Web services-based security requirement elicitation

IEICE Transactions on Information and Systems

Volumn E90-D, Issue 9, 2007, Pages 1374-1387

  Gutiérrez, Carlos ^a   Fernández Medina, Eduardo ^b   Piattini, Mario ^b  

^a Correos Telecom ^*  (Spain)

^b ALARCOS Research Group   (Spain)

Author keywords

Application information security; Design methodology; Software engineering; Software process

Indexed keywords

APPLICATION PROGRAMS; COMPUTER SOFTWARE; SECURITY OF DATA; SOFTWARE DESIGN; SOFTWARE ENGINEERING; SPECIFICATIONS; WEB CRAWLER; WEBSITES;

DESIGN METHODOLOGY; SECURITY ARCHITECTURE; SECURITY REQUIREMENT SPECIFICATIONS; SECURITY REQUIREMENTS; SOFTWARE DEVELOPMENT LIFE CYCLE; SOFTWARE PROCESS; SYSTEMATIC INTEGRATION; WEB SERVICES SECURITY;

WEB SERVICES;

EID: 68249141690     PISSN: 09168532     EISSN: 17451361     Source Type: Journal    
DOI: 10.1093/ietisy/e90-d.9.1374     Document Type: Article

References (41)

1. C. Gutiérrez, E. Fernández-Medina, and M. Piattini, "PWSSec: Process for Web services security," IEEE International Conference on Web Services 2006, pp. 213-222, Chicago, USA, 2006.
2. M. Endrei, J. Ang, A. Arsanjani, S. Chua, P. Comte, P. Krogdahl, M. Luo, and T. Newling, Patterns: Services Oriented Architectures and Web Services, 2004.
3. M. Endrei, J. Ang, A. Arsanjani, S. Chua, P. Comte, P. Krogdahl, M. Luo, and T. Newling, Patterns: Service-Oriented Architecture and Web Services, 1st ed., IBM Redbook, 2004. p. 345, 2004.
4. C. Gutiérrez, E. Fernández-Medina, and M. Piattini, "Web services enterprise security architecture: A case study," ACM Workshop on Security on Web Services, pp. 10-19, Fairfax, Virginia, USA, 2005.
5. C. Gutiérrez, E. Fernández-Medina, and M. Piattini, "Web servicesbased security requirement elicitation," 1st International Workshop on Service-Oriented Computing: Consequences for Engineering Requirements (SOCCER'05) in conjunction with IEEE RE'05, Paris, France, 2005.
6. C. Gutiérrez, B. Moros, A. Toval, E. Fernández-Medina, and M. Piattini, "Security requirements for Web services based on SIREN," Symposium on Requirements Engineering for Information Security, Paris, France, 2005.
7. A. Toval, J. Nicolás, B. Moros, and F. García, "Requirements reuse for improving information systems security: A practitioner's approach," Requirements Engineering Journal, vol. 6, pp. 205-219, 2001.
8. R. Breu, K. Burger, M. Hafner, J. Jürjens, G. Popp, V. Lotz, and G. Wimmel, "Key issues of a formally based process model for security engineering," 16th International Conference on Software and Systems Engineering and their Applications (ICSSEA'03), 2003.
9. B. Schneier, "Attack trees: Modeling security threats," Dr. Dobb's Journal, vol. 24, no. 12, pp. 21-29, 1999.
10. WS-I, "Security challenges, threats and countermeasures versión 1.0," vol. 2005: WS-I, 2005.
11. G. Sindre and A. L. Opdahl, "Eliciting security requirements with misuse cases," TOOLS-37'00, pp. 34-44, Sydney, Australia, 2000.
12. I. Alexander, "Misuse cases: Use cases with hostile intent," IEEE Computer Software, vol. 20, pp. 58-66, 2003.
13. A. P. Moore, R. J. Ellison, and R. C. Linger, "Attack modelling for information security and survivability," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, CMU/SEI-2001-TN-001, 2001.
14. OMG, "UML profile for modeling quality of service and fault tolerance characteristics and mechanisms," 2004.
15. D. G. Firesmith, "Security use cases," Journal of Object Technology, vol. 2, pp. 53-64, 2003.
16. J. Jürjens, Secure Systems Development with UML, Springer, 2005.
17. D. G. Firesmith, "Engineering security requirements," Journal of Object Technology, vol. 2, pp. 53-68, 2003.
18. D. G. Smith, "Common concepts underlying safety, security, and survivability engineering," SEI, Technical Note CMU/SEI-2003-TN-033, Dec. 2003.
19. D. G. Firesmith, "Specifying reusable security requirements," Journal of Object Technology, vol. 3, pp. 61-75, 2004.
