Eliciting security requirements and tracing them to design: An integration of Common Criteria, heuristics, and UMLsec

Requirements Engineering

Volumn 15, Issue 1, 2010, Pages 63-93

  Houmb, Siv Hilde ^a   Islam, Shareeful ^b   Knauss, Eric ^c   Jürjens, Jan ^d   Schneider, Kurt ^c  

^a Service Platform Group ^*  (Norway)

^b TECHNICAL UNIVERSITY OF MUNICH   (Germany)

^c LEIBNIZ UNIVERSITY HANNOVER   (Germany)

^d TU DORTMUND UNIVERSITY   (Germany)

Author keywords

Common Criteria (CC); Heuristics; Secure design; Security requirement elicitation; UMLsec

Indexed keywords

COMMON CRITERIA; DESIGN SECURITY; DESIGN TECHNIQUE; EARLY DETECTION; FEED-BACK LOOP; ITERATIVE PROCESS; SECURE SYSTEM; SECURITY DOMAINS; SECURITY ENGINEERING; SECURITY EXPERTS; SECURITY REQUIREMENTS; SECURITY REQUIREMENTS ENGINEERING; SECURITY STANDARDS; SYSTEM EVOLUTION; UML DESIGN;

KNOWLEDGE ENGINEERING; REQUIREMENTS ENGINEERING; SECURITY OF DATA;

DESIGN;

EID: 77950516884     PISSN: 09473602     EISSN: 1432010X     Source Type: Journal    
DOI: 10.1007/s00766-009-0093-9     Document Type: Article

References (80)

