2013357. IRM Press (2003)","DOI":"10.4018\/978-1-93177-744-5.ch017"},{"key":"3_CR4","unstructured":"Fenton, N., Neil, M.: Combining evidence in risk analysis using bayesian networks. Agena White Paper W0704\/01 (2004)"},{"key":"3_CR5","doi-asserted-by":"crossref","unstructured":"Haugen, \u00d8., Husa, K.E., Runde, R.K., St\u00f8len, K.: Why timed sequence diagrams require three-event semantics. Technical Report 309, University of Oslo, Department of Informatics (2004)","DOI":"10.1007\/11495628_1"},{"key":"3_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"388","DOI":"10.1007\/978-3-540-45221-8_33","volume-title":"UML 2003 - The Unified Modeling Language. Modeling Languages and Applications","author":"\u00d8. Haugen","year":"2003","unstructured":"Haugen, \u00d8., St\u00f8len, K.: STAIRS \u2013 steps to analyze interactions with refinement semantics. In: Stevens, P., Whittle, J., Booch, G. (eds.) UML 2003 LNCS, vol. 2863, pp. 388\u2013402. Springer, Heidelberg (2003)"},{"key":"3_CR7","first-page":"115","volume-title":"IWPC 2005","author":"I. Hogganvik","year":"2005","unstructured":"Hogganvik, I., St\u00f8len, K.: On the comprehension of security risk scenarios. In: IWPC 2005. 13th International Workshop on Program Comprehension, pp. 115\u2013124. IEEE Computer Society, Los Alamitos (2005)"},{"key":"3_CR8","volume-title":"Innocent code. A security wake-up call for web programmers","author":"S.H. Huseby","year":"2004","unstructured":"Huseby, S.H.: Innocent code. A security wake-up call for web programmers. Wiley, Chichester (2004)"},{"key":"3_CR9","unstructured":"ISO\/IEC.: Information technology \u2013 Code of practice for information security management. ISO\/IEC 17799:2000"},{"key":"3_CR10","unstructured":"ISO\/IEC.: Risk management \u2013 Vocabulary \u2013 Guidelines for use in standards, ISO\/IEC Guide 73:2002 (2002)"},{"key":"3_CR11","unstructured":"ISO\/IEC.: Information Technology \u2013 Security techniques \u2013 Management of information and communications technology security \u2013 Part 1: Concepts and models for information and communications technology security management, ISO\/IEC 13335-1:2004 (2004)"},{"key":"3_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1007\/978-3-540-24747-0_11","volume-title":"Trust Management","author":"A. J\u00f8sang","year":"2004","unstructured":"J\u00f8sang, A., Presti, S.L.: Analysing the relationship between risk and trust. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol.\u00a02995, pp. 135\u2013145. Springer, Heidelberg (2004)"},{"key":"3_CR13","volume-title":"Secure systems develoment with UML","author":"J. J\u00fcrjens","year":"2005","unstructured":"J\u00fcrjens, J. (ed.): Secure systems develoment with UML. Springer, Heidelberg (2005)"},{"key":"3_CR14","doi-asserted-by":"publisher","first-page":"358","DOI":"10.1109\/ASWEC.2004.1290489","volume-title":"Australian Software Engineering Conference","author":"K.M. Khan","year":"2004","unstructured":"Khan, K.M., Han, J.: A process framework for characterising security properties of component-based software systems. In: Australian Software Engineering Conference, pp. 358\u2013367. IEEE Computer Society, Los Alamitos (2004)"},{"key":"3_CR15","first-page":"88","volume-title":"Proc. 31st Euromicro Conference","author":"K.-K. Lau","year":"2005","unstructured":"Lau, K.-K., Wang, Z.: A taxonomy of software component models. In: Proc. 31st Euromicro Conference, pp. 88\u201395. IEEE Computer Society Press, Los Alamitos (2005)"},{"key":"3_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"426","DOI":"10.1007\/3-540-45800-X_33","volume-title":"UML 2002 - The Unified Modeling Language. Model Engineering, Concepts, and Tools","author":"T. Lodderstedt","year":"2002","unstructured":"Lodderstedt, T., Basin, D.A., Doser, J.: SecureUML: A UML-based modeling language for model-driven security. In: J\u00e9z\u00e9quel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002 - The Unified Modeling Language. Model Engineering, Concepts, and Tools. LNCS, vol.\u00a02460, pp. 426\u2013441. Springer, Heidelberg (2002)"},{"key":"3_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1007\/11768869_12","volume-title":"Formal Methods for Open Object-Based Distributed Systems","author":"A. Refsdal","year":"2006","unstructured":"Refsdal, A., Runde, R.K., St\u00f8len, K.: Underspecification, inherent nondeterminism and probability in sequence diagrams. In: Gorrieri, R., Wehrheim, H. (eds.) FMOODS 2006. LNCS, vol.\u00a04037, pp. 138\u2013155. Springer, Heidelberg (2006)"},{"key":"3_CR18","volume-title":"The unified modeling language reference manual","author":"J. Rumbaugh","year":"2005","unstructured":"Rumbaugh, J., Jacobsen, I., Booch, G.: The unified modeling language reference manual. Addison-Wesley, Reading (2005)"},{"key":"3_CR19","unstructured":"Runde, R.K., Haugen, \u00d8., St\u00f8len, K.: Refining UML interactions with underspecification and nondeterminism. Nordic Journal of Computing (2005)"},{"key":"3_CR20","unstructured":"Winamp skin file arbitrary code execution vulnerability. Secunia Advisory: SA12381. Secunia (2006)"},{"key":"3_CR21","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1145\/1133058.1133080","volume-title":"SACMAT 2006","author":"F. Seehusen","year":"2006","unstructured":"Seehusen, F., St\u00f8len, K.: Information flow property preserving transformation of uml interaction diagrams. In: SACMAT 2006. 11th ACM Symposium on Access Control Models and Technologies, pp. 150\u2013159. ACM, New York (2006)"},{"key":"3_CR22","unstructured":"Standards Australia: Standards New Zealand. Australian\/New Zealand Standard. Risk Management, AS\/NZS 4360:2004 (2004)"},{"key":"3_CR23","unstructured":"Standards Australia: Standards New Zealand. Information security risk management guidelines, HB 231:2004 (2004)"},{"key":"3_CR24","unstructured":"Szyperski, C., Pfister, C.: Workshop on component-oriented programming. In: M\u00fclhauser, M. (ed.) Special Issues in Object-Oriented Programming \u2013 ECOOP 1996 Workshop Reader, dpunkt Verlag, pp. 127\u2013130 (1997)"},{"issue":"4","key":"3_CR25","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1109\/MSP.2004.55","volume":"2","author":"D. Verdon","year":"2004","unstructured":"Verdon, D., McGraw, G.: Risk analysis in software design. IEEE Security & Privacy\u00a02(4), 79\u201384 (2004)","journal-title":"IEEE Security & Privacy"},{"key":"3_CR26","first-page":"94","volume-title":"IEEE Symposium on Security and Privacy","author":"A. Zakinthinos","year":"1997","unstructured":"Zakinthinos, A., Lee, E.S.: A general theory of security properties. In: IEEE Symposium on Security and Privacy, pp. 94\u2013102. IEEE Computer Society, Los Alamitos (1997)"}],"container-title":["Lecture Notes in Computer Science","Formal Aspects in Security and Trust"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-75227-1_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,21]],"date-time":"2019-05-21T22:00:34Z","timestamp":1558476034000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-75227-1_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007]]},"ISBN":["9783540752264","9783540752271"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-75227-1_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2007]]}}}