EEMCS

Home > Publications
Home University of Twente
Education
Research
Prospective Students
Jobs
Publications
Intranet (internal)
 
 Nederlands
 Contact
 Search
 Organisation

EEMCS EPrints Service


Research Project: VRIEND: Value-Based Security Risk Mitigation in Enterprise Networks that are Decentralized
Home Policy Brochure Browse Search User Area Contact Help

2015

Yu, Yijun and Franqueira, V.N.L. and Tun, T.T. and Wieringa, R.J. and Nuseibeh, B. (2015) Automated analysis of security requirements through risk-based argumentation. Journal of systems and software, 106. pp. 102-116. ISSN 0164-1212 *** ISI Impact 1,424 ***

2013

Nunes Leal Franqueira, V. and van Cleeff, A. and van Eck, P.A.T. and Wieringa, R.J. (2013) Engineering security agreements against external insider threat. Information Resources Management Journal, 26 (4). pp. 66-91. ISSN 1040-1628

2012

Condori-Fernández, N. and Nunes Leal Franqueira, V. and Wieringa, R.J. (2012) Report on the Survey of Role-Based Access Control (RBAC) in Practice. Technical Report TR-CTIT-12-06, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625
Herrmann, A. and Morali, A. and Etalle, S. and Wieringa, R.J. (2012) Risk and Business Goal Based Security Requirement and Countermeasure Prioritization. In: Workshops on Business Informatics Research (BIR 2011), 6-8 Oct 2011, Riga, Latvia. pp. 64-76. Lecture Notes in Business Information Processing 106. Springer Verlag. ISSN 1865-1348 ISBN 978-3-642-29230-9
Nunes Leal Franqueira, V. and van Cleeff, A. and van Eck, P.A.T. and Wieringa, R.J. (2012) Securing the Extended Enterprise: A Method for Analyzing External Insider Threat. In: Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions. IGI Global, Hershey, USA, pp. 195-222. ISBN 978-1-46660-197-0
Nunes Leal Franqueira, V. and Wieringa, R.J. (2012) Role-Based Access Control in Retrospect. Computer, 45 (6). pp. 81-88. ISSN 0018-9162 *** ISI Impact 1,115 ***

2011

Morali, A. (2011) IT Architecture-Based Confidentiality Risk Assessment in Networks of Organizations. PhD thesis, University of Twente. CTIT Ph.D.-thesis series No. 11-197 ISBN 978-90-365-3165-8
Nunes Leal Franqueira, V. and Condori-Fernández, N. (2011) RBAC in Practice. In: Proceedings of the 17th International Working Conference on Requirements Engineering (REFSQ'2011), 28-30 March 2011, Essen, Germany. pp. 152-153. ICB-Research Report (44). Institute for Computer Science and Business Information Systems (ICB) . ISSN 1860-2770
Nunes Leal Franqueira, V. and Racheva, Z. and Tun, T. T. and Daneva, M. (2011) Towards Agile Security Risk Management in RE and Beyond. In: Proceedings of the International Workshop on Empirical Requirements Engineering (EmpiRE workshop co-located with RE'2011), 29 Aug - 02 Sep 2011, Trento, Italy. pp. 33-36. IEEE Computer Society. ISBN 978-1-4577-1075-9
Nunes Leal Franqueira, V. and Tun, T.T. and Yu, Yijun and Wieringa, R.J. and Nuseibeh, B. (2011) Risk and Argument: A Risk-based Argumentation Method for Practical Security. In: Proceedings of the 19th IEEE International Requirements Engineering Conference, 29 Aug - 02 Sep 2011, Trento, Italy. pp. 239-248. IEEE Computer Society. ISBN 978-1-4577-0924-1
Yu, Yijun and Tun, T.T. and Tedeschi, A. and Nunes Leal Franqueira, V. and Nuseibeh, B. (2011) OpenArgue: Supporting Argumentation to Evolve Secure Software Systems. In: 19th IEEE International Requirements Engineering Conference, RE 2011, 29 Aug- 2 Sep 2011, Trento, Italy. pp. 351-352. IEEE Computer Society. ISBN 978-1-4577-0924-1