1. Davis AM (2005) Just enough requirements management: where software development meets marketing. Dorset House Publishing, New York
2. Polanyi M (1966) The tacit dimension. Doubleday, Garden City
3. Lindstaedt SN, Schneider K (1997) Bridging the gap between face-to-face communication and long-term collaboration. In: Proceedings of the international ACM SIGGROUP conference on supporting group work. Phoenix, USA, Nov ACM
4. Damian D, Izquierdo L, Singer J, Kwan I (2007) Awareness in the wild: why communication breakdowns occur. In: Proceedings of second international conference on global software engineering. Munich, Germany, pp 81-90
5. ISO 15408:2007 Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2, CCMB-2007-09-001, CCMB-2007-09-002 and CCMB-2007-09-003, September 2007
6. ISO 15408:2007 Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2: part 1; General Model, CCMB-2007-09-001, September 2007
7. Knauss E, Lubke D, Meyer S (2009) Feedback-driven requirements engineering: the HeRA. In: International conference on software engineering (ICSE'09), formal research demonstrations track. Vancouver, Canada
8. Department of Defense (1985) DoD 5200.28-STD: trusted computer system evaluation criteria. (August 15)
9. Government of Canada (1993) The Canadian trusted computer product evaluation criteria (January)
10. Department of Trade and Industry (2003) The national technical authority for information assurance (June 2003). http://www.itsec.gov.uk/
11. Common Methodology for Information Technology Security Evaluation, Evaluation methodology, Version 3.2, Revision 2, CCMB-2009-09-004, September 2007
12. ISO 15408:2007 Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2: part 2; security functional components, CCMB-2007-09-002, September 2007
13. ISO 15408:2007 Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 2: part 3; security assurance components, CCMB-2007-09-003, September 2007
14. ISO 15408:2007 (2007) Common Criteria for information technology security evaluation: evaluation methodology, version 3.1, revision 2, CCMB-2007-09-004 (September)
15. Berzins V, Martell LC, Adams P (2007) Innovations in natural language document processing for requirements engineering. In: Paech B, Martell C (eds) Innovations for requirement analysis. From stakeholders' needs to formal designs: 14th monterey workshop 2007. Lecture notes in computer science. Springer, Berlin, pp 125-146
16. Knauss E, Schneider K, Stapel K (2009) Learning to write better requirements through heuristic critiques. In: Proceedings of 17th IEEE requirementes engineering conference (RE 2009). Atlanta, USA
17. Fischer G (1994) Domain-oriented design environments. Auto-mat Softw Eng 1:177-203
18. Schon DA (1983) The reflective practitioner: how professionals think in action. Basic Books, New York
19. Fischer G (1998) Seeding, evolutionary growth and reseeding: constructing, capturing and evolving knowledge in domainoriented design environments. Automat Softw Eng 5:447-464
20. Knauss E, Flohr T (2007) Managing requirement engineering processes by adapted quality gateways and critique-based RE-tools. In: Proceedings of workshop on measuring requirements for project and product success. Palma de Mallorca, Spain (November, in conjunction with the IWSM-Mensura Conference)
21. Cockburn A (2000) Writing effective use cases. Addison-Wesley Professional, London
22. Schneider K, Stapel K, Knauss E (2008) Beyond documents: visualizing informal communication. In: Proceedings of third international workshop on requirements engineering visualization (REV 08). Barcelona, Spain
23. Jurjens J (2005) Secure systems development with UML. Springer, Heidelberg
24. Jurjens J (2000) Secure information flow for concurrent processes. In: Palamidessi C (ed) CONCUR 2000 (11th international conference on concurrency theory), vol 1877 of lecture notes in computer science. Springer, pp 395-409
25. Jurjens J (2002) Formal semantics for interacting UML subsystems. In: Jacobs B, Rensink A (eds) 5th International conference on formal methods for open object-based distributed systems (FMOODS 2002). International federation for information processing (IFIP). Kluwer, pp 29-44
26. Deubler M, Grunbauer J, Jurjens J, Wimmel G (2004) Sound development of secure service-based systems. In: Marco A, Aoyama M, Curbera F, Papazoglou MP (eds) Proceedings of the 2nd international conference on service oriented computing(IC-SOC). ACM, pp 115-124
27. Chung L (1993) Dealing with security requirements during the development of information systems. In: 5th International conference on advanced information systems engineering (CAiSE 1993). Springer, pp 234-251
28. Jurjens J (2002) Using UMLsec and goal-trees for secure systems development. In: Lamont GB, Haddad H, Papadopoulos G, Panda B (eds) Proceedings of the 2002 symposium of applied computing (SAC). ACM Press, pp 1026-1031
29. Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Requir Eng J 10(1):34-44
