Secure information systems engineering: a manifesto

International Journal of Electronic Security and Digital Forensics

Volumn 1, Issue 1, 2007, Pages 27-41

  Mouratidis, Haralambos ^a  

^a UNIVERSITY OF EAST LONDON   (United Kingdom)

Author keywords

information systems engineering; integration of security; secure information systems development; security engineering; security requirements

Indexed keywords

EID: 79251488715     PISSN: 1751911X     EISSN: 17519128     Source Type: Journal    
DOI: 10.1504/IJESDF.2007.013590     Document Type: Article

References (43)

1. Alexander, I. (2003) ‘Misuse cases: use cases with hostile intent’, IEEE Software, Vol. 20, pp.58–66.
2. Anderson, R. (2001) Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley Computer Publishing.
3. Anton, A.I. and Earp, J.B. (2004) ‘A requirements taxonomy for reducing web site privacy vulnerabilities’, Requirements Engineering, Vol. 9, No. 3, pp.169–185.
4. Bell, D.E. and LaPadula, L.J. (1976) Secure Computer Systems: Mathematical Foundations and Model, The Mitre Corporation
5. Bresciani, P., Giorgini, P., Giunchiglia, F., Mylopoulos, J. and Perin, A. (2004) ‘TROPOS: an agent-oriented software development methodology’, Journal of Autonomous Agents and Multi-Agent Systems, Vol. 8, No. 3, pp.203–236.
6. Brewer, D.F.C. and Nash, M.J. (1989) ‘The Chinese wall security policy’, Proceedings of the IEEE Symposium on Research in Security and Privacy, 1–3 May 1989, Oakland, California. pp.206–214.
7. CERT Coordination Centre (2003) Annual Report, Available at: www.cert.org.
8. Chung, L. and Nixon, B. (1995) ‘Dealing with non-functional requirements: three experimental studies of a process-oriented approach’, Proceedings of the 17th International Conference on Software Engineering, Seattle, USA.
9. Crook, R., Ince, D. and Nuseibeh, B. (2003) ‘Modelling access policies using roles in requirements engineering’, Information and Software Technology, Vol. 45, No. 14, pp.979–991.
10. Devanbu, P. and Stubblebine, S. (2000) ‘Software engineering for security: a roadmap’, Proceedings of the 22nd International Conference on Software Engineering. Track on the Future of Software Engineering, Limerick, Ireland.
11. Doheny, M.O., Cook, C. and Stopper, M. (1987) The Discipline of Nursing: An Introduction, 2nd edition, Norwalk, CT: Appleton & Lange.
12. DTI, Information Security Breaches Survey (2004) Technical Report, Available at: www.dti.gov.uk.
13. Fernandez, E.B. (2004) ‘A methodology for secure software design’, Proceedings of the 2004 International Conference on Software Engineering Research and Practice (SERP’04), Las Vegas, NV, 21–24 June 2004.
14. Firesmith, D.G. (2003) ‘Engineering security requirements’, Journal of Object Technology, Vol. 2, No. 1.
15. Giorgini, P., Massacci, F. and Mylopoulos, J. (2003) ‘Requirements engineering meets security: a case study on modelling secure electronic transactions by VISA and Mastercard’, Proceedings of the International Conference on Conceptual Modelling (ER), LNCS 2813, pp.263–276, Springer-Verlag.
16. Giorgini, P., Massacci, F., Mylopoulos, J. and Zannone, N. (2004) ‘Filling the gap between requirements engineering and public key/trust management infrastructures’, in S.K. Katsikas, S. Gritzalis and J. Lopez (Eds). Public Key Infrastructure, LNCS 3093 Springer, Proceedings of the First European PKIWorkshop: Research and Applications, EuroPKI 2004, Samos Island, Greece, 25–26 June.
17. Gollmann, D. (2001) Computer Security, John Willey and Sons.
18. Jürjens, J. (2004) Secure System Development with UML, Springer-Verlag.
19. Kagal, L. and Finin, T. (2005) ‘Modeling conversation policies using permissions and obligations, in developments in agent communication’, F. Dignum, R. van Eijk and M-P. Huget (Eds). Post-Proceedings of the AAMAS Workshop on Agent Communication, Springer-Verlag, LNCS.
20. Keen, P.G.W. (1980) ‘MIS research: reference disciplines and cumulative tradition’, Proceedings of the First International Conference on Information Systems, Philadelphia, PA, December, pp.9–18.
