Published: 6th April 2014|
|Threats Management Throughout the Software Service Life-Cycle Erlend Andreas Gjære and Per Håkon Meland||1|
|Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems Ludovic Apvrille and Yves Roudier||15|
|Towards Automating the Construction & Maintenance of Attack Trees: a Feasibility Study Stéphane Paul||31|
|Possibilistic Information Flow Control for Workflow Management Systems Thomas Bauereiss and Dieter Hutter||47|
|Actor Network Procedures as Psi-calculi for Security Ceremonies Cristian Prisacariu||63|
|A Graphical Adversarial Risk Analysis Model for Oil and Gas Drilling Cybersecurity Aitor Couce Vieira, Siv Hilde Houmb and David Rios Insua||78|
Graphical security models provide an intuitive but systematic methodology to analyze security weaknesses of systems and to evaluate potential protection measures. Such models have been subject of academic research and they have also been widely accepted by the industrial sector, as a means to support and facilitate threat analysis and risk management processes.
The objective of the International Workshop on Graphical Models for Security is to contribute to the development of well-founded graphical security models, efficient algorithms for their analysis, as well as methodologies for their practical usage. The workshop brings together academic researchers and industry practitioners designing and employing visual models for security in order to provide a platform for discussion, knowledge exchange and collaborations.
Thirteen submissions were received by this first edition of GraMSec and each of them was reviewed by at least three reviewers. Based on their quality and contribution to the field, six papers, presented in this volume, were accepted for presentation at the workshop and inclusion in the final proceedings. The keynote talk of GraMSec'14, entitled Graphical Models for Security: Overview, Challenges, and Recommendations, was presented by Prof. Ketil Stølen from SINTEF and the University of Oslo, in Norway.
We would like to thank all the authors for submitting their work to GraMSec'14 and the members of the Program Committee as well as external reviewers for their efforts and high-quality reviews. We are very grateful to the organizers of ETAPS 2014, especially to the Workshops' Chair Axel Legay, for accepting GraMSec'14 as an ETAPS-affiliated event and for providing a perfect environment for running the workshop. We would also like to thank the Fonds National de la Recherche Luxembourg and the European Commission's Seventh Framework Programme for their partial sponsorship of the workshop (FNR-CORE ADT2P grant and the EU FP7 grant no. ICT-318003 TREsPASS). Finally, we are thankful to the University of Luxembourg, the University of Twente, and Delft University of Technology for their in kind contribution to GraMSec'14.
|April, 2014|| Sjouke Mauw