From goal-driven security requirements engineering to secure design

International Journal of Intelligent Systems

Volumn 25, Issue 8, 2010, Pages 813-840

  Mouratidis, Haralambos ^a   Jurjens, Jan ^b  

^a UNIVERSITY OF EAST LONDON   (United Kingdom)

^b TU DORTMUND UNIVERSITY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATED TOOLS; ELECTRONIC PURSE; FORMAL VERIFICATIONS; FUNCTIONAL REQUIREMENT; INTELLIGENT SOFTWARE SYSTEMS; MODEL-BASED; SECURITY ENGINEERING; SECURITY ISSUES; SECURITY REQUIREMENTS; SECURITY REQUIREMENTS ENGINEERING; SOCIAL CHALLENGES; SOFTWARE ENGINEERS; STRUCTURED PROCESS; TECHNICAL LEVELS; TWO-DIMENSIONAL PROBLEM; VISA INTERNATIONALS;

COMPUTER SOFTWARE; REQUIREMENTS ENGINEERING; VERIFICATION;

DESIGN;

EID: 77954504239     PISSN: 08848173     EISSN: 1098111X     Source Type: Journal    
DOI: 10.1002/int.20432     Document Type: Article

References (43)

1. Mouratidis H, Giorgini P. Integrating security and software engineering: advances and future visions. Hershey, PA: Idea Group Publishing; 2006.
2. Jürjens J. Secure systems development with UML. New York: Springer-Verlag; 2005.
3. Yu E, Liu L,Mylopoulos J. A social ontology for integrating security and software engineering. In: Integrating security and software engineering: advances and future actions. Hershey, PA: Idea Group Publishing; 2006. pp 70-105.
4. Premkumar T, Devanbu, Stuart G. Stubblebine: Software engineering for security: a roadmap. In: ICSE 2000, 22nd International Conference on Software Engineering, Future of Software Engineering Track, June 4-11, 2000. Limerick Ireland. ACM, 2000. pp 227-239.
5. van Lamsweerde A, Letier E. Handling obstacles in goal-oriented requirements engineering. IEEE Trans Softw Eng, Special Issue on Exception Handling, 2000; 26(10): 978-1005.
6. Saltzer J, Schroeder M. The protection of information in computer systems. Proc IEEE. 1975; 63(9): 1278-1308.
7. Anderson R. Security engineering: a guide to building dependable distributed systems. New York: Wiley; 2001.
8. Mouratidis H. A security oriented approach in the development of multiagent systems: applied to the management of the health and social care needs of older people in England, PhD thesis, University of Sheffield, UK, 2004.
9. Jürjens J, Shabalin P. Tools for secure systems development with UML. Int J Softw Tools Technol Transfer 2007; 9(5-6): 527-544.
10. Mouratidis H, Giorgini P. Integrating security and software engineering: an introduction. In: Integrating security and software engineering: advances and future actions. Hershey, PA: Idea Publishing Group; 2006. pp 1-14.
11. McDermott J, Fox C. Using abuse care models for security requirements analysis. In: Proc 15th Annu Comput Sec Appl Conf, December 1999. pp 55-67.
12. Sindre G, Opdahl AL. Eliciting security requirements with misuse cases. Requirements Eng 2005; 10(1): 34-44.
13. Giorgini P, Massacci F, Mylopoulos J, Zannone N. Modeling security requirements through ownership, permission and delegation. In: Proc 13th IEEE Int Requirements Eng Conf (RE'05), IEEE Comput Soc Press, 29 August 2 September, 2005.
14. Stallings W. Cryptography and network security: principles and practice. 2nd ed., Upper Saddle River, NJ: Prentice Hall; 1999.
15. Mead NR. Identifying security requirements using the security quality requirements engineering (SQUARE) method. In: Integrating security and software engineering. Hershey, PA: Idea Publishing Group; 2006. pp 44-69.
16. Mouratidis H, Giorgini P, Manson G. When security meets software engineering: a case of modeling secure information systems. Inf Syst 2005; 30(8): 609-629.
17. Bresciani P, Giorgini P, Giunchiglia F, Mylopoulos J, Perini A. TROPOS: an agent oriented software development methodology. J Autonomous Agents and Multi-Agent Sys 2004; 8(3): 203-236.
18. Jan Jü rjens. Sound methods and effective tools for model-based security engineering with UML. ICSE 2005, ACM, 2005. pp 322-331.