30. McDermott JP, Fox C (1999) Using abuse case models for security requirements analysis. In: Proceedings of the 15th annual computer security applications conference. IEEE Computer Society, p 55
31. Mouratidis H, Giorgini P, Manson GA (2005) Integrating security and systems engineering: towards the modelling of secure information systems. In: Eder J, Missikoff M (eds) 15th International conference on advanced information systems engineering (CAiSE 2003), vol 2681 of lecture notes in computer science. Springer, pp 63-78
32. Massacci F, Mylopoulos J, Zannone N (2007) Computer-aided support for secure tropos. Automat Softw Eng 14(3):341-364
33. Mouratidis H, Jurjens J, Fox J (2006) Towards a comprehensive framework for secure systems development. In: Dubois E, Pohl K (eds) CAiSE, vol 4001 of lecture notes in computer science. Springer, Luxembourg, pp 48-62
34. Mannion M, Keepence B (1995) SMART requirements. ACM SIGSOFT: SE Notes 20(2):42-47
35. ETSI TISPAN (2008) ETSI TS 182 027 V.2.0.0: IPTV Architecture; IPTV functions supported by the IMS subsystem. Standard, February
36. ETSI TISPAN (2008) ETSI TS 182 028 V.2.0.0: IPTV architecture; dedicated subsystem for IPTV functions. Standard, January
37. UMLsec tool, 2001-08. http://www.umlsec.de/url/e-link
38. TISPAN, ETSI (2006) Telecommunications and internet converged services and protocols for advanced networking (TI-SPAN): methods and protocols; part 1: method and proforma for threat, risk, vulnerability analysis. Technical report ETSI TS 102 165-1 V4.2.1, European Telecommunications Standards Institute
39. Rossebø JE, Cadzow S, Sijben P (2007) eTVRA, a threat, vulnerability and risk assessment method and tool for eEurope. In: ARES'07: proceedings of the the second international conference on availability, reliability and security. IEEE Computer Society, pp 925-933
40. Winkler S (2007) Information flow between requirement artifacts. In: Proceedings of REFSQ 2007 international working conference on requirements engineering: foundation for software quality, vol 4542 of lecture notes in computer science. Trond-heim, Norway. Springer, Berlin, pp 232-246
41. Damian D, Marczak S, Kwan I (2007) Collaboration patterns and the impact of distance on awareness in requirements-centred social networks. In: Proceedings of 15th IEEE international requirements engineering conference (RE 2007). New Delhi
42. Stapel K, Schneider K, Lubke D, Flohr T (2007) Improving an industrial reference process by information flow analysis: a case study. In: Proceedings of PROFES 2007, vol 4589 of LNCS. Riga, Latvia. Springer, Berlin, pp 147-159
43. Allmann C, Winkler L, Kolzow T (2006) The requirements engineering gap in the OEM-supplier relationship. J Univers Knowl Manage 1(2):103-111
44. Stapel K, Knauss E, Allmann C (2008) Lightweight process documentation: just enough structure in automotive pre-development. In: O'Connor Rory V, Baddoo N, Smolander K, Mes-snarz R (eds) Proceedings of the 15th European conference, EuroSPI, communications in computer and information science. Dublin, Ireland, 9. Springer, pp 142-151
45. Schneider K (2007) Generating fast feedback in requirements elicitation. In: Requirements engineering: foundation for software quality (REFSQ 2007)
46. Fabbrini F, Fusani M, Gnesi S, Lami G (2001) The linguistic approach to the natural language requirements quality: benefit of the use of an automatic tool. In: SEW'01: proceedings of the 26th annual NASA goddard software engineering workshop. IEEE Computer Society, Washington, DC, p 97
47. Wilson WM, Rosenberg LH, Hyatt LE (1996) Automated quality analysis of natural language requirement specifications. In Proceedings of PNSQC conference
48. Melchisedech R (2000) Verwaltung und Prufung naturlichsprachlicher Spezifikationen. PhD thesis, Fakultät Informatik, Universität Stuttgart, Stuttgart
49. Fabbrini F, Fusani M, Gnesi S, Lami G (2001) An automatic quality evaluation for natural language requirements. In: Proceedings of the seventh international workshop on RE: foundation for software quality (REFSQ 2001). Interlaken, Switzerland
50. Breaux TD, Antón AI (2008) Analyzing regulatory rules for privacy and security requirements. IEEE Trans Softw Eng 34(1):5-20
51. Schumacher M, Buglioni EF, Hybertson D, Buschmann F, Sommerlad P (2006) Security patterns: integrating security and systems engineering. Wiley, London
52. Toval A, Nicolás J, Morosa B, García F (2002) Requirements reuse for improving information systems security: a practitioner's approach. Requir Eng J 6:205-219
53. Crook R, Ince DC, Lin L, Nuseibeh B (2002) Security requirements engineering: when anti-requirements hit the fan. In: Proceedings of the 10th anniversary IEEE joint international conference on requirements engineering. IEEE Computer Society, pp 203-205
54. Haley CB, Laney RC, Moffett JD, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng 34(1):133-153
55. Giorgini P, Massacci F, Mylopoulos J (2003) Requirement engineering meets security: a case study on modelling secure electronic transactions by VISA and Mastercard. In: Song I-Y, Liddle SW, Ling TW, Scheuermann P (eds) 22nd International conference on conceptual modeling (ER 2003), vol 2813 of lecture notes in computer science. Springer, pp 263-276
