Integrating security and software engineering: An introduction

Integrating Security and Software Engineering: Advances and Future Visions

Volumn , Issue , 2006, Pages 1-14

  Mouratidis, Haralambos ^a   Giorgini, Paolo ^b  

^a UNIVERSITY OF EAST LONDON   (United Kingdom)

^b UNIVERSITY OF TRENTO   (Italy)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 77954507186     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.4018/978-1-59904-147-6.ch001     Document Type: Chapter

References (52)

1. Alexander, I. (2003). Misuse cases: Use cases with hostile intent. IEEE Software, 20, 58-66.
2. Anderson, R. (2001). Security engineering: A guide to building dependable distributed systems. Wiley Computer Publishing.
3. Anton, A. I., & Earp, J. B. (2004). A requirements taxonomy for reducing Web site privacy vulnerabilities. Requirements Engineering, 9(3), 169-185.
4. Bell, D. E., & LaPadula, L. J. (1976). Secure computer systems: Mathematical foundations and model. The Mitre Corporation.
5. Booch, G. (1994). Object-oriented analysis and design with applications. The Benjamin/Cummings Publishing Company.
6. Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J., & Perin, A. (2004). TROPOS: An agent-oriented software development methodology. Journal of Autonomous Agents and Multi-Agent Systems, 8(3), 203-236.
7. Brewer, D. F. C., & Nash M. J. (1989, May 1-3). The Chinese Wall security policy. Proceedings of the IEEE Symposium on Research in Security and Privacy (pp. 206-214). Oakland, California. pp 206-14)
8. CERT Coordination Centre. (2003). Annual Report. Retrieved from http://www.cert.org
9. Chung, L., & Nixon, B. (1995). Dealing with non-functional requirements: Three experimental studies of a process-oriented approach. Proceedings of the 17th International Conference on Software Engineering, Seattle, USA.
10. Crook, R., Ince, D., & Nuseibeh, B. (2003). Modelling access policies using roles in requirements engineering. Information and Software Technology, 45(14), 979-991,
11. Devanbu, P., & Stubblebine, S. (2000). Software engineering for security: A roadmap. Proceedings of the 22nd International Conference on Software Engineering. Track on the Future of Software Engineering, Limerick, Ireland.
12. DTI, Information Security Breaches Survey. (2004). Technical Report. Retrieved from http://www.dti.gov.uk
13. Fernandez, E. B. (2004, June 21-24). A methodology for secure software design. Proceedings of the 2004 International Conference on Software Engineering Research and Practice (SERP'04), Las Vegas, NV.
14. Fernandez, E. B., & Pan, R. (2001, September). A pattern language for security models. Proceedings of the 8th Conference on Pattern Languages of Programs (PLoP 2001), Monticello, IL.
15. Fowler, M., & Scott, K. (2000). UML distilled: A brief guide to the standard object modelling language (2nd ed.). Addison-Wesley
16. Giorgini, P., Massacci, F., & Mylopoulos, J. (2003). Requirements engineering meets security: A case study on modelling secure electronic transactions by VISA and Mastercard. Proceedings of the International Conference on Conceptual Modelling (ER) (pp. 263-276). LNCS 2813, Springer-Verlag.
17. Giorgini, P., Massacci, F., Mylopoulos, J., & Zannone, N. (2004, June 25-26). Filling the gap between requirements engineering and public key/trust management infrastructures. In K. Sokratis, S. Katsikas, & J. L. Gritzalis (Eds.), Public Key Infrastructure, Proceedings of the 1st European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece. LNCS 3093. Springer.
18. Gollmann, D. (2001). Computer security. John Wiley & Sons.
19. Haley, C. B., Moffett, J. D., Laney, R., & Nuseibeh, B. (2005). Arguing security: Validating security requirements using structured argumentation. Proceedings of the 3rd Symposium on Requirements Engineering for Information Security (SREIS'05) held in conjunction with the 13th International Requirements Engineering Conference (RE'05). Paris.
20. IEEE Standard Glossary of Software Engineering Terminology. (1990). IEEE Std 729.
21. Jürjens, J., (2004). Secure system development with UML. Springer-Verlag.
22. Jürjens, J. (2002). UMLsec: Extending UML for secure systems development. UML 2002, Lecture Notes in Computer Science 2460 (pp. 412-425).
23. Kagal, L., & Finin, T. (2005, January). Modelling conversation policies using permissions and obligations. In F. Dignum, R. van Eijk, & M. Huget (Eds.), Developments in Agent Communication (Post-proceedings of the AAMAS Workshop on Agent Communication). LNCS. Springer-Verlag.
24. Lane, V. P. (1985). Security of computer based information systems. Macmillan Education Ltd.