20. K. M. Khan and J. Han, "A process framework for characterising security properties of component-based software systems," Australian Software Engineering Conference (ASWEC'04), pp. 358-367, 2004.
21. G. Jonsdottir, L. Davis, and R. Gamble, "Designing secure integration architectures," ICCBSS 2003, pp. 112-122, 2003.
22. C. Nott, "Patterns: Using business service choreography in conjuction with an enterprise service bus," 2004.
23. J. D. Moffett, C. B. Haley, and B. Nuseibeh, "Core security requirements artefacts," Open University, Department of Computing 2004/24, 2004.
24. N. R. Mead, E. D. Hough, and T. R. S. II, "Security quality requirements engineering (SQUARE) methodology," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA CMU/SEI-2005-TR-009, Nov. 2005.
25. G. Lami, "QuARS: A tool for analyzing requirements," Carnegie Mellon University, Sofware Engineering Institute, Pittsburgh, Technical Report CMU/SEI-2005-TR-014, Sept. 2005.
26. M. E. Fagan, "Advances in software inspections," IEEE Trans. Softw. Eng., vol. 12, no. 7, pp. 744-751, 1986.
27. R. Shirey, "Internet security glossary," (RFC 2828), 2000. ́
28. F. L. Crespo, M. Á. A. Gómez, J. Candau, and J. A. Mañss, "MAGERIT - Versión 2. Metodologías de Análisis y Gestión de Riesgos de los Sistemas de Información. III-Guía de Técnicas," Ministerio de Administraciones Públicas, Madrid NIPO-326-05-047-X, 16 de Junio de 2005, 2005.
29. G. Sindre and A. L. Opdahl, "Eliciting security requirements with misuse cases," Requirements Engineering Journal, vol. 10, pp. 34-44, 2005.
30. E. Christensen, F. Curbera, G. Meredith, and S. Weerawarana, "W3C Web Services Description Language (WSDL) 1.1 - W3C Note 15 March 2001," 2001.
31. G. Sindre, D. G. Firesmith, and A. L. Opdhal, "A reuse-based approach to determining security requirements," 9th International Workshop on Requirements Engineering: Foundation of Software Quality (REFSQ'03), pp. 127-136, Klangenfurt, Velden, Austria, 2003.
32. M. Aiello and P. Giorgini, "Applying the Tropos methodology for analysing Web services requirements and reasoning about qualities of services," UPGRADE, vol. 5, pp. 20-26, 2004.
33. K. Leune, M. Papazaglou, and W.-J. van den Heuvel, "Specification and querying of security constraints in the EFSOC framework," International Conference on Service Oriented Computing, pp. 125-133, New York City, USA, 2004.
34. M. Deubler, J. Grünbauer, J. Jürjens, and G. Wimmel, "Sound development of secure service-based systems," 2nd International Conference on Service Oriented Computing (ICSOC'04), pp. 115-124, New York, USA, 2004.
35. M. Deubler, J. Grünbauer, G. Popp, G. Wimmel, and C. Salzmann, "Towards a model-based and incremental development process for service-based systems," IASTED Conference on Software Engineering (IASTED SE 2004), pp. 183-188, Innsbruck, Austria, 2004.
36. Y. Nakamura, M. Tatsubori, T. Imamura, and K. Ono, "Model-driven security based on a Web services security architecture," IEEE International Conference on Services Computing (SCC'05), pp. 7-15, Orlando, Florida, USA, 2005.
37. N. Nagaratnam, A. Nadalin, M. A. Hondo, M. McIntosh, and P. Austel, "Business-driven application security: From modeling to managing secure applications," IBM Syst. J., vol. 44, pp. 847-867, 2005.
38. M. Breu, R. Breu, M. Hafner, and A. Nowak, "Web service engineering - Advancing a new software engineering," 5th International Conference on Web Engineering (ICWE'05), pp. 8-18, Sydney, Australia, 2005.
39. J. Zhang, "Trustworthy Web services: Actions for now," IEEE IT Pro, vol. 7, pp. 32-36, 2005.
40. C. Gutiérrez, E. Fernández-Medina, and M. Piattini, "Developing Web services security systems: A case study," International Journal of Web Engineering and Techonlogy, vol. 2, pp. 292-306, 2006.
41. C. Gutierrez, E. Fernández-Medina, and M. Piattini, "Security risk analysis in Web services systems," International Conference on Security and Cryptography (SECRYPT 2006), pp. 425-430, Setúbal, Portugal, 2006.