21. Lane, V.P. (1985) Security of Computer Based Information Systems, Macmillan Education Ltd.
22. Liles, D.H., Johnson, M.E., Meade, L.M. and Underdown, D.R. (1995) ‘Enterprise engineering: a discipline?’ Proceedings of the Society for Enterprise Engineering Conference, June.
23. Lin, L.C., Nuseibeh, B., Ince, D., Jackson, M. and Moffett, J. (2003) ‘Analysing security threats and vulnerabilities using abuse frames’, Technical Report 2003/10, The Open University.
24. Liu, L., Yu, E. and Mylopoulos, J. (2003) ‘Security and privacy requirements analysis within a social setting’, Proceedings of the 11th International Requirements Engineering Conference, IEEE Press, pp.151–161.
25. Lodderstedt, T., Basin, D. and Doser, J. (2002) Secure UML: a UML-based modelling language for model-driven security’, Proceedings of the UML’02, LNCS 2460, Springer-Verlag, pp.426–441.
26. Maynard, H.B. (1971) Industrial Engineering Handbook, 3rd edition, New York: McGraw Hill Book Co.
27. McDermott, J. and Fox, C. (1999) ‘Using abuse care models for security requirements analysis’, Proceedings of the 15th Annual Computer Security Applications Conference.
28. Mouratidis, H. (2004) ‘A security oriented approach in the development of multiagent systems: applied to the management of the health and social care needs of older people in England’, PhD Thesis, University of Sheffield.
29. Mouratidis, H. and Giorgini, P. (2006) Integrating Security and Software Engineering: Advances and Future Vision, IDEA Group Publishing, ISBN 1-59904-148-0.
30. Mouratidis, H., Giorgini, P. and Manson, G. (2004b) ‘Using security attack scenarios to analyse security during information systems design’, Proceedings of the International Conference on Enterprise Information Systems (ICEIS 2004), April, Porto-Portugal, pp.10–17.
31. Mouratidis, H., Giorgini, P. and Manson, G. (2005) ‘When security meets software engineering: a case of modelling secure information systems’, Information Systems, Vol. 30, No. 8, pp.609–629.
32. Mouratidis, H., Weiss, M. and Giorgini, P. (2005c) ‘Security patterns meet agent oriented software engineering: a complementary solution for developing security information systems’, Proceedings of the 24th International Conference on Conceptual Modelling (ER), Lecture Notes in Computer Science, Vol. 3716, pp.225–240, Springer-Verlag.
33. Saltzer, J. and Schroeder, M.D. (1975) ‘The protection of information in computer systems’, Proceedings of the IEEE, Vol. 63, No. 9, pp.1278–1308.
34. Schneier, B. (2000) Secrets & Lies: Digital Security in a Networked World, John Wiley & Sons.
35. Schumacher, M. and Roedig, U. (2001) ‘Security engineering with patterns’, Proceedings of the Eighth Conference on Pattern Languages for Programs (PLoP), IL, USA.
36. Sindre, G. and Opdahl, A.L. (2005) ‘Eliciting security requirements with misuse cases’, Requirements Engineering, Vol. 10, No. 1, pp.34–44.
37. Stallings, W. (1999) Cryptography and Network Security: Principles and Practice, 2nd edition, Prentice-Hall.
38. Undercoffer, J. and Pinkston, J. (2002) ‘Modelling computer attacks: a target-centric ontology for intrusion-detection’, Proceedings of the CADIP Research Symposium, Available at: http://www.cs.umbc.edu/cadip/2002Symposium/.
39. Van Lamsweerde, A. (2004) ‘Elaborating security requirements by construction of intentional anti-models’, Proceedings of the 26th International Conference on Software Engineering, Edinburgh, May, ACM-IEEE, pp.148–157.
40. Van Lamsweerde, A. and Letier, E. (2000) ‘Handling obstacles in goal-oriented requirements engineering’, Transactions of Software Engineering, Vol. 26, No. 10, pp.978–1005.
41. Viega, J. and McGraw, G. (2001) Building Secure Software, Addison Wesley.
42. Yu., E, Liu., L. and Mylopoulos, J. (2006) ‘A social ontology for integrating security and software engineering’, in H. Mouratidis and P. Giorgini (Eds). Integrating Security and Software Engineering: Advances and Future Vision, Idea Group Publishing.
43. An extensive presentation and discussion of these models are out of the scope of this chapter and this book.