25. Levanhar, S. (2005). Comprehensive Lightweight Application Security Process (CLASP). Retrieved December 20, 2005, from https://buildsecuriyin.us-cert.gov/portal/article/bestpractices/requirements_engineering/CLASP.xml
26. Lin, L. C., Nuseibeh, B., Ince, D., Jackson, M., & Moffett, J. (2003). Analysing security threats and vulnerabilities using abuse frames. Technical Report 2003/10, The Open University.
27. Liu, L., Yu, E., & Mylopoulos, J. (2003). Security and privacy requirements analysis within a social setting. Proceedings of the 11th International Requirements Engineering Conference (pp. 151-161). IEEE Press.
28. Lodderstedt, T., Basin, D., & Doser, J. (2002). SecureUML: A UML-based modelling language for model-driven security. Proceedings of the UML'02 (pp. 426-441). LNCS 2460. Springer-Verlag.
29. Macro, A., & Buxton, J. (1990). The craft of software engineering. International Computer Science Series. Addison-Wesley.
30. McDermott, J., & Fox, C. (1999). Using abuse care models for security requirements analysis. Proceedings of the 15th Annual Computer Security Applications Conference.
31. Mouratidis, H. (2004a). A security oriented approach in the development of multiagent systems: Applied to the management of the health and social care needs of older people in England. PhD thesis, University of Sheffield.
32. Mouratidis, H., Giorgini, P., & Manson, G. (2003). Modelling secure multiagent systems. Proceedings of the 2nd International Joint Conference on Autonomous Agents and Multiagent Systems (pp. 859-866). ACM.
33. Mouratidis, H., Giorgini, P., & Manson, G. (2004b, April). Using security attack scenarios to analyse security during information systems design. Proceedings of the International Conference on Enterprise Information Systems (ICEIS 2004) (pp. 10-17). Porto-Portugal
34. Mouratidis, H., Giorgini P., & Manson, G. (2005a). When security meets software engineering: A case of modelling secure information systems. Information Systems, 30(8), 609-629.
35. Mouratidis, H., Kolp, M., Faulkner, S., & Giorgini, P. (2005b). A secure architectural description language for agent systems. Proceedings of the 4th International Joint Conference on Autonomous Agents and Multiagent Systems (pp. 578-585). Utrecht, The Netherlands: ACM.
36. Mouratidis, H., Weiss, M., & Giorgini, P. (2005c). Security patterns meet agent oriented software engineering: A complementary solution for developing security information systems. Proceedings of the 24th International Conference on Conceptual Modelling (ER) (pp. 225-240). Lecture Notes in Computer Science 3716. Springer-Verlag.
37. Naur, P., & Randell, B. (1968). Software engineering: Reports on a conference. Garmisch, NATO Scientific Affairs Division.
38. OMG. (2003). UML 2.0 Specification.
39. Pressman, R. S. (2005). Software engineering: A practitioner's approach (6th ed.). McGraw Hill.
40. Roman, G. C. (1985, April). A taxonomy of current issues in requirements engineering. IEEE Computer, 18(4), 14-23.
41. Russel, D. J. (2000). FAD: A Functional Analysis and Design methodology. PhD Thesis, The University of Kent at Canterbury.
42. Saltzer, J., & Schroeder, M. D. (1975, September). The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1278-1308.
43. Schneier, B. (2000). Secrets & lies: Digital security in a networked world. John Wiley & Sons.
44. Schumacher, M., & Roedig, U. (2001). Security engineering with patterns. Proceedings of the 8th Conference on Pattern Languages for Programs (PLoP), IL.
45. Sindre, G., & Opdahl, A. L. (2005). Eliciting security requirements with misuse cases. Requirements Engineering, 10(1), 34-44.
46. Sommerville, I. (2004). Software engineering (7th ed.). Pearson-Education.
47. Stallings, W. (1999). Cryptography and network security: Principles and practice (2nd ed.). Prentice-Hallrx.
48. Undercoffer, J., & Pinkston, J. (2002). Modelling computer attacks: A target-centric ontology for intrusion-detection. Proceedings of the CADIP research symposium. Retrieved from http://www.cs.umbc.edu/cadip/2002Symposium
49. Van Lamsweerde, A., & Letier, E. (2000). Handling obstacles in goal-oriented requirements engineering. Transactions of Software Engineering, 26(10), 978-1005.
50. Viega, J., & McGraw, G. (2001). Building secure software. Addison Wesley
51. Vliet H. V. (1993). Software engineering: Principles and practice. John Wiley & Sons.
52. Yu, E., & Cysneiros, L. (2002, November 15-16). Designing for privacy and other competing requirements. The 2nd Symposium on Requirements Engineering for Information Security (SREIS' 02), Raleigh, NC.