{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,5,29]],"date-time":"2023-05-29T09:10:59Z","timestamp":1685351459277},"reference-count":6,"publisher":"National Library of Serbia","issue":"2","license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ComSIS","COMPUT SCI INF SYST","COMPUT SCI INFORM SY","COMPUTER SCI INFORM","COMSIS J"],"published-print":{"date-parts":[[2011]]},"abstract":"<jats:p>System security is an important artefact. However security is typically\n   considered only at implementation stage nowadays in industry. This makes it\n   difficult to communicate security solutions to the stakeholders earlier and\n   raises the system development cost, especially if security implementation\n   errors are detected. On the one hand practitioners might not be aware of the\n   approaches that help represent security concerns at the early system\n   development stages. On the other hand a part of the problem might be that\n   there exists only limited support to compare different security development\n   languages and especially their resulting security models. In this paper we\n   propose a systematic approach to assess quality of the security models. To\n   illustrate validity of our proposal we investigate three security models,\n   which present a solution to an industrial problem. One model is created using\n   PL\/SQL, a procedural extension language for SQL; another two models are\n   prepared with SecureUML and UMLsec, both characterized as approaches for\n   model-driven security. The study results in a higher quality for the later\n   security models. These contain higher semantic completeness and correctness,\n   they are easier to modify, understand, and facilitate a better communication\n   of security solutions to the system stakeholders than the PL\/SQL model. We\n   conclude our paper with a discussion on the requirements needed to adapt the\n   model-driven security approaches to the industrial security analysis.<\/jats:p>","DOI":"10.2298\/csis101231014m","type":"journal-article","created":{"date-parts":[[2011,5,5]],"date-time":"2011-05-05T10:52:53Z","timestamp":1304592773000},"page":"447-476","source":"Crossref","is-referenced-by-count":7,"title":["An approach to assess and compare quality of security models"],"prefix":"10.2298","volume":"8","author":[{"given":"Raimundas","family":"Matulevicius","sequence":"first","affiliation":[{"name":"Institute of Computer Science, University of Tartu, Tartu, Estonia"}]},{"given":"Henri","family":"Lakk","sequence":"additional","affiliation":[{"name":"Institute of Computer Science, University of Tartu, Tartu, Estonia"}]},{"given":"Marion","family":"Lepmets","sequence":"additional","affiliation":[{"name":"Centre for Public Research Henri Tudor - SSI, Luxembourg"}]}],"member":"1078","reference":[{"key":"1","doi-asserted-by":"publisher","DOI":"10.1145\/1125808.1125810"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.1023\/A:1008680612960"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1145\/501978.501980"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1016\/j.entcs.2005.07.002"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1109\/52.268955"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1016\/j.datak.2004.12.005"}],"container-title":["Computer Science and Information Systems"],"original-title":[],"language":"en","deposited":{"date-parts":[[2023,5,29]],"date-time":"2023-05-29T08:30:12Z","timestamp":1685349012000},"score":1,"resource":{"primary":{"URL":"https:\/\/doiserbia.nb.rs\/Article.aspx?ID=1820-02141100014M"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"references-count":6,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2011]]}},"URL":"https:\/\/doi.org\/10.2298\/csis101231014m","relation":{},"ISSN":["1820-0214","2406-1018"],"issn-type":[{"value":"1820-0214","type":"print"},{"value":"2406-1018","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011]]}}}