Page 356 -
P. 356

Chapter 12   References  339



                         12.8. Explain why there is a need for both preliminary security risk assessment and life-cycle
                              security risk assessment during the development of a system.

                         12.9. Extend the table in Figure 12.11 to identify two further threats to the MHC-PMS, along with
                              associated controls. Use these as a basis for generating further software security
                              requirements that implement the proposed controls.
                        12.10. Should software engineers working on the specification and development of safety-related
                              systems be professionally certified in some way? Explain your reasoning.




                     REFERENCES

                         Badeau, F. and Amelot, A. (2005). ‘Using B as a High Level Programming Language in an Industrial
                         Project: Roissy VAL’. Proc. ZB 2005: Formal Specification and Development in Z and B, Guildford,
                         UK: Springer.
                         Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., McGarvey, C., Ondrusek, B., Rajamani, S. K.
                         and Ustuner, A. (2006). ‘Thorough Static Analysis of Device Drivers’. Proc. EuroSys 2006, Leuven,
                         Belgium.

                         Ball, T., Cook, B., Levin, V. and Rajamani, S. K. (2004). ‘SLAM and Static Driver Verifier: Technology
                         Transfer of Formal Methods Inside Microsoft’. Proc. Integrated Formal Methods 2004, Canterbury,
                         UK: Springer.
                         Barnes, J. P. (2003). High-integrity Software: The SPARK Approach to Safety and Security. Harlow,
                         UK: Addison-Wesley.

                         Bishop, M. (2005). Introduction to Computer Security. Boston: Addison-Wesley.
                         Brazendale, J. and Bell, R. (1994). ‘Safety-related control and protection systems: standards
                         update’. IEE Computing and Control Engineering J., 5 (1), 6–12.

                         Clarke, E. M., Grumberg, O. and Peled, D. A. (2000). Model Checking. Cambridge, Mass.: MIT Press.
                         Firesmith, D. G. (2003). ‘Engineering Security Requirements’. Journal of Object Technology, 2 (1),
                         53–68.

                         Hall, A. (1990). ‘Seven Myths of Formal Methods’. IEEE Software, 7 (5), 11–20.
                         Hall, A. (1996). ‘Using Formal methods to Develop an ATC Information System’. IEEE Software,
                         13 (2), 66–76.

                         Hall, A. and Chapman, R. (2002). ‘Correctness by Construction: Developing a Commercially Secure
                         System’. IEEE Software, 19 (1), 18–25.
                         Jahanian, F. and Mok, A. K. (1986). ‘Safety analysis of timing properties in real-time systems’. IEEE
                         Trans.on Software Engineering., SE-12 (9), 890–904.
   351   352   353   354   355   356   357   358   359   360   361