{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,4,3]],"date-time":"2022-04-03T09:34:33Z","timestamp":1648978473711},"reference-count":6,"publisher":"World Scientific Pub Co Pte Lt","issue":"06","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Int. J. Soft. Eng. Knowl. Eng."],"published-print":{"date-parts":[[2005,12]]},"abstract":"<jats:p> Security specifications of IT products and systems are inherently complex and may subject products to semantic threats due to misunderstanding of key aspects of security objectives by developers, customers and end users. A study is conducted on expressing the security specifications by specially interpreted UML use case diagrams to avoid misunderstanding by peer groups, i.e. to prevent semantic threats at the development phase through improved comprehension of security specifications. We base our results on engineering frameworks for comprehensive security and demonstrate the need for improved communication by concrete examples of semantic threats. The threats result from the use of complex textual artifacts as a means of communicating the security requirements. We demonstrate the use of a diagrammatic technique for expressing and communicating security specifications in a less ambiguous manner and illustrate how the technique assists in communication. <\/jats:p>","DOI":"10.1142\/s0218194005002580","type":"journal-article","created":{"date-parts":[[2006,1,12]],"date-time":"2006-01-12T12:03:15Z","timestamp":1137067395000},"page":"923-940","source":"Crossref","is-referenced-by-count":0,"title":["UNDERSTANDING AND COMMUNICATING IT SECURITY SPECIFICATIONS WITH UML"],"prefix":"10.1142","volume":"15","author":[{"given":"JUSSIPEKKA","family":"LEIWO","sequence":"first","affiliation":[{"name":"Nanyang Technological University, School of Computer Engineering, Nanyang Avenue Block N4, Singapore 639798, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"TEEMU-PEKKA","family":"VIRTANEN","sequence":"additional","affiliation":[{"name":"Helsinki University of Technology, Telecommunications Software and Multimedia Laboratory, P.O. Box 5400, FIN-02015 HUT, Finland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"219","published-online":{"date-parts":[[2011,11,21]]},"reference":[{"key":"rf1","volume-title":"Security Engineering: A Guide to Building Dependable Distributed Systems","author":"Anderson R.","year":"2001"},{"key":"rf2","first-page":"1","volume":"4","author":"Baskerville R.","journal-title":"The Journal of Management Systems"},{"key":"rf3","doi-asserted-by":"publisher","DOI":"10.1145\/162124.162127"},{"key":"rf4","first-page":"385","volume":"14","author":"Baskerville R.","journal-title":"Int. J. Information Management"},{"key":"rf14","volume-title":"Secure Systems Development with UML","author":"J\u00fcrjens J.","year":"2003"},{"key":"rf24","doi-asserted-by":"publisher","DOI":"10.1145\/383775.383778"}],"container-title":["International Journal of Software Engineering and Knowledge Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.worldscientific.com\/doi\/pdf\/10.1142\/S0218194005002580","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,7]],"date-time":"2019-08-07T01:47:37Z","timestamp":1565142457000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.worldscientific.com\/doi\/abs\/10.1142\/S0218194005002580"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005,12]]},"references-count":6,"journal-issue":{"issue":"06","published-online":{"date-parts":[[2011,11,21]]},"published-print":{"date-parts":[[2005,12]]}},"alternative-id":["10.1142\/S0218194005002580"],"URL":"https:\/\/doi.org\/10.1142\/s0218194005002580","relation":{},"ISSN":["0218-1940","1793-6403"],"issn-type":[{"value":"0218-1940","type":"print"},{"value":"1793-6403","type":"electronic"}],"subject":[],"published":{"date-parts":[[2005,12]]}}}