Vol-413 Copyright © 2008 for the individual papers by the papers' authors. Copying permitted for private and academic purposes. Re-publication of material from this volume requires permission by the copyright owners.

MODSEC08
Modeling Security

Proceedings of the Workshop on Modeling Security (MODSEC08) held as part of the 2008 International Conference on Model Driven Engineering Languages and Systems (MODELS)
Toulouse, France, September 28, 2008.

Jon Whittle *
Jan Jürjens **
Bashar Nuseibeh **
Glen Dobson *

Table of Contents

1. SECTISSIMO: A Platform-Independent Framework for Security Services
   Mukhtiar Memon, Michael Hafner, Ruth Breu
2. Specifying Security Aspects in UML Models
   Karine Peralta, Alex Orozco, Avelino Zorzo, Flavio Oliveira
3. Transforming Security Audit Requirements into a Software Architecture
   Koen Yskout, Bart De Win, Wouter Joosen
4. Mutating DAC and MAC Security Policies: A Generic Metamodel Based Approach
   Tejeddine Mouelhi, Franck Fleurey, Benoit Baudry, Yves Le Traon
5. Experiences Threat Modeling at Microsoft
   Adam Shostack
6. Using Common Criteria as Reusable Knowledge in Security Requirements Elicitation
   Motoshi Saeki, Haruhiko Kaiya
7. Curriculum for Modeling Security: Experiences and Lessons Learned
   Haralambos Mouratidis
8. A Security Domain Model for Implementing Trusted Subject Behaviors
   Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin
9. Modeling Security Protocols using UML2
   Alain Beaulieu, Greg Phillips, Sandra Smith
10. Modeling and Assessment of Systems Security
    Jonas Hallberg, Johan Bengtsson, Niklas Hallberg
11. Model Driven Security Management: Making Security Management Manageable in Complex Distributed Systems
    Ulrich Lang, Rudolf Schreiner
12. Towards an Integrated Framework for Model-Driven Security Engineering
    Jordit Cabot, Nicola Zannone
13. Incorporating Security Requirements from Legal Regulations into UMLsec model
    Shareeful Islam, Jan Jürjens
14. IT Security Risk Analysis based on Business Process Models enhanced with Security Requirements
    Stefan Taubenberger, Jan Jürjens
15. Towards a Measurement Framework for Security Risk Management
    Nicolas Mayer, Eric Dubois, Raimundas Matulevicius, Patrick Heymans
16. On the Inability of Existing Security Models to Cope with Data Mobility in Dynamic Organizations
    Trajce Dimkov, Qiang Tang, Pieter Hartel
17. A Server Side SOA Meta Model for Assigning Aspect Services
    Andreas Ganser, Stefan Hurtz, Horst Lichter
18. SPML: A Visual Approach for Modeling Firewall Configurations
    Kleber Trevisani, Rogério Garcia
19. Automatic Generation of Secure Multidimensional Code for Data Warehouses by using QVT Transformations: an MDA Approach
    Carlos Blanco, Ignacio Garcia, Eduardo Fernandez-Medina, Juan Trujillo, Mario Piattini