Title:
PORTAM: Policy, Requirements and Threats Analyzer for Mobile Code Application
Author(s):
Haruhiko Kaiya, Kouta Sasaki and Kenji Kaijiri
Source:
In QSIC 2006,
Proc. of The 6th International Conference on Quality Software,
pp. 125-132, Beijing, China, Oct. 2006. IEEE Computer Society.
Users and providers of an information system should clearly understand the
threats caused by the system as well as clarify the requirements for the system
before they use the system.
Especially, they should be very careful when they use a system with components
and/or services provided by third parties.
However, there are few methods or tools to learn and confirm such issues.
In this paper, we present a supporting tool called "PORTAM" for such users
and providers to understand the threats and the requirements.
Suppose some requirements cannot be satisfied when some threats are avoided,
and vice versa.
In such cases, they should decide whether the requirements should be satisfied
or the threats should be avoided.
The tool also helps them to decide such kinds of trade-offs.
Current version of this tool handles Java mobile code applications, thus users
of our tool can easily feel real threats.
Although the current version deals only with Java components, the ideas behind
the tool can be applied to software in general.
We finally report experimental results to confirm the usefulness and the
educational effects of this tool.
8 pages,
( 244 K bytes, gziped postscript)
or
( 300 K bytes, PDF)
GUI snapshot [JPG]
BibTeX Entry:
@Inproceedings(,
Title="{PORTAM: Policy, Requirements and Threats Analyzer for Mobile Code Application}",
Author="Haruhiko Kaiya and Kouta Sasaki and Kenji Kaijiri",
Booktitle="QSIC 2006,
Proc. of The 6th International Conference on Quality Software",
Year="2006",
Pages="125-132",
Organization="",
Publisher="IEEE Computer Society",
Address="Beijing, China",
Month="Oct.",
Isdn="0-7695-2718-3"
)
Related Paper(s):
May 2006.