A framework for security requirements engineering

Proceedings - International Conference on Software Engineering

Volumn 2006-May, Issue , 2006, Pages 35-41

  Haley, Charles B ^a   Moffett, Jonathan D ^a   Laney, Robin ^a   Nuseibeh, Bashar ^a  

^a OPEN UNIVERSITY   (United Kingdom)

Author keywords

Requirements Engineering; Security Requirements

Indexed keywords

REQUIREMENTS ENGINEERING;

DESIGN INFORMATION; PROBLEM-CENTERED; SECURITY GOALS; SECURITY REQUIREMENTS; SECURITY REQUIREMENTS ENGINEERING;

SOFTWARE ENGINEERING;

EID: 70350130621     PISSN: 02705257     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1137627.1137634     Document Type: Conference Paper

References (29)

1. Alexander, I.: Misuse Cases in Systems Engineering. Computing and Control Engineering Journal, 14(1) (Feb 2003), 40-45.
2. Allen, J.H.: CERT System and Network Security Practices. In Proceedings of the Fifth National Colloquium for Information Systems Security Education (NCISSE'01), George Mason University, Fairfax, VA USA, 22-24 May 2001.
3. Anderson, R.: Security Engineering: A Guide to Building Dependable Distributed Systems. 2001.
4. Antón, A.I., Earp, J.B.: Strategies for Developing Policies and Requirements for Secure E-Commerce Systems. In ECommerce Security and Privacy, vol. 2, Advances In Information Security, A. K. Ghosh, Ed.: Kluwer Academic Publishers, Jan 15 2001, pp. 29-46.
5. Brewer, D.F.C., Nash, M.J.: The Chinese Wall security policy. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, Oakland, CA USA: IEEE Computer Society Press, 1-3 May 1989, pp. 206-214.
6. Chivers, H., Fletcher, M.: Applying Security Design Analysis to a service-based system. Software: Practice and Experience, 35(9) (2005), 873-897.
7. Devanbu, P., Stubblebine, S.: Software Engineering for Security: A Roadmap. In The Future of Software Engineering, A. Finkelstein, Ed.: ACM Press, 2000.
8. Firesmith, D.: Specifying Reusable Security Requirements. Journal of Object Technology, 3(1) (Jan-Feb 2004), 61-75.
9. Haley, C.B., Laney, R.C., Moffett, J.D., Nuseibeh, B.: Using Trust Assumptions with Security Requirements. Requirements Engineering Journal, 11(2) (April 2006), 138-151.
10. Haley, C.B., Laney, R.C., Nuseibeh, B.: Deriving Security Requirements from Crosscutting Threat Descriptions. In Proceedings of the Third International Conference on Aspect-Oriented Software Development (AOSD'04), Lancaster UK: ACM Press, 22-26 Mar 2004, pp. 112-121.
11. Haley, C.B., Moffett, J.D., Laney, R., Nuseibeh, B.: Arguing Security: Validating Security Requirements Using Structured Argumentation. In Proceedings of the Third Symposium on Requirements Engineering for Information Security (SREIS'05) held in conjunction with the 13th International Requirements Engineering Conference (RE'05), Paris France, 29 Aug 2005.
12. Heitmeyer, C.L.: Applying 'Practical' Formal Methods to the Specification and Analysis of Security Properties. In Proceedings of the International Workshop on Information Assurance in Computer Networks: Methods, Models, and Architectures for Network Computer Security (MMM ACNS 2001), vol. 2052, St. Petersburg, Russia: Springer-Verlag Heidelberg, 21-23 May 2001, pp. 84-89.
13. ISO/IEC: Information Technology-Security Techniques-Evaluation Criteria for IT Security-Part 1: Introduction and General Model. International Standard 15408-1, ISO/IEC, Geneva Switzerland, 1 Dec 1999.
14. ISO/IEC: Information Technology-Security Techniques-Evaluation Criteria for IT Security-Part 2: Security Functional Requirements. International Standard 15408-2, ISO/IEC, Geneva Switzerland, 1 Dec 1999.
15. ISO/IEC: Information Technology-Security Techniques-Evaluation Criteria for IT Security-Part 3: Security Assurance Requirements. International Standard 15408-3, ISO/IEC, Geneva Switzerland, 1 Dec 1999.
16. Jackson, M.: Problem Frames. Addison Wesley, 2001.
17. Kotonya, G., Sommerville, I.: Requirements Engineering: Processes and Techniques. United Kingdom: John Wiley and Sons, 1998.
18. van Lamsweerde, A.: Elaborating Security Requirements by Construction of Intentional Anti-Models. In Proceedings of the 26th International Conference on Software Engineering (ICSE'04), Edinburgh Scotland, 26-28 May 2004, pp. 148-157.
19. Lee, Y., Lee, J., Lee, Z.: Integrating Software Lifecycle Process Standards with Security Engineering. Computers and Security, 21(4) (2002), 345-355.
20. Liu, L., Yu, E., Mylopoulos, J.: Security and Privacy Requirements Analysis Within a Social Setting. In Proceedings of the 11th IEEE International Requirements Engineering Conference (RE'03), Monterey, CA USA, 8-12 Sept 2003, pp. 151-161.
21. McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In Proceedings of the 15th Computer Security Applications Conference (ACSAC'99), Phoenix, AZ USA: IEEE Computer Society Press, 6-10 Dec 1999, pp. 55-64.
22. Mouratidis, H., Giorgini, P., Manson, G.: Integrating Security and Systems Engineering: Towards the Modelling of Secure Information Systems. In Proceedings of the 15th Conference on Advanced Information Systems Engineering (CAiSE'03), Klagenfurt/Velden Austria: Springer-Verlag, 16-20 Jun 2003, pp. 63-78.
23. NIST: An Introduction to Computer Security: The NIST Handbook. Special Pub SP 800-12, National Institute of Standards and Technology (NIST), Oct 1995.
24. Nuseibeh, B.: Weaving Together Requirements and Architectures. Computer (IEEE), 34(3) (Mar 2001), 115-117.
25. Pfleeger, C.P., Pfleeger, S.L.: Security in Computing. Prentice Hall, 2002.
26. Rushby, J.: Security Requirements Specifications: How and What? In Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS), Indianapolis, IN USA, 5-6 Mar 2001.
27. Sindre, G., Opdahl, A.L.: Eliciting Security Requirements by Misuse Cases. In Proceedings of the 37th International Conference on Technology of Object-Oriented Languages and Systems (TOOLS-Pacific'00), Sydney Australia, 20-23 Nov 2000, pp. 120-131.
28. Spafford, E.H.: The internet worm program: an analysis. ACM SIGCOMM Computer Communication Review, 19(1) (Jan 1989), 17-57.
29. Tettero, O., Out, D.J., Franken, H.M., Schot, J.: Information security embedded in the design of telematics systems. Computers and Security, 16(2) (1997), 145-164.