Paper Search Console

Home Search Page About Contact

Journal Title

Title of Journal: Requirements Eng

Search In Journal Title:

Abbravation: Requirements Engineering

Search In Journal Abbravation:

Publisher

Springer-Verlag

Search In Publisher:

DOI

10.1016/j.aap.2007.04.008

Search In DOI:

ISSN

1432-010X

Search In ISSN:
Search In Title Of Papers:

Eliciting security requirements and tracing them t

Authors: Siv Hilde Houmb Shareeful Islam Eric Knauss Jan Jürjens Kurt Schneider
Publish Date: 2009/11/28
Volume: 15, Issue: 1, Pages: 63-93
PDF Link

Abstract

Building secure systems is difficult for many reasons This paper deals with two of the main challenges i the lack of security expertise in development teams and ii the inadequacy of existing methodologies to support developers who are not security experts The security standard ISO 14508 Common Criteria CC together with secure design techniques such as UMLsec can provide the security expertise knowledge and guidelines that are needed However security expertise and guidelines are not stated explicitly in the CC They are rather phrased in security domain terminology and difficult to understand for developers This means that some general security and secure design expertise are required to fully take advantage of the CC and UMLsec In addition there is the problem of tracing security requirements and objectives into solution design which is needed for proof of requirements fulfilment This paper describes a security requirements engineering methodology called SecReq SecReq combines three techniques the CC the heuristic requirements editor HeRA and UMLsec SecReq makes systematic use of the security engineering knowledge contained in the CC and UMLsec as well as securityrelated heuristics in the HeRA tool The integrated SecReq method supports early detection of securityrelated issues HeRA their systematic refinement guided by the CC and the ability to trace security requirements into UML design models A feedback loop helps reusing experience within SecReq and turns the approach into an iterative process for the secure system lifecycle also in the presence of system evolutionThis work was partly supported by the Royal Society Industrial Fellowship on Automated Verification of SecurityCritical Software VeriSec the Royal Society Joint International Project on Modelbased Formal Security Analysis of CryptoProtocol Implementations the EU FP7 Integrated Project Security Engineering for Lifelong Evolvable Systems the German Research foundationDFG project InfoFLOW 2008–2011 and the EU project SecureChange ICTFET231101

Keywords:

References

.
Search In Abstract Of Papers:
Other Papers In This Journal:
  1. On the role of semantics in automated requirements tracing
  2. A cross-domain empirical study and legal evaluation of the requirements water marking method
  3. A domain model of Web recommender systems based on usage mining and collaborative filtering
  4. Effect of personality type on structured tool comprehension performance
  5. The case against a positivist philosophy of requirements engineering
  6. Exploring how to use scenarios to discover requirements
  7. The effect of the number of concepts on the readability of schemas: an empirical study with data models
  8. Early failure prediction in feature request management systems: an extended study
Search Result: