Online ISSN:1349-8606
Progress in Informatics  
No5. March 2008  
Page 7-18 PDF(1142KB) | References
doi:10.2201/NiiPi.2008.5.3
PORTAM:policy,requirements,and threats analyzer for mobile code applications
Haruhiko KAIYA1,kouta SASAI2,and Kenji KAIJIRI3
1,2,3,Shinshu University
(Received: September 13,2007)
(Revised: November 19,2007)
(Accepted: Decem-ber 11,2007)
Abstract:
Users and providers of an information system should clearly understand the threats caused by the system as well as clarify the requirements for it before they actually use or develop it. In particular, they should be more careful when certain components or services are provided by third-parties. However, few tools can help identify and highlight threats to the security requirements. In this paper, we present a support tool called “PORTAM” for such users and providers to better understand the threats and the requirements. Suppose some requirements cannot be satisfied when some threats are avoided, and vice versa. In such cases, they should decide whether the requirements could be satisfied or the threats avoided. The tool also helps them to decide these kinds of trade-offs. The current version of this tool handles Java mobile code applications, thus users of our tool can readily understand the existence of real threats. Although the current version deals with only Java components, the ideas behind the tool can be applied to software in general. We complete this report by discussing some experimental results to confirm the usefulness for pedagogical purposes.
Keywords:
Requirements analysis, security policy, mobile code application, tool
PDF(1,142KB) | References

National Institute of Informatics is a member of CrossRef.
Go back HOME