메뉴 건너뛰기




Volumn 15, Issue 1, 2010, Pages 41-62

A vulnerability-centric requirements engineering framework: Analyzing security attacks, countermeasures, and requirements based on vulnerabilities

Author keywords

Agent oriented software engineering; Empirical security knowledge; Risk analysis; Security requirements engineering

Indexed keywords

AGENT-ORIENTED SOFTWARE ENGINEERING; METHODOLOGICAL FRAMEWORKS; MODELING AND ANALYSIS; QUALITATIVE GOALS; SECURITY ATTACKS; SECURITY BREACHES; SECURITY REQUIREMENTS; SECURITY REQUIREMENTS ENGINEERING; SYSTEM DESIGNERS;

EID: 77950520810     PISSN: 09473602     EISSN: 1432010X     Source Type: Journal    
DOI: 10.1007/s00766-009-0090-z     Document Type: Article
Times cited : (89)

References (51)
  • 3
    • 77950519774 scopus 로고    scopus 로고
    • National Vulnerability Database
    • National Vulnerability Database. http://www.nvd.nist.gov/
  • 4
    • 77950518515 scopus 로고    scopus 로고
    • SANS
    • SANS. http://www.sans.org/
  • 5
    • 77950517600 scopus 로고    scopus 로고
    • Common Weakness Enumeration
    • Common Weakness Enumeration. http://www.cwe.mitre.org/
  • 6
    • 77950521021 scopus 로고    scopus 로고
    • Common Vulnerability Scoring System
    • Common Vulnerability Scoring System. http://www.first.org/cvss/
  • 9
    • 33749035450 scopus 로고    scopus 로고
    • Requirements engineering for trust management: Model, methodology, and reasoning
    • Giorgini P, Massacci F, Mylopoulos J, Zannone N (2006) Requirements engineering for trust management: model, methodology, and reasoning. Int J Inf Secur 5(4):257-274
    • (2006) Int J Inf Secur , vol.5 , Issue.4 , pp. 257-274
    • Giorgini, P.1    Massacci, F.2    Mylopoulos, J.3    Zannone, N.4
  • 10
    • 0002670359 scopus 로고    scopus 로고
    • Attack Trees
    • Schneier B (1999) Attack trees. Dr. Dobb's J 24(12):21-29
    • (1999) Dr. Dobb's J , vol.24 , Issue.12 , pp. 21-29
    • Schneier, B.1
  • 11
    • 13644252644 scopus 로고    scopus 로고
    • Eliciting security requirements with misuse cases
    • Sindre G, Opdahl AL (2005) Eliciting security requirements with misuse cases. Requir Eng 10(1):34-44
    • (2005) Requir Eng , vol.10 , Issue.1 , pp. 34-44
    • Sindre, G.1    Opdahl, A.L.2
  • 15
    • 33947368645 scopus 로고    scopus 로고
    • Model-based security analysis in seven steps-a guided tour to the CORAS method
    • Braber F, Hogganvik I, Lund MS, Stolen K, Vraalsen F (2007) Model-based security analysis in seven steps-a guided tour to the CORAS method. BT Technol J 25(1):101-117
    • (2007) BT Technol J , vol.25 , Issue.1 , pp. 101-117
    • Braber, F.1    Hogganvik, I.2    Lund, M.S.3    Stolen, K.4    Vraalsen, F.5
  • 20
    • 0003714340 scopus 로고    scopus 로고
    • Schneider FB, National Academy Press, Washington
    • Schneider FB (ed) (1998) Trust in cyberspace. National Academy Press, Washington
    • (1998) Trust In Cyberspace
  • 26
    • 34248195511 scopus 로고    scopus 로고
    • The psychology of security
    • Schneier B (2007) The psychology of security. Commun ACM 50(5):128
    • (2007) Commun ACM , vol.50 , Issue.5 , pp. 128
    • Schneier, B.1
  • 27
    • 17744386721 scopus 로고    scopus 로고
    • Using a security requirements engineering methodology in practice: The compliance with the Italian data protection legislation
    • Massacci F, Prest M, Zannone N (2005) Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Comp Stand Interf 27(5):445-455
    • (2005) Comp Stand Interf , vol.27 , Issue.5 , pp. 445-455
    • Massacci, F.1    Prest, M.2    Zannone, N.3
  • 31
    • 0003696305 scopus 로고    scopus 로고
    • Chung L, Nixon BA, Yu E, Mylopoulos J (eds), Kluwer, Dordrecht
    • Chung L, Nixon BA, Yu E, Mylopoulos J (eds) (2000) Nonfunctional requirements in software engineering. Kluwer, Dordrecht
    • (2000) NonFunctional Requirements In Software Engineering
  • 38
    • 0034291619 scopus 로고    scopus 로고
    • Handling obstacles in goal-oriented requirements engineering
    • van Lamsweerde A, Letier E (2000) Handling obstacles in goal-oriented requirements engineering. IEEE Trans Softw Eng 26(10):978-1005
    • (2000) IEEE Trans Softw Eng , vol.26 , Issue.10 , pp. 978-1005
    • van Lamsweerde, A.1    Letier, E.2
  • 40
    • 58849148475 scopus 로고    scopus 로고
    • How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns
    • Compagna L, Khoury PE, Krausová A, Massacci F, Zannone N (2009) How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artif Intell Law 17(1):1-30
    • (2009) Artif Intell Law , vol.17 , Issue.1 , pp. 1-30
    • Compagna, L.1    Khoury, P.E.2    Krausová, A.3    Massacci, F.4    Zannone, N.5
  • 42
    • 34249004734 scopus 로고    scopus 로고
    • Secure tropos: A security-oriented extension of the tropos methodology
    • Mouratidis H, Giorgini P (2007) Secure tropos: a security-oriented extension of the tropos methodology. Int J Softw Eng Knowl Eng 17(2):285-309
    • (2007) Int J Softw Eng Knowl Eng , vol.17 , Issue.2 , pp. 285-309
    • Mouratidis, H.1    Giorgini, P.2
  • 47
    • 40449096402 scopus 로고    scopus 로고
    • Security requirements engineering: A framework for representation and analysis
    • Haley C, Laney R, Moffett J, Nuseibeh B (2008) Security requirements engineering: a framework for representation and analysis. IEEE Trans Softw Eng 34(1):133-153
    • (2008) IEEE Trans Softw Eng , vol.34 , Issue.1 , pp. 133-153
    • Haley, C.1    Laney, R.2    Moffett, J.3    Nuseibeh, B.4
  • 50
    • 57049146951 scopus 로고    scopus 로고
    • Model-based security testing using UMLsec: A case study
    • Jürjens J (2008) Model-based security testing using UMLsec: a case study. Electron Notes Theoretical Comput Sci 220(1):93-104
    • (2008) Electron Notes Theoretical Comput Sci , vol.220 , Issue.1 , pp. 93-104
    • Jürjens, J.1


* 이 정보는 Elsevier사의 SCOPUS DB에서 KISTI가 분석하여 추출한 것입니다.