第5回先端ソフトウェア科学・工学に関するGRACEセミナー

主 催: NII 先端ソフトウェア工学国際研究センター(GRACEセンター)
日 時:2008年7月11日(金)13:00-15:00
場 所:国立情報学研究所(NII) 22階2208会議室 (地図)
参加費:無料
お問い合わせ先:胡振江(Zhenjiang Hu) (hu _AT_ nii.ac.jp)
プログラム:
−Eliciting Security Requirements through Misuse Activities
Eduardo B. Fernandez
(Dept. of Computer Science and Eng., Florida Atlantic University)
−99% (Biological) Inspiration…
Mike Hinchey
(Irish Software Engineering Research Center, University of Limerick)

▼プログラム
Title:Eliciting Security Requirements through Misuse Activities
Speaker:Eduardo B. Fernandez (Dept. of Computer Science and Eng.,Florida Atlantic University)
Abstract:An important aspect of security requirements is the understanding and listing of the possible threats to the system. Only then can we decide what specific defense mechanisms to use. We show here an approach to list all threats by considering each action in each use case and analyzing how it can be subverted by an internal or external attacker. This method starts from the activity diagram of a use case (or a sequence of use cases). Each activity is analyzed to see how it could be subverted to produce a misuse of information. This analysis results in a set of threats. We then consider which policies can stop or mitigate these threats. To make the analysis systematic we consider the type of misuse (confidentiality, integrity …) that can happen in each activity, the role of the attacker, and the context for the threat. The resulting policies can then be used as guidelines for design and we consider how to map these policies to security patterns. The information in each pattern helps in the selection of an optimal (or good) set of policies. Our approach can be conveniently incorporated in a methodology to build secure systems. The proposed method can include formal design notations for validation and verification. Another application is the verification of the security requirements of existing systems.
Biography: Eduardo B. Fernandez (Eduardo Fernandez-Buglioni) is a professor in the Department of Computer Science and Engineering at Florida Atlantic University in Boca Raton, Florida. He has published numerous papers on authorization models, object-oriented analysis and design, and security patterns. He has written four books on these subjects, the most recent being a book on security patterns. He has lectured all over the world at both academic and industrial meetings. He has created and taught several graduate and undergraduate courses and industrial tutorials. His current interests include security patterns and web services security and fault tolerance. He holds a MS degree in Electrical Engineering from Purdue University and a Ph.D. in Computer Science from UCLA. He is an active consultant for industry, including assignments with IBM, Allied Signal, Motorola, Lucent, and others.

Title:99% (Biological) Inspiration…
Speaker:Mike Hinchey (Irish Software Engineering Research Center, University of Limerick)
Abstract: Greater understanding of biology in modern times has enabled significant breakthroughs in improving healthcare, quality of life, and eliminating many diseases and congenital illnesses. Simultaneously there is a move towards emulating nature and copying many of the wonders uncovered in biology, resulting in “biologically inspired”systems. Significant results have been reported in a wide range of areas, with systems inspired by nature enabling exploration, communication, and advances that were never dreamed possible just a few years ago. We warn, that as in many other fields of endeavor, we should be inspired by nature and biology, not engage in mimicry. We describe some results of biological inspiration that augur promise in terms of improving the safety and security of systems, and in developing self-managing systems, that we hope will ultimately lead to self-governing systems.
Biography:Mike Hinchey is Co-Director of Lero-the Irish Software Engineering Research Center and Professor of Software Engineering at University of Limerick, Ireland. Until recently he was Director of the NASA Software Engineering Research Center. Hinchey received a BSc from University of Limerick, MSc from University of Oxford and a PhD from University of Cambridge. He previously held positions as full professor at universities in Ireland, UK, Sweden, Australia and USA. The author/editor of more than 12 books and over 100 technical articles, he is Chair of the IEEE Technical Committee on Complexity in Computing and Vice Chair of the IEEE Technical Committee on Autonomous and Autonomic Systems. He is also the IEEE’s representative to IFIP TC1 (Foundations of Computer Science) which he currently chairs.

※プログラムは予告なく変更される場合もありますのでご了承ください。

カテゴリー: 研究, セミナー パーマリンク

コメントは停止中です。