A common criteria based security requirements engineering process for the development of secure information systems

Computer Standards and Interfaces

Volumn 29, Issue 2, 2007, Pages 244-253

  Mellado, Daniel ^a   Fernández Medina, Eduardo ^b   Piattini, Mario ^b  

^a Ministry of Social Affairs   (Spain)

^b UNIVERSITY OF CASTILLA LA MANCHA   (Spain)

Author keywords

Common Criteria; ISO IEC 15408; ISO IEC 17799; Security requirement; Security requirements engineering

Indexed keywords

COMPUTER SOFTWARE; DATABASE SYSTEMS; INFORMATION TECHNOLOGY; SECURITY SYSTEMS; SOFTWARE ENGINEERING;

SECURITY ENGINEERING; SECURITY REQUIREMENTS; SECURITY REQUIREMENTS ENGINEERING; SOFTWARE LIFECYCLE;

SECURITY OF DATA;

EID: 33751416458     PISSN: 09205489     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.csi.2006.04.002     Document Type: Article

References (21)

1. Baskerville R. The development duality of information systems security. Journal of Management Systems 4 1 (1992) 1-12
2. G. Booch, J. Rumbaugh, I. Jacobson, The Unified Software Development Process, ed. Addison-Wesley. 1999.
3. Breu R., Burger K., Hafner M., and Popp G. Towards a Systematic Development of Secure Systems. Proceedings WOSIS 2004 (2004) 1-12
4. CERT, http://www.cert.org.
5. Cybulsky J., and Reed K. Requirements Classification and Reuse: Crossing Domains Boundaries. ICSR'2000 (2000) 190-210
6. Firesmith D.G. Engineering security requirements. Journal of Object Technology 2 1 (2003) 53-68
7. Firesmith D.G. Security use cases. Journal of Object Technology (2003) 53-64
8. ISO/IEC_JTC1/SC27, Information technology - Security techniques - Evaluation criteria for IT security, ISO/IEC 15408:2005 (Common Criteria v3.0). 2005.
9. Kam S.H. Integrating the Common Criteria Into the Software Engineering Lifecycle. IDEAS'05 (2005) 267-273
10. Kemmerer R. Cybersecurity. Proc. ICSE'03-25th Intl. Conf. on Software engineering (2003) 705-715
11. Kotonya G., and Sommerville I. Requirements Engineering Process and Techniques. Hardcover ed. (1998) 294
12. Lee J., Lee J., Lee S., and Choi B. A CC-based Security Engineering Process Evaluation Model. 27th Annual International Computer Software and Applications Conference (COMPSAC'03) (2003) 130
13. Massacci F., Prest M., and Zannone N. Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Computers Standards and Interfaces 27 (2005) 445-455
14. McDermott J., and Fox C. Using Abuse Case Models for Security Requirements Analysis. Annual Computer Security Applications Conference (1999), Phoenix, Arizona
15. Mead N.R., and Stehney T. Security Quality Requirements Engineering (SQUARE) Methodology. Software Engineering for Secure Systems (SESS05), ICSE 2005 International Workshop on Requirements for High Assurance Systems (2005), St. Louis
16. Mellado D., Fernández-Medina E., and Piattini M. A Comparative Study of Proposals for Establishing Security Requirements for the Development of Secure Information Systems. The 2006 International Conference on Computational Science and its Applications (ICCSA 2006), Springer LNCS 3982 (2006) 1044-1053
17. Nuseibeh D. Weaving together requirements and architectures. IEEE Computer (2001) 115-117
18. Popp G., Jürjens J., Wimmel G., and Breu R. Security-Critical System Development with Extended Use Cases. 10th Asia-Pacific Software Engineering Conference (2003) 478-487
19. Sindre G., Firesmith D.G., and Opdahl A.L. A Reuse-Based Approach to Determining Security Requirements. Proc. 9th International Workshop on Requirements Engineering: Foundation for Software Quality (REFSQ'03) (2003) Austria
20. Toval A., Nicolás J., Moros B., and García F. Requirements reuse for improving information systems security: a practitioner's approach. Requirements Engineering Journal (2001) 205-219
21. Zuccato A. Holistic security requirement engineering for electronic commerce. Computers and Security, 23 (2004) 63-76