2010

Herrmann, A. and Morali, A. (2010) RiskREP: Risk-Based Security Requirements Elicitation and Prioritization (extended version). Technical Report TR-CTIT-10-28, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625
Houmb, S.H. and Nunes Leal Franqueira, V. and Engum, E. A. (2010) Quantifying Security Risk Level from CVSS Estimates of Frequency and Impact. Journal of systems and software, 83 (9). pp. 1622-1634. ISSN 0164-1212 *** ISI Impact 1,424 ***
Morali, A. and Wieringa, R.J. (2010) Risk-Based Confidentiality Requirements Specification for Outsourced IT Systems (Extended Version). Technical Report TR-CTIT-10-09, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625
Morali, A. and Wieringa, R.J. (2010) Risk-Based Confidentiality Requirements Specification for Outsourced IT Systems. In: Proceedings of the 18th IEEE International Requirements Engineering Conference (RE 2010), 27 Sept - 1 Oct 2010, Sydney, Australia. pp. 199-208. IEEE Computer Society. ISBN 978-0-7695-4162-4
Morali, A. and Wieringa, R.J. (2010) Towards Validating Risk Indicators Based on Measurement Theory (Extended version). Technical Report TR-CTIT-10-31, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625
Morali, A. and Wieringa, R.J. (2010) Towards Validating Risk Indicators Based on Measurement Theory. In: ISSRE 2010 Supplemental Proceedings: 1st International Workshop on Risk and Trust in Extended Enterprises, 01 Nov 2010, USA. pp. 443-447. IEEE Computer Society. ISBN 978-0-7695-4255-3
Morali, A. and Zambon, Emmanuele and Etalle, S. and Wieringa, R.J. (2010) CRAC: Confidentiality Risk Assessment and IT-Architecture Comparison. In: Proceedings of the 6th International Conference on Network and Service Management (CNSM 2010), 25-29 Oct 2010, Niagara Falls, Canada. pp. 322-325. IEEE Computer Society. ISBN 978-1-4244-8910-7
Nunes Leal Franqueira, V. and van Cleeff, A. and van Eck, P.A.T. and Wieringa, R.J. (2010) External Insider Threat: a Real Security Challenge in Enterprise Value Webs. In: Proceedings of the Fifth International Conference on Availability, Reliability and Security (ARES'2010), 15-18 February 2010, Krakow, Poland. pp. 446-453. IEEE Computer Society. ISBN 978-0-7695-3965-2
Nunes Leal Franqueira, V. and Houmb, S.H. and Daneva, M. (2010) Using Real Option Thinking to Improve Decision Making in Security Investment. In: To Appear in the Proceedings of the 5th International Symposium on Information Security (IS'2010 - On The Move Federated Conferences), 25-29 October 2010, Greece. pp. 619-638. Lecture Notes in Computer Science 6426. Springer Verlag. ISSN 0302-9743
Nunes Leal Franqueira, V. and Wieringa, R.J. (2010) Value-driven Security Agreements in Extended Enterprises. Technical Report TR-CTIT-10-17, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625

2009

Georg, G. and Ray, I. and Anastasakis, K. and Bordbar, B. and Toahchoodee, M. and Houmb, S.H. (2009) An aspect-oriented methodology for designing secure applications. Information and Software Technology, 50 (5). pp. 846-864. ISSN 0950-5849 *** ISI Impact 1,569 ***
Houmb, S.H. and Nunes Leal Franqueira, V. (2009) Estimating ToE Risk Level using CVSS. In: Proceedings of the Fourth International Conference on Availability, Reliability and Security (ARES 2009 - The International Dependability Conference), 16-19 March 2009, Fukuoka, Japan. pp. 718-725. IEEE Conference Proceedings. IEEE Computer Society. ISSN 1077-2626 ISBN 978-0-7695-3564-7
Morali, A. and Zambon, Emmanuele and Etalle, S. and Wieringa, R.J. (2009) CRAC: Confidentiality Risk Analysis and IT-Architecture Comparison of Business Networks (extended version). Technical Report TR-CTIT-09-30, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625
Morali, A. and Zambon, Emmanuele and Houmb, S.H. and Sallhammar, K. and Etalle, S. (2009) Extended eTVRA vs. Security Checklist: Experiences in a Value-Web. In: 31st International Conference on Software Engineering - Companion Volume, 16-24 May 2009, Vancouver, Canada. pp. 130-140. IEEE Computer Society. ISBN 978-1-4244-3494-7

