Published: 6th April 2014
DOI: 10.4204/EPTCS.148
ISSN: 2075-2180

EPTCS 148

Proceedings First International Workshop on
Graphical Models for Security
Grenoble, France, April 12, 2014

Edited by: Barbara Kordy, Sjouke Mauw and Wolter Pieters

Preface
Threats Management Throughout the Software Service Life-Cycle
Erlend Andreas Gjære and Per Håkon Meland
1
Towards the Model-Driven Engineering of Secure yet Safe Embedded Systems
Ludovic Apvrille and Yves Roudier
15
Towards Automating the Construction & Maintenance of Attack Trees: a Feasibility Study
Stéphane Paul
31
Possibilistic Information Flow Control for Workflow Management Systems
Thomas Bauereiss and Dieter Hutter
47
Actor Network Procedures as Psi-calculi for Security Ceremonies
Cristian Prisacariu
63
A Graphical Adversarial Risk Analysis Model for Oil and Gas Drilling Cybersecurity
Aitor Couce Vieira, Siv Hilde Houmb and David Rios Insua
78

Preface

The present volume contains the proceedings of The First International Workshop on Graphical Models for Security (GraMSec'14). The workshop was held in Grenoble, France, on April 12, 2014, as a satellite event of The European Joint Conferences on Theory and Practice of Software (ETAPS) 2014.

Graphical security models provide an intuitive but systematic methodology to analyze security weaknesses of systems and to evaluate potential protection measures. Such models have been subject of academic research and they have also been widely accepted by the industrial sector, as a means to support and facilitate threat analysis and risk management processes.

The objective of the International Workshop on Graphical Models for Security is to contribute to the development of well-founded graphical security models, efficient algorithms for their analysis, as well as methodologies for their practical usage. The workshop brings together academic researchers and industry practitioners designing and employing visual models for security in order to provide a platform for discussion, knowledge exchange and collaborations.

Thirteen submissions were received by this first edition of GraMSec and each of them was reviewed by at least three reviewers. Based on their quality and contribution to the field, six papers, presented in this volume, were accepted for presentation at the workshop and inclusion in the final proceedings. The keynote talk of GraMSec'14, entitled Graphical Models for Security: Overview, Challenges, and Recommendations, was presented by Prof. Ketil Stølen from SINTEF and the University of Oslo, in Norway.

We would like to thank all the authors for submitting their work to GraMSec'14 and the members of the Program Committee as well as external reviewers for their efforts and high-quality reviews. We are very grateful to the organizers of ETAPS 2014, especially to the Workshops' Chair Axel Legay, for accepting GraMSec'14 as an ETAPS-affiliated event and for providing a perfect environment for running the workshop. We would also like to thank the Fonds National de la Recherche Luxembourg and the European Commission's Seventh Framework Programme for their partial sponsorship of the workshop (FNR-CORE ADT2P grant and the EU FP7 grant no. ICT-318003 TREsPASS). Finally, we are thankful to the University of Luxembourg, the University of Twente, and Delft University of Technology for their in kind contribution to GraMSec'14.

April, 2014 Sjouke Mauw
Barbara Kordy
Wolter Pieters

GraMSec'14 Organizing Committees

General Chair

Prof. Dr. Sjouke Mauw, University of Luxembourg, Luxembourg

Program Co-chairs

Dr. Barbara Kordy, University of Luxembourg, Luxembourg
Dr. Wolter Pieters, Delft University of Technology and University of Twente, The Netherlands

Program Committee

Giampaolo Bella, University of Catania, Italy
Matt Bishop, University of California at Davis, USA
Stefano Bistarelli, University of Perugia, Italy
Mathias Ekstedt, KTH Royal Institute of Technology, Sweden
Donald Firesmith, Software Engineering Institute, USA
Virginia N. L. Franqueira, University of Central Lancashire, UK
Paolo Giorgini, University of Trento, Italy
Siv Hilde Houmb, Secure-NOK AS and Gjøvik University College, Norway
Sushil Jajodia, George Mason University, USA
Henk Jonkers, BiZZdesign, The Netherlands
Jan Jürjens, Technical University Dortmund, Germany
Peter Karpati, Institute for Energy Technology, Norway
Dong Seong Kim, University of Canterbury, New Zealand
Gabriele Lenzini, University of Luxembourg, Luxembourg
Per Håkon Meland, SINTEF, Norway
Svetla Nikova, KU Leuven, Belgium
Andreas L. Opdahl, University of Bergen, Norway
Stéphane Paul, Thales Research and Technology, France
Milan Petković, Philips and Eindhoven University of Technology, The Netherlands
Ludovic Piètre-Cambacédès, EDF, France
Christian W. Probst, Technical University of Denmark, Denmark
William H. Sanders, University of Illinois, USA
Simone Sillem, Delft University of Technology, The Netherlands
Guttorm Sindre, Norwegian University of Science and Technology, Norway
Mariëlle Stoelinga, University of Twente, The Netherlands
Kishor S. Trivedi, Duke University, USA
Luca Viganò, King's College London, UK
Lingyu Wang, Concordia University, Canada
Jan Willemson, Cybernetica, Estonia

External Reviewers

Elisa Costante, Eindhoven University of Technology, The Netherlands
Dennis Guck, University of Twente, The Netherlands
Hugo Jonker, University of Luxembourg, Luxembourg
Ali Koudri, Thales Research and Technology, France
Zhan Wang, George Mason University, USA