Ketil Stølen - Böcker

Today's distributed systems are characterized by interactions, often complex, between many different hardware/software components cooperating and exchanging information. To reduce the complexity of the development of interactive systems, experts employ descriptions, or specifications, of a given system's behavior and/or structure. This book provides a mathematical and logical foundation for the specification and development of interactive systems based on a model that describes systems in terms of their input/output behavior. Based on the model, the authors build a basic method, called FOCUS, that enables interactive systems to be described by characterizing their histories of message interaction. The book progresses from an introduction and guided tour of FOCUS through streams, specifications and their properties, and behavioral, interface, and conditional refinements.

This book presents a fundamental mathematical and logical approach to soft­ ware and systems engineering. Considering the large number of books de­ scribing mathematical approaches to program development, it is important to explain what we consider to be the specific contribution of our book, to identify our goals, and to characterize our intended target audience. Most books dealing with the mathematics and logics of programming and system development are mainly devoted to programming in the small. This is in contrast to our book where the emphasis is on modular system development with the help of component specifications with precisely identified interfaces and refinement concepts. Our book aims at systems development carried out in a systematic way, based on a clear mathematical theory. We do not claim that this book presents a full-blown engineering method. In fact, this is certainly not a book for the application-driven software engi­ neer looking for a practical method for system development in an industrial context. It is much rather a book for the computer scientist and the scientifi­ cally interested engineer who looks for basic principles of system development and, moreover, its mathematical foundations. It is also a book for method builders interested in a proper mathematical foundation on which they can build a practical development method and industrial-strength support tools.

This book aims to help research practitioners in technology science avoid some of the most common pitfalls or at least make them easier to overcome.

This book constitutes the thoroughly refereed conference proceedings of the First International Workshop on Risk Assessment and Risk-driven Testing, RISK 2013, held in conjunction with 25th IFIP International Conference on Testing Software and Systems, ICTSS 2013, in Istanbul, Turkey, in November 2013. The revised full papers were carefully reviewed and selected from 13 submissions. The papers are organized in topical sections on risk analysis, risk modeling and risk-based testing.

This book provides a brief and general introduction to cybersecurity and cyber-risk assessment. Finally, part III details four important challenges and how to reasonably deal with them in practice: risk measurement, risk scales, uncertainty, and low-frequency risks with high consequence.

This volume constitutes the proceedings of the 4th International Conference on Trust Management, held in Pisa, Italy during 16–19 May 2006. The conference followed successful International Conferences in Crete in 2003, Oxford in 2004 and Paris in 2005. The ?rst three conferences were organized by iTrust, which was a working group funded as a thematic network by the Future and Emerging Technologies(FET) unit of the Information Society Technologies(IST) program of the European Union. The purpose of the iTrust working group was to provide a forum for cro- disciplinary investigation of the applications of trust as a means of increasing security, building con?dence and facilitating collaboration in dynamic open s- tems. The aim of the iTrust conference series is to provide a common forum, bringing together researchers from di?erent academic branches, such as the technology-oriented disciplines, law, social sciences and philosophy, in order to develop a deeper and more fundamental understanding of the issues and ch- lenges in the area of trust management in dynamic open systems. The response to this conference was excellent; from the 88 papers submitted to the conference, we selected 30 full papers for presentation. The program also included one keynote address, given by Cristiano Castelfranchi; an industrial panel; 7 technology demonstrations; and a full day of tutorials.

The term “risk” is known from many fields, and we are used to references to contractual risk, economic risk, operational risk, legal risk, security risk, and so forth. We conduct risk analysis, using either offensive or defensive approaches to identify and assess risk. Offensive approaches are concerned with balancing potential gain against risk of investment loss, while defensive approaches are concerned with protecting assets that already exist.In this book, Lund, Solhaug and Stølen focus on defensive risk analysis, and more explicitly on a particular approach called CORAS. CORAS is a model-driven method for defensive risk analysis featuring a tool-supported modelling language specially designed to model risks. Their book serves as an introduction to risk analysis in general, including the central concepts and notions in risk analysis and their relations. The authors’ aim is to support risk analysts in conducting structured and stepwise risk analysis. To this end, the book is divided into three main parts. Part I of the book introduces and demonstrates the central concepts and notation used in CORAS, and is largely example-driven. Part II gives a thorough description of the CORAS method and modelling language. After having completed this part of the book, the reader should know enough to use the method in practice. Finally, Part III addresses issues that require special attention and treatment, but still are often encountered in real-life risk analysis and for which CORAS offers helpful advice and assistance. This part also includes a short presentation of the CORAS tool support.The main target groups of the book are IT practitioners and students at graduate or undergraduate level. They will appreciate a concise introduction into the emerging field of risk analysis, supported by a sound methodology, and completed with numerous examples and detailed guidelines.