2008

Houmb, S.H. and Nunes Leal Franqueira, V. and Engum, E.A. (2008) Estimating Impact and Frequency of Risks to Safety and Mission Critical Systems Using CVSS. In: ISSRE 2008 Supplemental Proceedings: 1st Workshop on Dependable Software Engineering, 11 November 2008, Seattle, US. IEEE Computer Society. ISBN 978-1-4244-3417-6
Morali, A. and Zambon, Emmanuele and Etalle, S. and Overbeek, P. (2008) IT Confidentiality Risk Assessment for an Architecture-Based Approach. Technical Report TR-CTIT-08-05, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625
Morali, A. and Zambon, Emmanuele and Etalle, S. and Overbeek, P. (2008) IT Confidentiality Risk Assessment for an Architecture-Based Approach. In: Third IEEE International Workshop on Business-Driven IT Management, 07 Apr 2008, Salvador, Brazil. pp. 31-40. IEEE Computer Society. ISBN 978-1-4244-2191-6
Morali, A. and Zambon, Emmanuele and Houmb, S.H. and Sallhammar, K. and Etalle, S. (2008) Extended eTVRA vs. Security Checklist: Experiences in a Value-Web. Technical Report TR-CTIT-08-62, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625

2007

Etalle, S. and Massacci, F. and Yautsiukhin, A. (2007) The Meaning of Logs. In: Fourth Int. Conf. on Trust, Privacy and Security in Digital Business, TRUSTBUS 2007, 4-6 September 2007, Germany. pp. 145-154. Lecture Notes in Computer Science 4657. Springer Verlag. ISBN 978-3-540-74408-5
Etalle, S. and Massacci, F. and Yautsiukhin, A. (2007) The Meaning of Logs. Technical Report TR-CTIT-07-24, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625
Houmb, S.H. (2007) Decision Support for Choice of Security Solution: The Aspect-Oriented Risk Driven Development (AORDD)Framework. PhD thesis, Norwegian University of Science and Technology. Doctoral thesis at NTNU, 2007:208 ISBN 978-82-471-4588-3
Petriu, D.B. and Woodside, C.M. and Petriu, D.C. and Xu, Jing and Israr, T. and Georg, G. and France, R. and Bieman, J.M. and Houmb, S.H. and Jürjens, J. (2007) Performance Analysis of Security Aspects in UML Models. In: WOSP '07: Proceedings of the 6th international workshop on Software and performance, 5-8 Feb 2007, Buenes Aires, Argentina. pp. 91-102. ACM. ISBN 1-59593-297-6
Zambon, Emmanuele and Bolzoni, D. and Etalle, S. and Salvato, M. (2007) A model supporting Business Continuity auditing & planning in Information Systems. In: Second International Conference on Internet Monitoring and Protection (ICIMP), 1-5 Jul 2007, San Jose, CA, USA. pp. 33-33. IEEE Computer Society. ISBN 0-7695-2911-9
Zambon, Emmanuele and Bolzoni, D. and Etalle, S. and Salvato, M. (2007) Model-Based Mitigation of Availability Risks. Technical Report TR-CTIT-07-04, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625
Zambon, Emmanuele and Bolzoni, D. and Etalle, S. and Salvato, M. (2007) A model supporting Business Continuity auditing & planning in Information Systems. Technical Report TR-CTIT-07-17, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625
Zambon, Emmanuele and Bolzoni, D. and Etalle, S. and Salvato, M. (2007) Model-Based Mitigation of Availability Risks. In: Second IEEE/IFIP International Workshop on Business-Driven IT Management, 21 May 2007, Munich, Germany. pp. 75-83. IEEE Computer Society. ISBN 1-4244-1295-1

2006

Daneva, M. (2006) Applying Real Options Thinking to Information Security in Networked Organizations. Technical Report TR-CTIT-06-11, Centre for Telematics and Information Technology University of Twente, Enschede. ISSN 1381-3625