Institute of Computer Science
  1. Courses
  2. 2023/24 spring
  3. Principles of Secure Software Design (MTAT.03.307)
ET
Log in

Principles of Secure Software Design 2023/24 spring

  • Main
  • Lectures
  • Reading
  • Upload
  • Exam

Coursebook and additional reading

(will be updated before lectures)

  • Matulevičius R., Fundamentals of Secure System Modelling, Springer International Publishing, ISBN 978-3-319-61717-6, 2017, 218 pp. URL: http://www.springer.com/9783319617176
  • Lecture 1: chapters 1, 12, and 2
    • Daniel Ganji, Christos Kalloniatis, Haralambos Mouratidis, Saeed Malekshahi Gheytassi (2019): Approaches to Develop and Implement ISO/IEC 27001 Standard - Information Security Management Systems: A Systematic Literature Review, International Journal on Advances in Software, vol 12, No 3&4, 2019
  • Lecture 2: chapter 3
    • Matulevičius, R.; Norta, A.; Udokwu, C.; Nõukas, R. (2017). Assessment of Aviation Security Risk Management for Airline Turnaround Processes. In: Hameurlain, A.; et al. (Ed.). Transactions on Large-Scale Data- and Knowledge-Centered Systems XXXVI (109−141). Berlin: Springer. (Lecture Notes in Computer Science; 10720) (link)
  • Lecture 3: chapter 4
    • UML Class Diagram
      • Basics link or link
    • UML Activity Diagram
      • Basics link
      • Another basics link
    • UML Use Case Diagram
      • Basics link
      • Video tutorial of basics link
    • BPMN 2.0
      • Cheat Sheet link
      • Quick guide link
      • Tools
        • No registration is needed (put constraints to follow syntax) https://demo.bpmn.io/new
        • Academic version (allows make colouring and checks syntax) https://academic.signavio.com/
  • Lecture 4: chapters 5, 11
  • Lecture 5: chapters 7, 8, 9
  • Lecture 6: chapter 10
  • Lecture 7: Must read before the lecture:
    • N. Komninos, E. Philippou and A. Pitsillides, "Survey in Smart Grid and Smart Home Security: Issues, Challenges and Countermeasures," in IEEE Communications Surveys & Tutorials, vol. 16, no. 4, pp. 1933-1954, Fourthquarter 2014, doi: 10.1109/COMST.2014.2320093
  • Lecture 9:
    • Bakhtina M., Matulevicius R.: Information Security Risks Analysis and Assessment in the Passenger-Autonomous Vehicle Interaction, Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 13(1):87-111, Mar. 2022 DOI: 10.22667/JOWUA.2022.03.31.087; Direct download: https://isyou.info/jowua/papers/jowua-v13n1-4.pdf
    • Bakhtina M. (2021): Securing Passenger’s Data in Autonomous Vehicles, Master thesis, University of Tartu. URL: https://comserv.cs.ut.ee/ati_thesis/datasheet.php?id=72371&language=en
  • Lecture 10:
    • Affia A.O., Matulevičius R., Tõnisson R. (2021) Security Risk Estimation and Management in Autonomous Driving Vehicles. In: Nurcan S., Korthaus A. (eds) Intelligent Information Systems. CAiSE 2021. Lecture Notes in Business Information Processing, vol 424. Springer, Cham. link
    • Affia, A. A. O., & Matulevičius, R. (2021, July). Securing an MQTT-based Traffic Light Perception System for Autonomous Driving. In 2021 IEEE International Conference on Cyber Security and Resilience (CSR) (pp. 255-260). IEEE. link , video

( below -- not updated to this year's lectures )

  • Affia AA.O., Matulevičius R., Nolte A. (2019) Security Risk Management in Cooperative Intelligent Transportation Systems: A Systematic Literature Review. In: Panetto H., Debruyne C., Hepp M., Lewis D., Ardagna C., Meersman R. (eds) On the Move to Meaningful Internet Systems: OTM 2019 Conferences. OTM 2019. Lecture Notes in Computer Science, vol 11877. Springer, Cham. link