19. Jan Jürjens. Security analysis of Crypto-based Java programs using automated theorem provers. ASE 2006, IEEE Comput Sec 2006. pp 167-176.
20. Muhanna W, W. An object-oriented framework for model management and DSS development. Decision Support Syst 1993; 9(2): 217-229.
21. Schneier B. Secrets & lies: digital security in a networked world. New York: Wiley; 2000.
22. CEPSCO. Common Electronic Purse Specifications. Business Requirements ver. 7, Functional Requirements ver. 6.3, Technical Specification ver. 2.2. 2000. Available online at http://www.cepsco.com.
23. D. Elliott Bell and Leonard J. Lapadula: " Secure Computer Systems: Mathematical Foundations" MITRE Technical Report 2547, Vol I, March 1, 1973.
24. Brewer DFC, Nash MJ. The Chinese Wall security policy. IEEE Symposium on Research in Security and Privacy, May Oakland, CA; 1989. pp 206-214.
25. Biba KJ. Integrity considerations for secure computer systems. MTR-3153, The MITRE Corporation; 1977.
26. Chung L, Nixon B. Dealing with non-functional requirements: three experimental studies of a process-oriented approach. In: Proc 17th Int Conf on Softw Eng, Seattle, WA; 1995.
27. Yu E, Cysneiros L. Designing for privacy and other competing requirements. In: 2nd Symp on Requirements Eng Inf Sec (SREIS' 02), Raleigh, NC; November 15-16, 2002.
28. Antó n AI, Earp JB. A requirements taxonomy to reduce Web site privacy vulnerabilities. Requir Eng J 2004; 9(3): 169-185.
29. Crook R, Ince D, Nuseibeh B. Modelling access policies using roles Requirements Engineering. Inf Softw Technol 2003; 45(14): 979-991.
30. Lin L, Nuseibeh B, Ince D, Jackson M, Moffett J. Introducing abuse frames for analyzing security requirements. Poster Paper, Proc 11th IEEE Int Requirements Eng Conf (RE'03), Monterey, CA, Sept. 8-12, 2003. pp 371-372.
31. Liu L,Yu E,Mylopoulos J. Analyzing security requirements as relationships among strategic actors In: Proc 2nd Symp on Requirements Eng Inf Sec (SREIS'02), Raleigh, NC; Oct 2002.
32. Haley CB, Laney R,Moffett JD, Nuseibeh B. Arguing satisfaction of security requirements. In: Integrating security and software engineering. Advances and future visions. Hershey, PA: Idea Publishing Group; 2006, pp 16-43.
33. Alexander I. Misuse cases: Use cases with hostile intent. IEEE Softw 2003; 20(1): 58-66.
34. Hermann G, Pernul G. Viewing business-process security from different perspectives. Int J Electron Commence 1999; 3: 89-103.
35. Whitmore J.J., A method for designing secure solutions, IBM Syst J 2001; 40(3): 747-768
36. Whitmore JJ. A method for designing secure solutions, IBM Syst J 2001; 40(3): 747-768. 36. Viega J, McGraw G. Building a secure software. Reading, MA: Addison-Wesley; 2002.
37. Lodderstedt T, Basin DA, Doser J, SecureUML: A UML-based modeling language for model-driven security. In: Proc 5th Int Conf on the unified Modelling Language. Lecture Notes in Computer Science, 2002. Vol 2460, pp 426-441.
38. Epstein P, Sandhu R. Towards a UML based approach to role engineering. In: Proc 4th ACM Workshop on Role-Based Access Control, Virginia, 1999. pp 135-143.
39. Koch M, Parisi-Presicce F. Access control policy specification in UML. In: Proc Crit Syst Dev with UML, Satellite Workshop of UML, 2002. pp 63-78.
40. Breu R, Popp G, Alam M. Model based development of access policies. STTT 9 2007; (5-6): 457-470.
41. Schumacher M, Fernandez-Buglioni E, Hybertson D, Buschmann F, Sommerlad P. Security patterns: integrating security and systems engineering, Willey; 2005.
42. Mouratidis H, Weiss M, Giorgini P. Modelling secure systems using an agent-oriented approach and security patterns. Int J Softw Eng Knowl Eng 2006; 16(3): 471-498.
43. Mouratidis H, Jürjens J, Fox J. Towards a Comprehensive Framework for Secure Systems Development, CAiSE 2006, Lecture Notes in Computer Science 4001. Springer-Verlag; 2006, pp 48-62.