ABSTRACT
Security has become a primary and prevalent concern for software systems. The past decade has witnessed a tremendous increase in not only the sheer number of attacks but also the ease with which attacks can be performed on systems. In this paper we exemplify the usage of a novel technique for developing security requirements, by demonstrating each step in the technique when applied to an example usage scenario. Furthermore, this new technique also provides support for deriving testing artifacts from the specified security requirements. We believe that in order to protect a system against harm (intended or not), attention must be given to its requirements. Similar to other system properties and quality attributes, security must be considered at the requirements.
- Romero-Mariona, J., Ziv, H., Richardson, D.: Security Requirements Engineering: A Survey. Technical Report UCI-ISR-08-2. University of California, Irvine. 2008Google Scholar
- Hassan, R., Bohner, S., El-Kassas, S.: Formal Derivation of Security Design Specifications from Security Requirements. Workshop on Cyber security and information intelligence research. 2008 Google ScholarDigital Library
- Redwine, S. et al.: Processes to Produce Secure Software: Towards More Secure Software. National Cyber Security Summit. 2004Google Scholar
- Chivers, H. and Fletcher, M.: Applying Security Design Analysis to a service based system. Software: Practice and Experience, vol. 35 no. 9. 2005 Google ScholarDigital Library
- ISO/IEC.: Information Technology - Security Techniques - Evaluation Criteria for IT Security - Part 1: Introduction and General Model. ISO/IEC. International Standard 15408-1. 1999Google Scholar
- Allen, J.: Governing for Enterprise Security. Technical Note CMU/SEI-2005-TN-023. 2005Google Scholar
- Viega, J.: Building Security Requirements with CLASP. Proceedings of the Workshop on Software Engineering for Secure Systems (SESS). 2005 Google ScholarDigital Library
- Hallberg, N., Hallberg, J.: The Usage-Centric Security Requirements Engineering (USeR) Method. Information Assurance Workshop. 2006Google Scholar
- Jacobson, I. et al.: Object-Oriented Software Engineering: A Use Case Driven Approach. Addison-Wesley. 1992 Google ScholarDigital Library
Index Terms
- Towards usable cyber security requirements
Recommendations
Secure and Usable Requirements Engineering
ASE '09: Proceedings of the 24th IEEE/ACM International Conference on Automated Software EngineeringSoftware security is an increasingly important aspect of computing; however, it is still addressed as an after thought in too many development efforts. While a variety of approaches have been proposed for security requirements engineering, we find many ...
Later stages support for security requirements
TAPIA '09: The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and InnovationsSoftware security concerns are frequent, widespread, and with potentially harmful consequences. We believe that security concerns should not only be specified as part of software requirements, but should also be supported during later stages of ...
Government regulations in cyber security: Framework, standards and recommendations
AbstractCyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
Comments