Additional literature

  • [1] Clavel M., da Silva V., Braga C., Egea M. (2008) Model-Driven Security in Practice: An Industrial Experience. In: Schieferdecker I., Hartman A. (eds) Model Driven Architecture – Foundations and Applications. ECMDA-FA 2008. Lecture Notes in Computer Science, vol 5095. Springer, Berlin, Heidelberg (link) freely available from the UT network
  • [2] Rrenja A., Matulevičius R. (2015) Pattern-Based Security Requirements Derivation from Secure Tropos Models. In: Ralyté J., España S., Pastor Ó. (eds) The Practice of Enterprise Modeling. Lecture Notes in Business Information Processing, vol 235. Springer, Cham (link) freely available from the UT network
  • [3] Gaidels E., Gaidukovs A., Matulevičius R., A Coarse-Grained Comparison of BPMN Extensions for Security Requirements Modelling, Joint Proceedings of the BIR 2018 Short Papers, Workshops and Doctoral Consortium, Stockholm, Sweden, September 24-26, 2018. link
  • [4] Matulevičius, R., Norta, A. & Samarütel, S. (2018) Security Requirements Elicitation from Airline Turnaround Processes. Bus Inf Syst Eng 60, 3–20 (link
  • [5] Soomro I., Ahmed N. (2013) Towards Security Risk-Oriented Misuse Cases. In: La Rosa M., Soffer P. (eds) Business Process Management Workshops. BPM 2012. Lecture Notes in Business Information Processing, vol 132. Springer, Berlin, Heidelberg. link
  • [6] Chowdhury M.J.M., Matulevičius R., Sindre G., Karpati P. (2012) Aligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions. In: Regnell B., Damian D. (eds) Requirements Engineering: Foundation for Software Quality. REFSQ 2012. Lecture Notes in Computer Science, vol 7195. Springer, Berlin, Heidelberg. link
  • [7] Clavel M., da Silva V., Braga C., Egea M. (2008) Model-Driven Security in Practice: An Industrial Experience. In: Schieferdecker I., Hartman A. (eds) Model Driven Architecture – Foundations and Applications. ECMDA-FA 2008. Lecture Notes in Computer Science, vol 5095. Springer, Berlin, Heidelberg. link
  • [8] Hochreiner C., Ma Z., Kieseberg P., Schrittwieser S., Weippl E. (2014) Using Model Driven Security Approaches in Web Application Development. In: Linawati, Mahendra M.S., Neuhold E.J., Tjoa A.M., You I. (eds) Information and Communication Technology. ICT-EurAsia 2014. Lecture Notes in Computer Science, vol 8407. Springer, Berlin, Heidelberg. link
  • [9] Ahmadian A.S., Strüber D., Riediger V., Jürjens J. (2017) Model-Based Privacy Analysis in Industrial Ecosystems. In: Anjorin A., Espinoza H. (eds) Modelling Foundations and Applications. ECMFA 2017. Lecture Notes in Computer Science, vol 10376. Springer, Cham. https://doi.org/10.1007/978-3-319-61482-3_13

Useful links for modelling

  • UML Class Diagram
    • Basics link or link
  • UML Activity Diagram
    • Basics link
    • Another basics link
  • UML Use Case Diagram
    • Basics link
    • Video tutorial of basics link
  • BPMN 2.0
    • Cheat Sheet link
    • Quick guide link
    • Tools
      • No registration is needed (put constraints to follow syntax) https://demo.bpmn.io/new
      • Academic version (allows make colouring and checks syntax) https://academic.signavio.com/
  • i*/Tropos
    • Slides about the syntax and examples link
    • Paper with examples of Secure Tropos models link freely available from the UT network
  • Institute of Computer Science
  • Faculty of Science and Technology
  • University of Tartu
In case of technical problems or questions write to:

Contact the course organizers with the organizational and course content questions.
The proprietary copyrights of educational materials belong to the University of Tartu. The use of educational materials is permitted for the purposes and under the conditions provided for in the copyright law for the free use of a work. When using educational materials, the user is obligated to give credit to the author of the educational materials.
The use of educational materials for other purposes is allowed only with the prior written consent of the University of Tartu.
Terms of use for the Courses environment