Paul Baker, Zhen Ru Dai, Jens Grabowski, Øystein Haugen, Ina Schieferdecker & Clay Williams (2007):
Model-Driven Testing: Using the UML Testing Profile,
1 edition.
Springer, Berlin.
Available at http://dx.doi.org/10.1007/978-3-540-72563-3.
David Basin, Jürgen Doser & Torsten Lodderstedt (2006):
Model driven security: From UML models to access control infrastructures.
ACM Trans. Softw. Eng. Methodol. 15,
pp. 39–91.
Available at http://doi.acm.org/10.1145/1125808.1125810.
Mark Blackburn, Robert Busser & Aaron Nauman (2002):
Model-based approach to security test automation.
In: International Software Quality Week.
Paul Gerrard & Neil Thompson (2002):
Risk Based E-Business Testing.
Artech House, Inc.,
Norwood, MA, USA.
F. Y. Gu Tian-yang, Shi Yin-sheng & Yuan (2010):
Research on Software Security.
Testing World Academy of Science Engineering and Technology 69 2010.
Matthias Güdemann, Frank Ortmeier & Wolfgang Reif (2007):
Using Deductive Cause Consequence Analysis (DCCA) with SCADE.
In: Proceedings of SAFECOMP 2007.
Springer LNCS 4680.
Ida Hogganvik (2007):
A Graphical Approach to Security Risk Analysis.
Oslo : University of Oslo, Department of Informatics.
Jan Jürjens (2002):
UMLsec: Extending UML for Secure Systems Development.
In: Jean-Marc Jézéquel, Heinrich Hussmann & Stephen Cook: The Unified Modeling Language,
Lecture Notes in Computer Science 2460.
Springer Berlin / Heidelberg,
pp. 1–9.
Available at http://dx.doi.org/10.1007/3-540-45800-X_32.
Jan Jürjens & Guido Wimmel (2001):
Specification-Based Testing of Firewalls.
In: Dines Bjørner, Manfred Broy & Alexandre V. Zamulin: Ershov Memorial Conference,
Lecture Notes in Computer Science 2244.
Springer,
pp. 308–316.
Available at http://dx.doi.org/10.1007/3-540-45575-2_31.
Rauli Kaksonen (2001):
A functional method for assessing protocol implementation security VTT Publications 448.
VTT Technical Research Center of Finland.
M. S. Lund, B. Solhaug & K. Stølen (2011):
Model-Driven Risk Analysis. The CORAS Approach ISBN: 978-3-642-12322-1.
Springer.
Sjouke Mauw & Martijn Oostdijk (2005):
Foundations of Attack Trees.
In: International Conference on Information Security and Cryptology – ICISC 2005. LNCS 3935.
Springer,
pp. 186–198.
Barton P. Miller, Lars Fredriksen & Bryan So (1990):
An Empirical Study of the Reliability of UNIX Utilities.
In: In Proceedings of the Workshop of Parallel and Distributed Debugging.
Academic Medicine,
pp. pages ix–xxi,.
Tejeddine Mouelhi, Franck Fleurey, Benoit Baudry & Yves Le Traon (2008):
A Model-Based Framework for Security Policy Specification, Deployment and Testing.
In: Krzysztof Czarnecki, Ileana Ober, Jean-Michel Bruel, Axel Uhl & Markus Völter: MoDELS,
Lecture Notes in Computer Science 5301.
Springer,
pp. 537–552.
Available at http://dx.doi.org/10.1007/978-3-540-87875-9_38.
D.S. Nielsen (1971):
The Cause/Consequence Diagram Method as a Basis for Quantitative Accident Analysis.
Technical Report RISO-M-1374.
Danish Atomic Energy Commission.
K.A. Reay & University of Loughborough (2002):
Efficient fault tree analysis using binary decision diagrams/.
University of Loughborough.
Available at http://books.google.de/books?id=_0SFGwAACAAJ.
A. Takanen, J. DeMott & C. Miller (2008):
Fuzzing for software security testing and quality assurance.
Artech House information security and privacy series.
Artech House.
Available at http://books.google.de/books?id=tMuAc_y9dFYC.
Linzhang Wang, Eric Wong & Dianxiang Xu (2007):
A Threat Model Driven Approach for Security Testing.
In: Proceedings of the Third International Workshop on Software Engineering for Secure Systems,
SESS '07.
IEEE Computer Society,
Washington, DC, USA,
pp. 10–.
Available at http://dx.doi.org/10.1109/SESS.2007.2.
Guido Wimmel & Jan Jürjens (2002):
Specification-Based Test Generation for Security-Critical Systems Using Mutations.
In: Proceedings of the 4th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering,
ICFEM '02.
Springer-Verlag,
London, UK, UK,
pp. 471–482.
Available at http://dl.acm.org/citation.cfm?id=646272.685812.