56. Giorgini P, Massacci F, Mylopoulos J, Zannone N (2005) Modeling security requirements through ownership, permission and delegation. In: Proceedings of the 13th IEEE international conference on requirements engineering. IEEE Computer Society, pp 167-176
57. Mellado D, Medinav, Piattini M (2007) A common criteria based security requirements engineering process for the development of secure information system. Comput Stand Interfaces 29:244-253
58. Mead NR, Steheny T (2005) Security quality requirements engineering (square) methodology. SIGSOFT Softw Eng Notes 30(4):1-7
59. ISO/IEC 27001:2005 (2005) Specification for information security management (October)
60. Islam S, Dong W (2008) Security requirements addressing security risks for improving software quality. In: Workshop-band software-Qualitatsmodellierung und-bewertung (SQMB'08), Technical report TUM-I0811, Technische Universitat Munchen, Munich, Germany Requirements Eng (2010) 15:63-93
61. Islam S, Dong W (2008) Human factors in software security risk management. In: LMSA'08: proceedings of the first international workshop on leadership and management in software architecture. ACM, New York, pp 13-16
62. Whittle J, Wijesekera D, Hartong M (2008) Executable misuse cases for modeling security concerns. In: ICSE'08: proceedings of the 30th international conference on Software engineering. ACM, New York, pp 121-130
63. Yskout K, Scandariato R, Win BD, Joosen W (2008) Transforming security requirements into architecture. In: International conference on availability, reliability and security. pp 1421-1428
64. Arenas A, Aziz B, Bicarregui J, Matthews B, Yang EY (2008) Modelling security properties in a grid-based operating system with anti-goals. In: Proceedings of the 2008 third international conference on availability, reliability and security (ARES). pp 1429-1436
65. Elahi G, Yu E (2007) A goal oriented approach for modeling and analyzing security trade-offs. In: ER 2007, vol 4801 of lecture notes in computer science. Springer, pp 375-390
66. Flechais I, Mascolo C, Sasse MA (2007) Integrating security and usability into the requirements and design process. Int J Electron Secur Digit Forensics 1(1):12-26
67. Baldwin A, Beres Y, Shiu S, Kearney P (2006) A model based approach to trust, security and assurance. BT Technol J 24(4):53-68
68. Kearney P, Brugger L (2007) A risk-driven security analysis method and modelling language. BT Technol J 25(1) January
69. Ray I, France RB, Li Na, Georg G (2004) An aspect-based approach to modeling access control concerns. Inf Softw Technol 46(9):575-587
70. Houmb SH, Georg G, France RB, Bieman JM, Jurjens J (2005) Cost-benefit trade-off analysis using BBN for aspect-oriented risk-driven development. In: Proceedings of the 10th IEEE international conference on engineering of complex computer systems. IEEE Computer Society, pp 195-204
71. Basin DA, Doser J, Lodderstedt T (2006) Model driven security: from UML models to access control infrastructures. ACM Trans Softw Eng Methodol 15(1):39-91
72. Brucker AD, Doser J, Wolff B (2006) A model transformation semantics and analysis methodology for SecureUML. In: MoDELS 2006, vol 4199 of lecture notes in computer science. Springer, pp 306-320
73. Alam M, Hafner M, Memon M, Hung P (2007) Modeling and enforcing advanced access control policies in healthcare systems with SECTET. In: Sztipanovits J, Breu R, Ammenwerth E, Bajcsy R, Mitchell JC, Pretschner A (eds) Workshop on model-based trustworthy health information systems (MOTHIS@Models)
74. Alam M, Hafner M, Breu R (2007) Model-driven security engineering for trust management in SECTET. J Softw 2(1):47-59
75. Breu R, Burger K, Hafner M, Jurjens J, Popp G, Wimmel G, Lotz V (2003) Key issues of a formally based process model for security engineering. In: 16th International conference Software & Systems Engineering & their Applications (ICSSEA 2003)
76. Jurjens J, Shabalin P (2007) Tools for secure systems development with UML. Int J Softw Tools Technol Transf 9(5-6):527-544 (October 2007. Invited submission to the special issue for FASE 2004/05)
77. Best B, Jurjens J, Nuseibeh B (2007) Model-based security engineering of distributed information systems using UMLsec. In: 29th International conference on software engineering (ICSE 2007). ACM, pp 581-590
78. Jurjens J, Rumm R (2008) Model-based security analysis of the german health card architecture. Methods Inf Med 47(5):409-416 (special section on model-based development of trustworthy health information systems)
79. Jurjens J, Schreck J, Bartmann P (2008) Model-based security analysis for mobile communications. In: 30th International conference on software engineering (ICSE 2008). ACM
80. Yu Y, Jurjens J, Mylopoulos J (2008) Traceability for the maintenance of secure software. In: 24th International conference on software maintenance (ICSM). IEEE Computer Society